A new study from Linkedin finds that while most organizations are moving to the cloud, security is clearly still a major concern. For IT service providers, those concerns should spell opportunity because partnering with MSPs that have security expertise has emerged as the top response to those perceived security concerns.
When 1,010 IT professionals were asked what they intended to do to make cloud computing more secure, 34 percent responded that they would partner with a managed security service provider. This was followed by deploying more security software at 33 percent and adding more IT staff at 31 percent.
Concerns about cloud security
Of course, none of these options necessarily preclude one another. It’s quite probable that many organizations will employ a mix of all three. But the fact that partnering with a managed security service provider (MSSP) ranked so high suggests that many IT organizations are recognizing that providing security in the age of the cloud is beyond their capabilities.
Almost half (47 percent) of the IT professionals admitted to being very concerned about cloud security, and 36 percent contended that public clouds are less secure than their own internal IT environments. Moreover, 28 percent said that a breach of a public cloud was more likely to occur than a breach of their systems running on premise.
Naturally, the level of security provided in one IT environment versus another is highly debatable. But the one thing that the majority did agree on when it came to cloud security is that consistent security across IT infrastructure (60 percent) and continuous protection (58 percent) are the most important factors.
The three potential threats that are of the most concern are unauthorized access through misuse of employee credentials and improper access controls (63 percent), hijacking of accounts (61 percent), and malicious insiders (43 percent). A little further down the list of concerns are insecure application programming interfaces (41 percent) and denial of service attacks (39 percent).
The degree to which any of these issues will manifest themselves varies based on the value of the potential target. What is clear is that hackers are in part professional criminals. They operate as part of an organized entity that is either sponsored by a criminal ring or nation state. As such, their organizations are not only more methodical when it comes to launching attacks, their patience levels in terms of how long they will wait between infecting an IT environment with malware and then exploiting the vulnerability is quite high.
As a result, it’s not uncommon for IT environments inside and outside of the cloud to be infected with malware for months before the infection is discovered. In fact, the assumption now is that malware has already infected most organizations to one degree or another. The challenge is to figure out how to isolate and then minimize any potential damage.
That, of course, requires a lot of IT security expertise that is hard to come by in a world where the unemployment rate for IT security professionals is somewhere below zero. In fact, one of the primary advantages that MSSPs have is that because IT security is their business they can generally pay people with IT security skills better than internal IT organizations can.
There’s no doubt that managed security services will continue to be a growing business through at least the rest of the decade. The challenge is first acquiring the IT talent required to run that business and then actually holding on to it.