If you don’t manage your Trend Micro Worry-Free Business Security upgrades properly, your customers could be at risk from ransomware! We explain what to do.
If you sell Trend Micro’s Worry-Free Business Security Standard or Advanced editions, you’ll know that both come with a convenient management console that enables you to easily watch over and control the security services you deliver.
But if you don’t act on the information and alerts you receive, and keep your solution up to date, itcould mean that your end-user customers are at greater risk from threats like ransomware!
There are just three things you need to do to keep your customers protected:
1. Upgrade manually after renewals
Renewals of Trend Micro’s Worry-Free for Business Standard or Advanced editions do not automatically upgrade to the latest version, so you need to manually manage this process yourself.
Happily, it’s an easy thing to do. There’s a link to Trend Micro’s Download Center at the top of every console homepage. Click to upgrade your renewed Worry-Free Business Security edition to the latest version (see images below).
Alternatively, you can go to the Help tab, click on Support, and then click on the Download Center icon at the bottom of the page (see image below).
No uninstall or reinstall is required, the upgrade will automatically be picked up from the server by all the connected security agents, and your customers will stay protected.
What’s not to like?
2. Get notified by RSS as well
If you’re not on v.7 or upwards, you won’t get console notifications, so you need another way of receiving them.
And even if you are on v.7 or upwards, there’s certainly no harm in having a backup notification channel to be doubly sure the message hits home.
This is why the Download Center website supports RSS. You can set up upgrade notifications and reminders from that site straight into your RSS feed (see image below), and then go into the console to act on them.
3. Act on those notifications!
As we’ve shown above, the console – even in pre-v.7 guise - contains the necessary links for you to download upgrades or service packs, and you can also find these links in the Download Center, whose icon is at the bottom of the console page (see image above).
So it’s a cinch to stay ahead of the game – but you do have to make sure you download the upgrades and packs promptly from the links.
That way, your customers will continue to be fully protected.
Keep Worry-Free worry-free!
Pay heed to your console, reminders and notifications and your Worry-Free Business Security solutions will totally live up to their name (more so, in fact, if you upgrade to the cloud-based Services edition that significantly simplifies life for both you and your end-users!)
But miss an upgrade or a service pack, and fast-moving, destructive threats like ransomware are, in all probability, already one step ahead of you and your customers alike.
In the wake of a Windows 10 zero day exploit that had Microsoft all a-flutter, we explore these insidious threats - and how to combat them.
In the last blog in this series, we looked into ransomware, what it is, and how you can stop it. In this blog, we put another cyber-threat under the microscope – the zero day exploit.
We’ve looked into what the zero day exploit is and how it ticks – and we’ve “zeroed” in (sorry!) on some things businesses and their security partners need to consider in order to confront the danger head-on.
Zero day exploits: what are they?
Perhaps no other threat is guaranteed to drive software vendors’ marketing departments into public fits of bluster and defensiveness quite like the zero day exploit (see Microsoft’s recent performance in this piece in Ars Technica, for example!)
This is because zero day exploits are all about urgency and panic. Typically, they attack newly released software through vulnerabilities even its designers often don’t yet know exist (although legacy software can also sometimes be a target).
They are so called, as Wikipedia explains, because the hapless software vendor has “zero days” to fix the problem, or communicate helpfully about it, before it goes public – since the hackers themselves have usually already publicised it for them!
Zero day exploits love targeting browsers and office applications like Word and others (because we all use them) and they also hijack the common SMTP email protocol to find their way into these vulnerable applications in the first place.
But what makes zero day exploits so dangerous is that they tend to evade typical security software defences.
Why? Because many of the latter rely on triggers like malware signatures and known URL blacklists – intelligence that accumulates over time. And by definition, a zero day exploit has none of this history behind it!
What damage can zero day exploits do?
Here’s just a short list of zero day threats and the havoc they can potentially wreak, curated from various sources covering the last year or two:
Suspected North Korean State threat actors were observed exploiting a vulnerability in a word processing application
A targeted attack unveiled vulnerabilities in Microsoft Office and Windows, hidden within a Microsoft Word document
Adobe and Windows zero day exploits were made use of by Russia’s APT28 gang in a highly-targeted hack
Vulnerabilities in Microsoft font drivers were found to allow remote code execution, potentially rendering businesses open to ransomware, data theft, etc.
