sb-as logo
Story image

What the channel needs to know about cloud security

24 Apr 2017

The benefits of cloud computing are undeniable and it’s changing the way we consume, share, and use digital information. The cloud makes access to information and computing power easier, faster and more scalable, but it fundamentally changes the way we have to think about cyber security.

As cloud adoption is accelerating rapidly, resellers are, in turn, busy migrating infrastructures for their customers. However, many resellers are failing to consider how security has to change as part of this migration.

Many customers simply extend the existing perimeter security to the cloud by routing all of their traffic back from the cloud through the on-premise perimeter security. This approach is inefficient and doesn’t take into account the new architecture the cloud delivers. There is a clear opportunity for partners to educate and consult to their customers, specifically about how moving to the cloud needs a different security approach.  

How much security is sufficient for the cloud?

There is an assumption the security provided as part of a cloud ‘package’ is sufficient. However, in many cases the level of security provided is inadequate to deal with the myriad viruses and security breaches which are on the rise.

Telstra’s Cyber Security Report 2017 found that almost 60% of local organisations surveyed detected a security incident on at least a monthly basis in 2016.

The report also found that more than half of all businesses experienced a ransomware attack last year – 30% of Australian businesses surveyed have had a business email compromise and the number of Distributed Denial of Service (DDoS) networks attacks are up by more than 200%.

Not adjusting your security approach as you migrate to virtual and cloud environments can lead to security gaps, lost ROI, performance lag and difficulty proving compliance.

As a reseller, you need to understand the opportunities and risks of cloud computing, and how to make the move that’s right for your customer. Having the right security strategy can help your customers take advantage of the amazing potential of the cloud to control their data, maintain compliance and decrease costs. In order to do so though, you’ll need to provide them with a solid security foundation that spans all of their platforms – physical, virtual and cloud.

Elastic security

The best practice solution is to provide smarter protection that travels with your customers’ data as it moves across physical, virtual and cloud environments. Security in the cloud is a shared responsibility. That means customers and cloud service providers must work together to protect applications and data, meet compliance regulations, and ensure business continuity. If their security doesn’t go beyond the native cloud, then they probably are not meeting their shared responsibility. You can increase overall protection and reduce administration by building elastic security into your cloud architectures.

When selecting a security provider, resellers should be considering security capabilities that are completely integrated with cloud services such as Amazon Web Services (AWS), Microsoft Azure and VMware vCloud Air. When the security is integrated with the leading cloud services platforms, cost and complexity go down, making it faster and easier to meet security requirements while realising the operational benefits of the cloud.

To be effective, security in the cloud must be able to dynamically follow the servers, conduct real-time monitoring, and provide instant protection for the data and applications on the instances as they spin up and down with on-demand workload. You should choose a solution that has a broad set of security capabilities to support the critical needs of security in the cloud. This integrated solution prevents data breaches and business disruptions, provides easy deployment and administration, and helps achieve cost-effective internal and regulatory compliance across hybrid cloud deployments, and across multiple cloud providers.

While the vehicle for cyber criminals is now clearly ransomware, the objective hasn’t changed. It’s first and foremost about access to your data which resides on your customers’ servers, whether they are physical, virtual, cloud or a hybrid combination.

A good security solution should offer server security for physical, virtual, and cloud environments, thereby giving you the most complete set of security capabilities with automated management, to dramatically reduce both risk and cost.

Benefits of a good cloud security solution

By choosing a leading security solution, businesses are able to:

  • Protect data and applications running in the cloud with broadest range of security capabilities to meet security and compliance requirements.
  • Dramatically reduce cost and complexity with automated security provisioning and workload-aware security policies.
  • Support government or industry standards with security built to the highest standards, including common criteria EAL 4+ and the ASD top 4
  • Integrate seamlessly with cloud management tools such as AWS CloudFormation, Chef, Puppet, and SaltStack to automate security deployments.
  • Minimise administrative cost and complexity with a single security console to manage server security across hybrid cloud environments, including multi-cloud deployments.

Resellers can meet their customers’ shared security responsibility requirements when deploying sensitive applications to the cloud with elastic security. Whether you’re operating in the data centre, the cloud, or rolling out web applications—you can manage a broad set of security capabilities across multiple environments all from one single platform, thereby minimising your risk of being impacted by a data breach or ransomware.

By Peter Hewett, Channel Director, Trend Micro ANZ

Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Download image
NFV: The ticket to stronger, simpler corporate networks
It's a big industry - but what exactly is NFV?More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More