Reckoning with human error to secure the hybrid cloud
Kurt Mills explains why the most critical security vulnerability is a lack of skills and expertise
Most enterprises will have some form of multi-cloud or hybrid IT environment by the end of 2019, according to research. These types of environments pose huge cyber security challenges for businesses and the channel, however, because they tend to be fluid and ever-changing. This makes traditional approaches to cyber security relatively outmoded.
Gone are the days when static systems sat inside a neat perimeter. Today, IT assets can be anywhere from on-premise, to sitting in the cloud or even distributed across multiple clouds, and it's up to security teams to find and secure them all. Where the channel comes in, then, is providing the technology and expertise to enable end-clients to achieve this objective.
In this space, the channel's biggest challenge is the continued movement of IT infrastructure and security to the cloud. This presents end-clients with profound new visibility and security management challenges, but building the right cybersecurity strategy around hybrid cloud environments can open a rich new source of business - if channel partners get it right.
Lack of visibility, training and control remains a huge area of concern for IT security professionals when it comes to managing a public cloud environment. With the right resources, however, channel firms can address these comfortably.
Grappling with human error
Lack of skills and expertise in an enterprise is the most critical vulnerability in the cloud security puzzle, particularly in the areas of system configuration, native tools and cloud providers' shared responsibility models.
As a result, cybersecurity in the cloud is likely to get worse before it gets better. The overwhelming majority of all cloud security failures are likely to be the customer's fault; that is, human error committed by the organisations deploying cloud assets. Our own research backs this up, with most organisations deployment of business services in the cloud progressing faster than the capacity to secure them.
The desire for end-clients to 'sweat their assets' by keeping different technologies in play, meanwhile, will continue to cause management challenges. Some of the greatest frustrations with cloud security toolsets include the lack of integration across tools and the lack of training. Security professionals are also likely to bemoan no centralised view of data coming in from the tools, as well as too many suites and management consoles to keep up with.
Channel Pro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
Put it all together and we see that human error is the greatest risk to cloud security in the foreseeable future. And, this problem will not be solved until organisations have access to integrated technologies, training and skills that pave the way for adopting secure processes for deploying applications and managing change across hybrid environments.
What can channel partners do about it?
While they prove frustrating, these areas can offer a roadmap for channel firms to turn the hybrid cloud security problem into a strength, by providing end-clients with the solutions they need.
Such a programme would engage in evaluating tools to ensure the proper architecture is chosen for securing hybrid environments. Since we know end-clients are frustrated by having too many tools that aren't integrated, providing a means to integrate tools with a centralised management platform will be an excellent salve for client pain.
Picking tools that have the proper qualities to secure such environments is also important, particularly with respect to cloud visibility, because you can't secure what you can't find, as well as automated change management, and policy compliance. Also important is the ability to work across both on-premise and cloud environments. Training, too, as well as outsourced management services for clients who don't have the in-house skills to implement security, is key.
The rush to the cloud is fueled by many factors, including digital transformation, the internet of things (IoT), and the need to create more agile and responsive digital businesses.
But security is often left behind, forcing security teams to play "catch up" and secure deployed assets after the fact. This causes problems across multiple dimensions. For instance, untrained people could deploy misconfigured assets, with security personnel not even aware of them. They wouldn't know what they need to secure, and even when they do know what to secure, security professionals don't have the integrated toolsets they need to effectively manage security across hybrid cloud environments.
Channel organisations can play a "heroic" role in solving this problem by doing the hard work upfront of evaluating and selecting the right tools for an integrated hybrid cloud security architecture, and then providing end-clients with the training and expertise they need to put it all into action. As business opportunities go, they don't get much bigger than this.
Kurt Mills is vice president of worldwide channel sales and operations with FireMon