And, at the time of writing, a memory corruption bug affecting several Windows operating systems was declared capable, in this advisory, of remotely causing a denial of service (DDoS) attack!
Zero day – how do you defeat an enemy you can’t see?
But what defence is possible if security software can’t even recognise a zero day exploit when it’s sitting on top of one?
One effective response to this is to choose security solutions that don’t go hunting for known malware signatures, but instead zoom in on the structural behaviour of the applications that are likely to be targeted by zero day exploits.
It follows that the more extensive the analysis of these applications and the data they generate, the more effective a security solution is likely to be in recognising the signs that a zero day exploit is at work.
Enter Trend Micro, which has woven together an extraordinary mesh of vulnerability intelligence sources that include behavioural, statistical, heuristic and protocol analyses, all drawing on a constantly updated and monitored worldwide threat intelligence network.
Backed up by artificial intelligence (AI) and machine-learning techniques that extend through multiple different security layers, analyses of the entire possible zero day attack surface can be interlinked.
In other words, a more holistic understanding of which of the business’s applications are being asked to do what, and whether this is likely to constitute risky behaviour, is formed.
It’s less about putting a name and face to the exploit itself, and more about spotting changes across the business’s often very complex IT environments that aren’t explicable in any healthy way!
Anti-zero day solutions – what the industry says
An enlightening read for those investigating this area is industry analyst Gartner’s recent Magic Quadrant for endpoint security (which you can download here, and in which Trend Micro, incidentally, is positioned highest and furthest amongst the contenders).
It hits on many of the points we’ve mentioned above – application and process analysis, behaviour monitoring, machine learning, browser and office software vulnerabilities, memory manipulation – to paint a pretty comprehensive picture of what the industry is doing to address the fundamental difficulty of stopping a threat that is, initially at least, invisible.
Meanwhile, keep your eyes peeled for our next topic in this blog series – viruses!
Bitdefender updated its GravityZone cloud console with new features that you may not be taking full advantage of. Here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.
The big news is that Bitdefender has now incorporated Anti-Ransomware vaccine for all its cloud customers, that immunises end-users against both existing and emerging ransomware attacks – at no additional cost! This module is activated through the policy section Antimalware --> On Access settings
By activating this module, machines will be protected from all currently known forms of Ransomware. The Vaccine works independently, does not need any other modules to be installed, and is switched on simply by ticking the box in the customer’s policy.
Other New Features in GravityZone
Update Rings- this feature allows Administrators of the program to choose when in the validation cycle an update is received.
Anti-Exploit Techniques- a new set of powerful techniques which further enhances existing technologies to fight targeted attacks. These are integrated into the existing Advanced Threat Control module.
Web Access Control Rules- The categories list has been updated with multiple new categories added.
Exchange Protection- This can now be enabled/disabled when editing a customer with a monthly license subscription.
For more details on the above features and a look at the other features included please click here
AppRiver’s Nautical platform makes all aspects of security service provision manageable from a “single pane of glass”. We look at the benefits.
For security service providers, or resellers wanting to break into the MSP space, there is a double challenge at hand: selecting solutions whose performance will delight their customers, yet that are easy enough to “drive” on a day-to-day basis to prevent margins being eaten away by costly management overheads.
This is why the appearance of AppRiver’s Nautical platform has set our antennae a-twitching. It promises a unified management console that enables service providers to deliver and manage a raft of cloud-based security solutions from one place, without the profit-sapping expense.
Here are just a few ways in which that could benefit service providers and their business.
The business benefits of Nautical, (1): Devolved management
Managing everything from under a “single pane of glass” is a seductive sell, but (I hear you say) doesn’t that just make for a crammed and complex window onto your world, which in turn drives management and admin costs up?
But Nautical turns this on its head, by enabling role-based interaction, so that different users each have different views of what is under the pane and can exercise different levels of control over it – and this includes the end-users themselves.
In this way, management workflows are made more targeted and efficient, but also flexibly devolved to customers where possible - taking even more of the admin burden off the service provider’s desk.
The business benefits of Nautical, (2): Easy upscaling
Theoretically, cloud-delivered services can easily scale up to meet the needs of increasing numbers of end-users, thus supporting service providers’ revenue growth.
But critical to this process is the ease with which those new users can actually be brought on board. All the cloud service capacity in the world is no money-spinner if it is difficult, time-consuming and costly to connect users to it.
One of the killer new features in Nautical is a configurable user account management function that enables new users to be brought on board, and the overall user count to be increased, very easily.
