carloscastilla - Fotolia
Cloud-based security is making an impression on the channel. Indeed, as more security technology moves to the cloud, partners are facing a changing market that often requires them to link up with cloud providers and IT security vendors to broaden the suite of products they offer customers.
Partners working with cloud providers such as Microsoft and Amazon Web Services (AWS) will find that those vendors bundle security within their cloud products. For example, AWS' cloud platforms come with a slew of security products such as multifactor authentication, tools to manage user security credentials and software to create and control the encryption keys used to encrypt data. To further secure information, the company recently made available to its AWS cloud customers Amazon Inspector, which is a new service that identifies security vulnerabilities and helps customers monitor the security and compliance of application deployments on AWS.
Microsoft Azure provides security tools similar to what AWS provides, and its improvements to security functionality are ongoing. For example, Microsoft recently disclosed efforts to enhance its encryption capabilities.
In addition to cloud providers baking security products into their platforms, vendors of traditional on-premises security staples such as antivirus software and intrusion detection and prevention systems have been coming out with cloud versions of their products.
Technavio, a technology research and advisory company, identified the popularity of cloud-based antivirus software as one of the top three antivirus trends of 2016. The company noted that cloud antivirus doesn't require hardware or software and provides "quicker response to new threats or malicious activities." Technavio cited antivirus vendors such as Panda Security, F-Secure, Sophos, ESET, and Kaspersky as "increasingly incorporating cloud-based capabilities in their products."
Mark CavalieroCEO at Carolinas IT Inc.
As for cloud-based intrusion detection and prevention, Technavio predicts that particular market will expand at a compound annual growth rate of more than 27% by 2020. The company listed Check Point Software Technologies, Cisco, IBM, Juniper Networks, McAfee and Symantec as the top six leading vendors in this security-in-the-cloud space.
Many channel partners say they intend to take advantage of cloud-based security offerings.
"Cloud-based security solutions are easier and quicker to deploy. It allows us to offer more advanced solutions in a more cost-effective manner and provide implementations that are much faster since we don't have to set up onsite infrastructure to host data," said Mark Cavaliero, CEO at Carolinas IT Inc., a company that provides a private hosted cloud offering. The company, based in Raleigh, N.C., delivers private and public cloud-based applications, servers, desktops and data storage technology.
Cavaliero said cloud-based security technology has taken away many of the excuses for not implementing adequate security and can be beneficial to his company's ability to take advantage of the cloud computing model.
"We keep our margins the same on the software subscription as we would have had on a software sale, but the reduced infrastructure cost makes solutions more attractive to the client, and the result is our implementation ratio is higher, resulting in more services revenue overall," Cavaliero said.
Furthermore, Cavaliero added that security in the cloud is easier for channel partners to support as long as the cloud provider gives partners the cooperation, communication, and access to manage the solution.
Minimizing on-premises investment
And there's another benefit to the cloud-based security model:
"Since there's less on-site infrastructure to support, on-site visits and support costs are reduced. We don't change our margins, but it does give us more time for higher-margin services on other projects," Cavaliero said.
Matt Tirman, president and CEO of Redhawk Network Security, said customers are looking for ways to cost-effectively secure their environments and data, noting that cloud-based security technology provides that ability while minimizing investment in costly on-premises products.
To help customers achieve their goals, Tirman said his company, which is a managed service provider based in Bend, Ore., that specializes in network security management, has embraced security in the cloud. The company provides cloud security offerings that align to customers' security and business initiatives, while moving the complexity and cost of maintaining security products out of their organizations.
"We have become more customer-centric in our internal managed services infrastructure investments to support cloud-based security technology," Tirman said. "This has allowed us to be viewed as a valued partner that can help our customers achieve business goals, while maintaining a level of risk that complies with industry best practices or their internal security program goals."
Tirman added that his company now spends more time with customers in education and planning, service-level agreements, and how much control they want to have in a cloud-based security offering.
"We are then able to help them build out a plan that fits into their overall security program," Tirman said.
As companies explore their cloud security options, Daniel Gotlieb, director, enterprise account management at vArmour Networks Inc., a cloud security company based in Mountain View, Calif., said he has noticed that customers are increasingly working closely with their channel partners to determine the most suitable cloud-based security strategy for their businesses.
"Customers are unsure which new cloud-based vendor has the best solution for their business and they realize their traditional perimeter-based vendor has a vested interest in maintaining the status quo," Gotlieb said. "Instead they are relying more on those channel partners that have established themselves as a trusted adviser to the customer for advice and a path forward."
Gotlieb added that the move from traditional on-premises security to cloud-based security provides two new areas of opportunity for channel partners to tap. First, the channel can assist their customers in the transformation of their businesses. There are design services, migration services and application discovery services needed to deliver a plan. Channel partners should keep in mind that with nearly 15 years of virtualization -- and most customers struggling with documenting everything and maintaining currency in their environments -- application discovery or the mapping of applications to physical and virtual assets is a huge value to enterprises.
Second, Gotlieb said more customers have shed their IT organizations and outsourced those services to experts. Many value-added resellers have built consultancies, then managed service offerings, then managed cloud offerings. Gotlieb noted that these same partners are adding managed security to their suite of offerings and are assisting customers that are struggling with all the choices.
Staying on top of security in the cloud
At Optiv Security Inc., a company based in Denver that provides cyber security offerings for its clients, JD Sherry, the company's vice president, cloud security, said while cloud vendors are adding new security features to their platforms, it is imperative that Optiv keep abreast of the latest in cloud security architectures.
Helping customers build their next-generation computing ecosystems, which includes designing around their existing security investments, is a big part of the Optiv approach to security in the cloud.
"Our clients count on us to understand what they have first that might be able to be extended to the cloud," Sherry said.
He added that while cloud-based technology is an important part of the discussion, finding out what customers are doing well and making sure their processes and technologies can be extended to the cloud in a secure manner is essential to a successful cloud engagement.
"Clients know they have to stretch their current thinking in order to get ahead, but not sacrifice what they know to be the core tenets of information security," Sherry said. "The expertise necessary, the attention to detail and developing the appropriate roadmap are a must before moving to the cloud. Understanding the client's list of priorities for the business to utilize cloud makes the cloud security conversation more relevant and effective."
Additional reporting by John Moore
Learn how channel partners are securing their cloud-based offerings
Read about a survey in which IT managers cite security as a cloud advantage
Find out how to identify cloud security issues