Q: My SMB customers are slowly starting to embrace the public cloud. Cloud service providers have built-in security features, though. Is this enough to protect my customers’ data? Are there any additional precautions I should take to make sure their data is secure in the public cloud?
That’s right - according to IDG’s 2016 Cloud Computing Survey, 70 percent of businesses have at least one application in the cloud. For most partners, built-in security features offered by public cloud providers generally are not enough to protect your customers’ data. Today, As cloud adoption continues to increase, now is the time to take the necessary precautions to ensure your customers’ data is safe.
To give you the best advice when it comes to securing the public cloud, we talked to Rich Turner, cloud product marketing manager at Barracuda. Rich is currently leading the messaging regarding public cloud applications and why it’s important to ensure you secure those environments. He shared his advice on why it’s important to be proactive about securing public cloud applications.
Shared responsibility model: What’s your part?
The public cloud is built on a shared responsibility model. The customer—or their IT service provider—is responsible for security IN the cloud, which includes data, applications, operating systems, and network and firewall configurations. AWS, Azure, or Google Cloud Platform are responsible for the security OF the cloud. This includes the database itself, networking, storage, and protection for global infrastructure.
The reality is, only 72 percent of companies fully understand this model and know where they are responsible for deploying, configuring, and maintaining security baselines. The public cloud is inevitable, and it was shown that on average organizations that use the public cloud save 25 to 40 percent per year compared to using an on-premise solution. While SMBs may be a bit slower to truly adopt the cloud, when a business needs a new server, they often find it’s more cost efficient to go to the cloud. The cloud is slowly going to become more prominent as time goes on, and while the cloud itself is secure, it’s up to you and your customers to secure the access to the cloud and any data put into it. To properly secure this environment, your customers will need cloud-based firewalls.
Moving data from on-premise to the cloud
Security will always be a major concern for businesses. In software-as-a-service (SaaS) applications, it’s somebody else’s application, and they provide most of the security. But leveraging the cloud is about replacing traditional on-premise infrastructure with the cloud. Once businesses start putting more significant data into the cloud, they’ll start to see that security is a much bigger issue. When moving to the cloud, many businesses use the lift-and-shift model, bringing existing workloads and applications to the cloud. VMs can be easily run in the cloud as well, but the more an organization migrates,the greater the security risk.
IT service providers and their customers put in a lot of effort to protect on-premise data from ransomware, malware, and hackers, and secure the overall environments. When these SMBs move to the cloud, they’ll be looking to duplicate those same security standards or better—particularly if there are any regulations or compliances to which they need to adhere.
To fully secure these customers, you need to know which applications they’re accessing, such as MRP systems, any web-faced applications, and any applications that aren’t SaaS accessible. You also need to secure the ways they’re connecting to the cloud, especially anything or anyone that requires a VPN.
Cloud adoption might be slower for small businesses, but as time goes on, the cloud will grow. Following Rich’s advice can help you secure customers as they move forward and embrace the cloud.
Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.