Previously, this would have entailed multiple workflows in multiple environments; using Nautical, however, it is now a far simpler (and therefore cheaper) process.
The business benefits of Nautical, (3): App-style agility and healthchecks
To go back to a previous point, bringing on additional users also inevitably drives demand for more products and services. Any service provider that delivers on the first point but not the second is painting themselves into a corner.
Nautical, however, makes it possible for both service providers and their customers to add and integrate new products and services with the kind of pick-and-mix agility you’d expect from something like an app store.
But (I again hear you ask) doesn’t that, in itself, create another management challenge – namely, monitoring all those disparate products and services without excessive (and expensive) manual intervention?
Here, too, Nautical comes up with the goods, thanks to its cross-product diagnostics that deliver a single, regular, unified application healthcheck to service providers’ customers and all the solutions they’re using.
What else should you know about Nautical?
Nautical has been described as “an entire channel programme in one portal”, but what’s really striking is that this deep integration across all aspects of security service provision comes at no charge.
But it’s perhaps ransomware, explored in a previous post, that will see the most noticeable growth in 2017, and it’s a major factor driving businesses’ and security partners’ interest in business continuity solutions like backup and recovery.
After all, if a business can reinstate critical backed-up data at will, ransomware loses much of its bite, and therefore its attractiveness to those who perpetrate it!
So what does an effective business continuity solution look like?
Business continuity solutions – what to look for
True business continuity is about more than just security applications – there’s a whole host of cultural and organisational requirements too, as this basic guide from CSO Online explains.
But from the solutions point of view, business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery.
Two metrics are critical, here: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
The former dictates how much data a business could afford to lose before it caused any real and lasting damage – and therefore reflects considerations like how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.
The latter dictates how rapidly that backed-up data can not only be accessed (hint: off-site tapes just don’t cut it any more!) but actually redeployed in a form that the business’s hungry systems can once again get to work on – not just files and folders, but settings, too - to get the business back on its feet post-incident.
Between them, these two metrics hinge on a host of solution capabilities that can be problematic.
For example, one oft-cited issue is that when backup and recovery data is being streamed back into a stricken business, the data can’t be accessed or used until the recovery process is complete – and that can take many precious hours, days, or even longer. Unhelpful.
Reliance on recovery via hardware is also a sticking point, since it may be impaired by the very hack that caused the data incident in the first place (ransomware is a very good example of this!)
What’s the appetite for business continuity solutions in 2017?
Nonetheless, business continuity has been a problem crying out for a solution for a long time before 2017; ransomware has simply put an especially shrill edge on it!
Scary statistics abound; did you know, for example, that according to a study by Onyx Group, 71% of UK SMEs only ever manage to back up part of their data?
Or that 75% of SMBs have no disaster recovery plans in place at all?
But even more terrifying, when considered in the light of the ransomware issue, is that, according to one estimate, 58% of small businesses could not withstand any amount of data loss whatsoever!
Think about that for a moment. It means the hackers’ job is made much, much easier. Even holding the slightest amount of a business’s data to ransom could easily provoke a payout. Minimum effort, maximum return – which means more hackers getting involved in this kind of activity in the future, of course!
(And in case you’re wondering, the disaster recovery-as-a-service market, in which backup will play a key role, is estimated to be worth $11.11 billion - £8.83 billion - by 2021. Ripe for the picking!)
Where can I check out the latest business continuity solutions?
Clearly, what we’ve said above also means that the competitive landscape for security partners in this space is going to become challenging.
But for an insight into how one backup and recovery solution is evolving to deliver both strengthened protection to end-users and a more compelling proposition to the security partners who sell to them, take a look at this data backup and recovery features update.
And keep watching this series of blogs – we’ll be looking at a whole range of security solutions for 2017, covering email, web, cloud, data centre, and Office 365.
Bitdefender’s GravityZone solutions are chock-full of benefits that make them easy, slick, and profitable for security partners to use. Read more.
GravityZone killer benefits, (1): Overarching ease of use
The first thing to note is that GravityZone’s whole management workflow, across all customers and products, is driven from a single console with a single login.
Everything – policies, licensing, reporting - is controlled from one space, not two or three different dashboards, as is the case with some vendors.
An exceptionally fluent interface all but dispenses with annoyances like multiple popups that can confuse users and provoke error, whilst a neat hierarchical tree structure enables users to see all their customers in one view (grouped by site or office where necessary), and to simply click to drill down into the detail of their licensing, usage, reporting, etc.
