News by Professionals 4 Professionals

News

Reference Library – News

Cloud Security and the Channel: Communication Key to Mitigating Risk

Cloud Security And The Channel: Communication Key To Mitigating Risk

Kristopher Spadea

By Kristopher Spadea

Your business customers have likely grown much more comfortable with the cloud, for good reason: If you look at the high-profile breaches that have hit the news, most have occurred in companies running their own systems on premises. Still, security can never be taken for granted, especially in the cloud. Anytime third parties are involved, you introduce risk. With so many entities working together on a single solution the cloud provider, the solution provider, the channel partner, and the client there is always a chance that something will be overlooked. Thus, cloud requires greater coordination among channel partners than a traditional engagement because security depends on a shared responsibility model,[1] where multiple entities care for a single organization s data. To make that work, there must be clear lines of delineation on who is responsible for what. A big part of implementing a new cloud-based solution is communicating among the channel partner, other providers and the customer to define the security requirements and determine ownership.

Cloud Security And The Channel: Communication Key To Mitigating RiskMitigating risk requires constant communication and a clear understanding of exactly what needs to be done and who s going to do it. Typically, this means the cloud provider is responsible for the infrastructure components, which can include anything from the compute, storage and networking layers to firewalls. The customer and the channel partner are responsible for everything that layers on top of that infrastructure: the operating system, the application, the database, and even encryption of the data. The cloud provider doesn t necessarily care if sensitive data is encrypted in flight or at rest, or if the operating system hasn t been patched in three months. These are things that the customer is responsible for, and it is in the channel partner s best interest to ensure that best practices are thought through and maintained.

Small and medium-sized enterprises have a big need for cybersecurity, but limited on-staff expertise and budget with which to get the job done. Managed security services can help while providing a rich source of revenue. This Report examines what channel partners need to know and do to give their SME clients tactical and strategic cybersecurity reinforcement. Download now![2][3]

Increasingly, channel partners are looking to bring managed service providers into the deployment of cloud-native solutions for customers. MSPs are able to take on the headaches of properly provisioning, architecting and maintaining a cloud environment, be that in a hosted private cloud or in a public cloud like Amazon Web Services (AWS). This sort of peer partnership can help ensure that the proper technologies and processes are in place. In theory, both the customer and the channel partner are thereby freed from the drudgery of maintaining the cloud and can focus on growing their businesses. Still, as the owner of the customer relationship, partners must ask the hard questions lest they be forced to have an even harder conversation if a third party they recommended drops the ball on security.[4]

For example, customers in some vertical industries have specific compliance certifications that they must abide by. Do the cloud provider and MSP partner have this expertise? In health care, for example, the transfer of electronic health records between doctors offices must follow the standards laid out by the Electronic Healthcare Network Accreditation Commission (EHNAC)[5] for trusted data exchange. Security is about trust, and certification and compliance with the appropriate standards at all levels of a cloud-based solution are an essential part of building that trust. For channel partners, the choice of cloud provider must therefore be based on the needs of the customer and the nature of the workload being put into the cloud. Is the provider able to provide a high enough level of support and security to fit the profile the customer requires? Will the provider allow the implementation of security technologies on top of the base infrastructure provided?

The world has moved beyond simple perimeter security, so a simple firewall is no longer enough. Good security planning starts with the assumption that bad actors already have access to the network, so ask, How can the cloud provider help mitigate that? Does your provider allow you to put network intrusion or prevention tactics in place? Or, post-intrusion protection? Data encryption? And, this is not set and forget. Because the cloud is an ongoing service, channel partners must pay closer attention to how customers are using a cloud-based solution than they might have an on-premises system. If something happens to knock a customer offline, that likely impacts their revenue stream. Good security is a big part of ensuring a cloud-based solution remains available. Channel partners are in a good position to deliver strong cloud security. After all, they are the most familiar with the customer s existing infrastructure, processes and policies. Smart advisers will take on a key role as the intermediary between the customer, who needs a specific service that the partner is not able to provide, and the other providers involved in delivering the complete solution. So don t be shy about asking the hard questions.

Kristopher Spadea is a solution engineer for the channel organization at Sungard Availability Services (Sungard AS[6]). Before that, he was a cloud specialist for Sungard AS, working in both the commercial and enterprise markets throughout North America.

References

  1. ^ shared responsibility model, (www.channelpartnersonline.com)
  2. ^ This Report (www.channelpartnersonline.com)
  3. ^ Download now! (www.channelpartnersonline.com)
  4. ^ drops the ball on security. (www.channelpartnersonline.com)
  5. ^ Electronic Healthcare Network Accreditation Commission (EHNAC) (www.ehnac.org)
  6. ^ Sungard AS (www.sungardas.com)

Kansas man charged with fatally shooting bar security guard

EUDORA, Kan. (AP) A 36-year-old man has been charged with fatally shooting a security guard outside a northeast Kansas bar after a fight. The Lawrence Journal-World (http://bit.ly/2ti4FVc[1] ) reports that Danny Queen, of Eudora, is charged with first-degree murder in the death of 32-year-old Bo Matthew Hopson and two counts of attempted first-degree murder. Queen appeared via video feed from the jail, and his bond was set at $1 million. Eudora Police Chief Bill Edwards said the shooting happened early Saturday at the D-Dubs Bar after another bar employee asked Queen to leave. Queen’s birthday had been Friday. Edwards said Queen then got into a fight with someone outside the bar and shot Hopson when he went to check on the situation.

Queen was restrained after his gun jammed. Hopson died Sunday during surgery.

___

Information from: Lawrence (Kan.) Journal-World, http://www.ljworld.com[2]

References

  1. ^ http://bit.ly/2ti4FVc (bit.ly)
  2. ^ http://www.ljworld.com (www.ljworld.com)

Google fined record $2.7 billion by EU for ‘illegal conduct’

Google has been hit with a record fine over alleged “illegal conduct” in the European Union. The EU fined Alphabet Inc.’s popular search engine 2.4 billion euros ($2.7 billion) over allegations of anti-competitive practices. The BBC[1] reports Google is accused of promoting its own shopping service over rival online retailers in search results.

“What Google has done is illegal under EU antitrust rules,” Margrethe Vestager, the EU’s Competition Commissioner, said in a statement.

“It has denied other companies the chance to compete on their merits and to innovate, and most importantly it has denied European consumers the benefits of competition, genuine choice and innovation.”

The EU says Google has 90 days to “stop its illegal conduct” and give equal treatment to other price-comparison sites. The U.S.-based company has up to 60 days to respond with plans for fixing the alleged issue, or face additional fines of up to 5 percent of parent company Alphabet’s daily revenue — or $14 million.

Bloomberg[2] reports shares of Google fell 1.5 percent in pre-market trading Tuesday in New York. They’ve risen 23 percent so far this year. Google says it may appeal the ruling.

“When you shop online, you want to find the products you’re looking for quickly and easily,” Google’s lawyer Kent Walker said in a statement. “And advertisers want to promote those same products. That’s why Google shows shopping ads, connecting our users with thousands of advertisers, large and small, in ways that are useful for both. We think our current shopping results are useful and are a much-improved version of the text-only ads we showed a decade ago.”

According to Bloomberg, Google began promoting its own comparison-shopping service in 2008 with prominent placement when users search for items. The EU began its probe two years later, in 2010.

The EU said other price comparison sites typically appear on the fourth page of search results, where users are less likely to find them as 95 percent of clicks come on the first page of search results.

References

  1. ^ BBC (www.bbc.com)
  2. ^ Bloomberg (www.bloomberg.com)