By Kristopher Spadea
Your business customers have likely grown much more comfortable with the cloud, for good reason: If you look at the high-profile breaches that have hit the news, most have occurred in companies running their own systems on premises. Still, security can never be taken for granted, especially in the cloud. Anytime third parties are involved, you introduce risk. With so many entities working together on a single solution the cloud provider, the solution provider, the channel partner, and the client there is always a chance that something will be overlooked. Thus, cloud requires greater coordination among channel partners than a traditional engagement because security depends on a shared responsibility model, where multiple entities care for a single organization s data. To make that work, there must be clear lines of delineation on who is responsible for what. A big part of implementing a new cloud-based solution is communicating among the channel partner, other providers and the customer to define the security requirements and determine ownership.
Mitigating risk requires constant communication and a clear understanding of exactly what needs to be done and who s going to do it. Typically, this means the cloud provider is responsible for the infrastructure components, which can include anything from the compute, storage and networking layers to firewalls. The customer and the channel partner are responsible for everything that layers on top of that infrastructure: the operating system, the application, the database, and even encryption of the data. The cloud provider doesn t necessarily care if sensitive data is encrypted in flight or at rest, or if the operating system hasn t been patched in three months. These are things that the customer is responsible for, and it is in the channel partner s best interest to ensure that best practices are thought through and maintained.
Small and medium-sized enterprises have a big need for cybersecurity, but limited on-staff expertise and budget with which to get the job done. Managed security services can help while providing a rich source of revenue. This Report examines what channel partners need to know and do to give their SME clients tactical and strategic cybersecurity reinforcement. Download now!
Increasingly, channel partners are looking to bring managed service providers into the deployment of cloud-native solutions for customers. MSPs are able to take on the headaches of properly provisioning, architecting and maintaining a cloud environment, be that in a hosted private cloud or in a public cloud like Amazon Web Services (AWS). This sort of peer partnership can help ensure that the proper technologies and processes are in place. In theory, both the customer and the channel partner are thereby freed from the drudgery of maintaining the cloud and can focus on growing their businesses. Still, as the owner of the customer relationship, partners must ask the hard questions lest they be forced to have an even harder conversation if a third party they recommended drops the ball on security.
For example, customers in some vertical industries have specific compliance certifications that they must abide by. Do the cloud provider and MSP partner have this expertise? In health care, for example, the transfer of electronic health records between doctors offices must follow the standards laid out by the Electronic Healthcare Network Accreditation Commission (EHNAC) for trusted data exchange. Security is about trust, and certification and compliance with the appropriate standards at all levels of a cloud-based solution are an essential part of building that trust. For channel partners, the choice of cloud provider must therefore be based on the needs of the customer and the nature of the workload being put into the cloud. Is the provider able to provide a high enough level of support and security to fit the profile the customer requires? Will the provider allow the implementation of security technologies on top of the base infrastructure provided?
The world has moved beyond simple perimeter security, so a simple firewall is no longer enough. Good security planning starts with the assumption that bad actors already have access to the network, so ask, How can the cloud provider help mitigate that? Does your provider allow you to put network intrusion or prevention tactics in place? Or, post-intrusion protection? Data encryption? And, this is not set and forget. Because the cloud is an ongoing service, channel partners must pay closer attention to how customers are using a cloud-based solution than they might have an on-premises system. If something happens to knock a customer offline, that likely impacts their revenue stream. Good security is a big part of ensuring a cloud-based solution remains available. Channel partners are in a good position to deliver strong cloud security. After all, they are the most familiar with the customer s existing infrastructure, processes and policies. Smart advisers will take on a key role as the intermediary between the customer, who needs a specific service that the partner is not able to provide, and the other providers involved in delivering the complete solution. So don t be shy about asking the hard questions.
Kristopher Spadea is a solution engineer for the channel organization at Sungard Availability Services (Sungard AS). Before that, he was a cloud specialist for Sungard AS, working in both the commercial and enterprise markets throughout North America.
- ^ shared responsibility model, (www.channelpartnersonline.com)
- ^ This Report (www.channelpartnersonline.com)
- ^ Download now! (www.channelpartnersonline.com)
- ^ drops the ball on security. (www.channelpartnersonline.com)
- ^ Electronic Healthcare Network Accreditation Commission (EHNAC) (www.ehnac.org)
- ^ Sungard AS (www.sungardas.com)
Allied Universal continues to diversify with the acquisition of ALERT Protective Services, a residential community security firm based in Sarasota, Fla.
This is a company that does most of the high-end residential communities in South Florida, Allied Universal CEO Steve Jones told Security Systems News. Not only are they providing the security guard services but they do it differently where they use technology to help augment that, which is what we have been pushing toward and striving toward with our business. With a portfolio that consists of 95 percent residential condominiums and communities, ALERT Protective Services owns the homeowners association and residential lifestyle communities security space in Southwest and Southeast Florida. Founded in 2005, the company has more than $10 million in revenue and 430 employees, most of which will be joining Allied Universal.