No more firing up multiple tabs and screens, and managing multiple logins!
Extensive and instant reporting
But Bitdefender has dragged the process of actually generating and delivering the reports into the 21st century, too.
Not only can security partners (MSPs and resellers alike) pull down accurate usage and other reports on demand, independently of the wholly automatic invoicing process, but the sheer array of possible reports and delivery mechanisms is impressive.
From Amazon AWS usage, to device control, to licence status, to Top 10 malware statistics, and much more, the reports can be fired up ad hoc or scheduled automatically, run on the dashboard, sent as alerts or emails, and basically tailored to whatever form the partner finds easiest and most useful to deal with.
Looking cloudward, GravityZone’s integration with AWS also delivers enviable simplicity; the MSP can spin up an AWS virtual server and that server will immediately be protected by GravityZone.
It’s a strong reminder of the fact that GravityZone is built from the ground up for virtual environments, in contrast to many other vendors’ solutions, which feature virtual refinements built around an essentially physical-heritage core (as we explore in this recent white paper).
For customers that don’t want to be out of the security loop entirely, end-users can have their own logins, giving them role-based access to services and features within the GravityZone security products their business uses.
This is particularly useful for customers who have invested in some degree of security expertise in-house and want to realise the value locked up in that investment.
But of course it can also reduce the management workload for the partner, putting a keener edge on their margins!
GravityZone killer benefits, (3): Integrations - and automations - that matter
Every security partner wants to sell market-leading solutions, but not if managing them on a day-to-day basis will send their operational expenditure through the roof.
GravityZone has addressed this concern head-on, by developing an integration to ConnectWise Manage (the PSA solution used by some 70% of the top technology solutions and service providers).
The integration with ConnectWise Manage supports the delivery of automated, end-to-end helpdesk, contract management, time tracking, account management, sales and marketing enablement and potentially much more, reducing the MSP’s workload, whilst delivering improved customer satisfaction levels.
Automatic policy assignation also slices a significant chunk out of the MSP workflow, as it enables them to effortlessly trigger and roll out security policies based on existing variables like IP address, network type, server address type, and so on.
GravityZone killer benefits, (4): Anti-malware with common sense
An office full of software developers needs more freedom to build, run, and test code and applications than a team of salespeople.
So, GravityZone enables the techies’ anti-malware parameters to be set less sensitively, whilst the business development crew can benefit from somewhat more stringent protection!
Naturally, though, this kind of adjustment just won’t work if it is complex or risky to use, and on both fronts GravityZone scores highly.
Sensitivity is controlled by simple tick-boxes, but users are also protected by GravityZone’s N-Tier structure, which means certain security settings and policies are automatically “inherited” based on past and present operation. Plus, security is also enforced by the distributor (us!).
Basically, it’s possible to fine-tune security, but it’s never possible to leave users unprotected.
GravityZone killer benefits, (5): Playing ransomware at its own game!
Ransomware’s ability to terrorise businesses has an Achilles’ heel.
It prevents a machine it has already infected playing host to any other infection that could interfere with its planned endgame – and this same defence, used on uninfected machines, effectively blocks the ransomware itself!
Enter the GravityZone Anti-Ransomware Vaccine, which uses exactly this technique to enable partners to “immunise” users against ransomware attacks, simply by enabling it as a policy within existing anti-malware protection.
GravityZone: where to learn more
As ever, there isn’t the space here to explore the benefits of GravityZone’s innovative features in ultimate detail.
But there’s some more detail on recent feature updates in this post, and more on the various GravityZone products, and their benefits for both MSPs and resellers, on the Web here.
But despite the burden of compliance that this places on the channel, isn’t it also a major opportunity for channel partners to sell more of the solutions that help end-users to address GDPR-related issues?
Here’s what we found when we dug into GDPR, and the opportunities it potentially presents, a little further…
A noteworthy feature of GDPR is that it does not prescribe specific data protection technologies – like a certain encryption algorithm, for example – and, therefore, does not automatically exclude others.
Instead, it prescribes processes, meaning that partners potentially have greater freedom than before to choose from a palette of vendor solutions that can satisfy those process requirements.
It’s a growth outlook reinforced by the IT industry’s most high-profile membership and training organisation, CompTIA. They have publicly stated to IT channel partners that GDPR means “Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users.”
