Cloud security is one of those terms that has morphed rapidly to mean several different things in a very short time. Result? Confusion, more often than not.
Are we talking about security solutions delivered to users from the cloud? Or security around applications that live in the cloud (like Office 365)? Or security that’s targeted at businesses that make use of public cloud services like AWS?
You see the challenge. But actually, each of these is a valid scenario and a saleable cloud security solution. Here’s more info.
1. Security services delivered from the cloud
Your SME customer has few or no IT specialists in the organisation, no money to hire them, and nowhere to store servers. Where do they turn?
To the cloud, of course. Security products are delivered to them via the internet, as a service.
They can typically choose to pay only for what they use, on a monthly ‘rental’ (managed service, or MSP) model, so there are no prohibitive upfront costs.
Their security partner (you!) monitors their networks from a centralised console, makes technical adjustments, and implements patches and upgrades, but the user can retain some control over their security settings if they wish.
But what kind of security solutions can be delivered in this way? Many.
Hosted email security, for example, works with most hosted and on-premise email systems to protect what is stilll the primary route into organisations for most forms of malware and spam.
More comprehensive business security services solutions and cloud security solutions designed specifically for MSPs provide wider protection to end-users, and also enable partners to sell into organisations who have some on-premise systems, but don’t wish to overburden them by adding security software into them.
In this scenario, end-users can run everything else on-premise, but get their security from the cloud!
2. Security for applications that live in the cloud
Solutions like Office 365 have revolutionised office processes, with powerful tools delivered to end-users’ desktops straight from the cloud.
But although the delivery mechanisms for these applications are secure, the content delivered by the applications can still contain threats that the application’s own in-built security can’t detect, as we explored in this cloud apps post a while ago.
Plugging these holes is still a big opportunity for resellers and other security channel partners – and the cloud app security solutions that can help them deliver this critical service are already ‘out there’.
3. Security for public cloud services
SaaS, IaaS, PaaS – businesses’ ability to build their entire proposition on a public cloud provider is no longer the preserve of large enterprises.
In fact, Forbes has ascribed the growth of AWS, for example, to their “Reaching out to all kinds of customers – startups, SMEs and big companies”.
It is this that has driven, in turn, a new kind of security need amongst end-users, as we explained not so long ago in this post - namely, the ability to spin up an AWS virtual server and know that server will immediately be protected by security software that has been specifically designed from the ground up for virtual environments.
We had a bit of fun defining these virtualised must-haves in this security opinion paper recently, but the message is deadly serious: if end-users are building a business on public cloud, and relying on virtual servers, security partners need to be able to reassure them that they can secure it!
Cloud security – evolving meanings, evolving opportunities
As the cloud billows ever more energetically within businesses’ operations, it drives the security agenda in many different directions at once. Cloud security is coming at us from many different angles, and is morphing into multiple meanings.
It’s a wise security partner who has got a handle on them all – and knows the security solutions that play strongest to each definition.