We are excited to join Allied Universal, Jeff Haidet, CEO of ALERT Protective Services, said in the announcement. Both companies embrace combining the use of state-of-the-art technology with manpower to provide an optimal solution to our customers. We also share the same passion and commitment to be the employer of choice for security professionals and provider of choice for security users. Similarly to Allied Universal, ALERT Protective Services offers integrated security systems and uniformed security professionals to work in tandem with a complete security program at community gatehouses, concierge desks, or security command centers. Some of these solutions include remote video monitoring, access control and an electronic patrol-reporting program that enables security professionals to report threats in real time and alert authorities if back up is needed.
This was an opportunity for us to not only expand our footprint in Florida, but to really get a springboard on providing those security officer services along with remote video monitoring and the use of technology for ingress and egress around the community, which is where we want to focus on, said Jones. We are excited that we can leverage the technology applications that we feel are changing and enhancing the industry.
Moving forward, Jones said the company still has a few more acquisitions up its sleeve.
We ve got a pretty robust pipeline of deals that we are looking at some in the technology space and some in the traditional manguarding space and we hope to announce a few more before the year is over that will help us to diversify our company and bring more value to our clients.
With headquarters in Santa Ana, Calif., and Conshohocken, Pa., Allied Universal has more than 150,000 employees across North America.
Customers include Levi Strauss & Company, cyber risk and consulting company Edgile, video firm Ooyala, and software providers Nomis Solutions and Pragmatyxs.
The announcement comes at a time when breaches like last week s WannaCry ransomware attack are increasing demand for security services. It also positions Oracle as a player in the core security vendor market, said Andy Smith, senior director of product development for Oracle s security portfolio.
Oracle has been in the security space for a long time, but in what I would call niche segments of the space, Smith said. We re the 800-pound gorilla in the identity management space. We re also clearly the leader in the database security space. But we really haven t had a basket of security services you would sell to the chief security officer. Oracle s in this space now. This is new for us. Oracle cloud security services the company calls the portfolio its Security Operations Center (SOC) combines four products: Cloud Access Security Broker (CASB) Service, Identity Cloud Service, Configuration and Compliance Cloud Service, and Security and Monitoring Analytics Cloud Service. The first two are generally available, and the second two are both currently being evaluated by select customers. Oracle says the four cloud services provide an integrated approach to security monitoring, threat detection, analytics, and remediation. The portfolio is built on Oracle s public cloud platform. It also works across other public, private, and hybrid clouds, as well as on-site data centers.
The strong adoption Oracle is experiencing with their Security Operations Center (SOC) services portfolio makes perfect sense, said ESG analyst Doug Cahill in an email. Organizations look to such services to close the cybersecurity skill services gap via services and also require a reference architecture to unify disparate security controls. SOCs which employ a security operations and analytics platform architecture such as Oracle s realize both greater threat detection efficacy and operational efficiency.
IDC analyst Robert Westervelt said the new SOC services look to be a good move for Oracle. He said enterprise clients are looking for security products with these components for a variety of reasons. Monitoring user access, extending data governance policies to data located in Software-as-a-service (SaaS) environments, and automating hybrid IT environments top the list.
Oracle has always had a strong identity management offering, and the latest offering appears to be pushing it into adjacent security areas, which is a good move and should appeal to the existing customer base, Westervelt said in an email.
This is a push that appears to strike at CA, which has been investing in building out its strong SaaS identity and secure cloud offerings, he added. Oracle is also striking at a time when RSA which acquired Aveksa for SaaS identity a while back, is now under the Dell umbrella, and a lot of attention is on how Dell manages the acquisition of all of the RSA security product offerings and services. Many customers are dealing with cloud adoption and data flowing in SaaS repositories with investments in security products that may not be easily extended to support policy enforcement and visibility into these distributed environments. But, Westervelt warned, Oracle is entering a crowded environment.
Enterprise IT security buyers have a variety of options to evaluate, and they are going to want to identify products that can integrate seamlessly with the existing security investments they have already made, he said. They are also looking to technology providers like Oracle that have a strong technology partner ecosystem an especially important area to buyers as they move more parts of their IT architecture to the cloud.
SOC Security Framework
Oracle calls its cloud security portfolio the world s first identity SOC security framework.
What makes us different is that we re bringing each of these solutions together into a holistic, integrated portfolio, with all of these pieces working together, under the concept of an identity Security Operations Center, Smith said. Customers can purchase each of the four services separately. They also work with competitors security software.
We re not saying, hey, you have to buy all four of these at once. Our identity cloud service will work with Splunk. Our CASB will work with Okta. Each is designed to work with each of the other competitors in the space and compete individually. Oracle decided to integrate and offer these cloud security services because it saw the market shifting toward hybrid cloud environments. It also comes at a time when Oracle is aggressively buying up cloud-service startups and beefing up its cloud offerings.
All of our customers are making this shift from purely on-premises to SaaS, IaaS, basically shifting to the cloud, which is causing disruption in the security community, Smith said. At the same time, Oracle s focusing on our own cloud strategy and our own public cloud we need many of these same security tools for our own cloud and our own customers.
The security services use machine learning to provide an identity-centric, context aware intelligence service that can be used across industries including manufacturing, banking and finance, utilities, technology, retail, government, and healthcare.
Context-aware detection is important because it helps reduce false positives and more rapidly identify abnormal activity. Also, you can create policies around this, Smith said. I might allow access normally from this device and if they are in this location, but if they are in a unique location or coming from a mobile I might restrict access. The context around it really helps.