So, given that GDPR is seemingly less proscriptive on the technology front than we might have previously assumed, what are the GDPR hot topics to which security partners’ offerings need to provide a compelling (and compliant) response, if they are to make the most of the opportunities at hand?
GDPR opportunities – 2: Data protection controls
GDPR has serious teeth, but given our background in security software distribution, and from the point of view of security partners’ offerings, we believe it bites hardest around three key internal and three key external threat scenarios, which we’ve paraphrased from this recent research:
(including employee mistakes and malicious insiders)
Making lost data valueless if found – in other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
Remote kill and wipe, to easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
Data loss prevention (DLP), to control the types and sensitivities of data that users move around or out of the organisation.
(third-parties exploiting the organisation)
Locking-down, to control what kind of applications can and can’t run on an endpoint
Virtual patching, to stop remote exploitation of unpatched vulnerabilities
Breach detection, to flag where a network has been compromised, and thus enable users to block attempted data theft.
Should security partners be quaking at the sound of these snapping jaws? Not a bit of it.
Security solutions are already available that enable partners to deliver many of these GDPR-focused benefits to end-users, from vendors including Trend Micro (in both SMB and Enterprise formats) and others.
Plus, a recent survey of European businesses cited in this Information Age article found that 69% of those polled are not only likely to invest in security technology as a result of GDPR, but to do so in areas including file-sharing. (This hints at a growth in the cloud app-centric security requirement space, into which, as we discussed in an earlier post, at least one vendor already plays strongly.)
GDPR opportunities – 3: The size of the market
But it’s filthy lucre, predictably, that hints most effectively at the pot of GDPR gold at the end of the partner rainbow. And make no mistake, we are talking big money here.
, for example, has predicted that GDPR will create a $3.5 billion market opportunity for security and storage vendors – in which their partners, of course, will share – as the severity of fines drives enterprises to “radically shake up their data protection practices, seeking…new technologies to assist with compliance.”
An additional push factor in the groundswell of GDPR opportunities for security partners also came with the recent comment by the European Commission's Justice Directorate, according to the International Association of Privacy Professionals (IAPP), that companies judged to have invested responsibly in security can, under certain conditions, see any fines for non-compliance reduced.
Security partners, it seems, are likely to become many businesses’ new best friends!
GDPR: What next for security partners?
This piece in ChannelPro perhaps best expresses what partners need to do, as GDPR relentlessly approaches, to turn a disruptive regulation into a profitable business opportunity:
“1. Read up on the changes and ensure they become the trusted expert on the new regulations
Educate their customers about the impact of the EU GDPR
Ensure they’ve got the solutions available to help customers with compliance”
From where we’re standing, point 3 looks to be the least of partners’ worries…
Bitdefender have updated their GravityZone cloud console with some new features over the weekend and here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.
The big news is that Bitdefender has now incorporated Anti Ransomware vaccine to all its cloud customers, and will be rolling this out through the on-premise version on Tuesday 27th Sep 2016. This module is activated through the policy section Antimalware --> On Access settings
By activating this module, machines will be protected from all currently known forms of Ransomware.
Other New Features
Update Rings - this feature allows Administrators of the program to chose when in the validation cycle an update is received.
Anti-Exploit Techniques - a new set of powerful techniques which further enhances existing technologies to fight targeted attacks. These are integrated into the existing Advanced Threat Control module.
Web Access Control Rules - The categories list has been updated with multiple new categories added.
Exchange Protection - This can now be enabled/disabled when editing a customer with a monthly license subscription.
The above features are now in place for all current users of Bitdefender Gravityzone in the cloud and will be rolled out to Bitdefender Gravityzone on-premise users from the 27th Sep 2016.
For more details on the above features and a look at the other features included please click here
Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
To try and combat the infection, we offer the following advice
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files
What customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.
We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.
As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”
Whether businesses are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, liking comments on Twitter, or using cloud data storage applications (as some 52% of small and medium-sized businesses in the US alone seem now to be doing, according to this Cloudwards article), the potential for both intentional and unintentional data compromise or reputational damage is high.
So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?
Cloud application control: the all-seeing-eye?
The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.
Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.
So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?
Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?
Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?
With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.
Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.
Cloud app control – it’s not everywhere
Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.
On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.
But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.
To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.
Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.
Who sells cloud application control solutions?
Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.
But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.
One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.
Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?
Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.
Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.