IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Reckoning with human error to secure the hybrid cloud

Kurt Mills explains why the most critical security vulnerability is a lack of skills and expertise

blue cloud with lock inside

Most enterprises will have some form of multi-cloud or hybrid IT environment by the end of 2019, according to research. These types of environments pose huge cyber security challenges for businesses and the channel, however, because they tend to be fluid and ever-changing. This makes traditional approaches to cyber security relatively outmoded.

Gone are the days when static systems sat inside a neat perimeter. Today, IT assets can be anywhere from on-premise, to sitting in the cloud or even distributed across multiple clouds, and it's up to security teams to find and secure them all. Where the channel comes in, then, is providing the technology and expertise to enable end-clients to achieve this objective.

In this space, the channel's biggest challenge is the continued movement of IT infrastructure and security to the cloud. This presents end-clients with profound new visibility and security management challenges, but building the right cybersecurity strategy around hybrid cloud environments can open a rich new source of business - if channel partners get it right.

Lack of visibility, training and control remains a huge area of concern for IT security professionals when it comes to managing a public cloud environment. With the right resources, however, channel firms can address these comfortably.

Grappling with human error

Lack of skills and expertise in an enterprise is the most critical vulnerability in the cloud security puzzle, particularly in the areas of system configuration, native tools and cloud providers' shared responsibility models.

As a result, cybersecurity in the cloud is likely to get worse before it gets better. The overwhelming majority of all cloud security failures are likely to be the customer's fault; that is, human error committed by the organisations deploying cloud assets. Our own research backs this up, with most organisations deployment of business services in the cloud progressing faster than the capacity to secure them.

The desire for end-clients to 'sweat their assets' by keeping different technologies in play, meanwhile, will continue to cause management challenges. Some of the greatest frustrations with cloud security toolsets include the lack of integration across tools and the lack of training. Security professionals are also likely to bemoan no centralised view of data coming in from the tools, as well as too many suites and management consoles to keep up with.

Put it all together and we see that human error is the greatest risk to cloud security in the foreseeable future. And, this problem will not be solved until organisations have access to integrated technologies, training and skills that pave the way for adopting secure processes for deploying applications and managing change across hybrid environments.

What can channel partners do about it?

While they prove frustrating, these areas can offer a roadmap for channel firms to turn the hybrid cloud security problem into a strength, by providing end-clients with the solutions they need.

Such a programme would engage in evaluating tools to ensure the proper architecture is chosen for securing hybrid environments. Since we know end-clients are frustrated by having too many tools that aren't integrated, providing a means to integrate tools with a centralised management platform will be an excellent salve for client pain.

Picking tools that have the proper qualities to secure such environments is also important, particularly with respect to cloud visibility, because you can't secure what you can't find, as well as automated change management, and policy compliance. Also important is the ability to work across both on-premise and cloud environments. Training, too, as well as outsourced management services for clients who don't have the in-house skills to implement security, is key.

The rush to the cloud is fueled by many factors, including digital transformation, the internet of things (IoT), and the need to create more agile and responsive digital businesses.

But security is often left behind, forcing security teams to play "catch up" and secure deployed assets after the fact. This causes problems across multiple dimensions. For instance, untrained people could deploy misconfigured assets, with security personnel not even aware of them. They wouldn't know what they need to secure, and even when they do know what to secure, security professionals don't have the integrated toolsets they need to effectively manage security across hybrid cloud environments.

Channel organisations can play a "heroic" role in solving this problem by doing the hard work upfront of evaluating and selecting the right tools for an integrated hybrid cloud security architecture, and then providing end-clients with the training and expertise they need to put it all into action. As business opportunities go, they don't get much bigger than this.

Kurt Mills is vice president of worldwide channel sales and operations with FireMon

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022
Malwarebytes hires new channel chief to lead MSP and partner network
Managed service provider (MSP)

Malwarebytes hires new channel chief to lead MSP and partner network

18 May 2022
Palo Alto and Deloitte to deliver managed security services in the US
Managed service provider (MSP)

Palo Alto and Deloitte to deliver managed security services in the US

17 May 2022
US and EU thrash out plans to avert chip production “subsidy race”
Hardware

US and EU thrash out plans to avert chip production “subsidy race”

17 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022