Cloud computing is fascinating. Whether you’re an IT professional who uses the term ‘cloud’ 150 times a day, or you’re only vaguely aware that ‘the cloud’ stores your photos and files, cloud has become ubiquitous – and it isn’t going anywhere.
However, at the same time, the term 'cloud' has become a vague catch-all. It’s taken for granted, leading to ambiguity about what the cloud is. Managed Service Providers (MSPs) and IT firms offer expertise in cloud, cloud security, cloud posture management, and more. But all too often, the way they discuss it leads to confusion, because speaking ‘cloud’ can be like speaking a foreign language. And like learning another language, unless you’re immersed in it, it’s hard to become fluent.
Cloud is a double-edged sword
MSPs are cloud experts; they’re fluent in the language, but when they’re speaking to those who aren’t immersed in cloud architecture, there’s still a language barrier that’s difficult to overcome and to understand. This results in security gaps and vulnerabilities in cloud infrastructure.
It’s this confusion over cloud that cybercriminals are looking to exploit. They’re searching for the easy way in; they’re looking for the misconfigured bucket which is facing the open internet, they’re looking for human accounts which are vulnerable because they’re only protected with default credentials; identities with long-standing access to cloud resources; or regular accounts which have mistakenly been equipped with administrator privileges – without anybody noticing.
One of the major advantages of the cloud is that it can help organizations boost business efficiency. That said, while the cloud can simplify applications and services for employees or customers, the reality is that configuring the cloud correctly is a complex task. And if this isn’t managed correctly, the cloud quickly becomes a double-edged sword, providing cyber attackers with access to misconfigurations and vulnerabilities that they can exploit as an efficiency tool.
Threat actors know this. That’s why they’re mercilessly targeting the cloud, be it finding ways to gather passwords to access cloud-based user accounts, which it’s believed is how the recent spate of incidents targeting UK retailers began, or be it via searching for unsecured storage buckets facing the internet. No matter the method, cybercriminals are increasingly relentless in their attacks against the cloud, and just like legitimate businesses, the bad guys are moving forward with their cloud-based business models. This creates a business risk that can not be ignored.
Businesses have become reliant on cloud applications and services. It’s a mature concept, but many organizations still don’t fully understand what they’re dealing with or the implications it has on cybersecurity, especially if their MSPs are speaking about the cloud in complex language, which is difficult to translate into actions.
Have they thought about the ins and outs of securing the cloud? Or what would happen if the cloud went down or access was revoked because of a security incident? Would the business still even be able to operate?
Multi-cloud environments
This only becomes more complex in a multi-cloud environment. Not so long ago, when a business rolled out cloud computing, it was likely restricted to using products from a single vendor. That’s now changed, with businesses potentially using Microsoft 365, Amazon Web Services, and Google Cloud, all in the same environment.
Managing one cloud service was already difficult enough, and the addition of extra services, each with their nuances, only further complicates this, especially if the business doesn’t truly grasp the complexities around securing the cloud.
Much of this misunderstanding comes from misconceptions around cloud posture management and who is responsible for managing it. Sometimes, businesses are under the impression that because they’ve outsourced their cloud management to an MSP, securing it isn’t their responsibility.
But this is incorrect; the organization needs to ensure that not only are they aware of any potential security issues, but that they have plans to manage them, and in the worst-case scenario, that means strategies for how to deal with an incident and reduce their business risk.
MSPs are vital
However, MSPs are still key to this. If they’re using complex, difficult-to-understand language about cloud services and security, businesses may not fully understand their role in securing the cloud. It’s therefore vital for MSPs and IT providers to talk about cloud in a clear, meaningful way that's understandable to outsiders.
Businesses employ MSPs because they bring expertise in areas like cloud deployment and security. But it’s still vital for the organisation to do due diligence on who they’re partnering with and what expertise they bring. That partner should be the provider who best understands your business, best understands the challenges the business is likely to face, and is equipped to help find the right solutions for your cloud environment, plus the right security tools and processes to help keep it safe from cyber threats.
The cloud is confusing, and it’s only going to become more complex and more ingrained in environments as cloud-native becomes the norm. Ensuring that it’s protected from cyber threats can only happen if communication around it is clear – if it's ambiguous, organisations are going to find themselves vulnerable to threats and challenges. Strong cyber practices are about exposing and closing cyber risk.
The time to demystify cloud confusion is now.
-
Why understanding the customer’s network unlocks its value and your successIndustry Insights Working as providers of true value rather than the first port of call for short-term solutions is key for the channel
-
The role of the MSP in lighting the path to a revised cloud strategy for the mid-marketIndustry Insights The answer isn't always the public cloud and the channel can help show mid-sized businesses the way forward in their cloud journey
-
Overcoming DevOps challenges in multi-cloud environmentsIndustry Insights Multi-cloud architectures provide opportunities for growth and agility, but ensuring seamless, scalable, and secure operations remains a challenge
-
Protecting the planet, one cloud at a timeIndustry Insights Channel leaders have a role to play in making the tech industry more sustainable and adopting GreenOps will be vital
-
How MSPs can manage their revenue betterIndustry Insights As customer demands, IT needs, and new cyber threats emerge, MSPs can grow their revenue by helping clients get a clear picture their full SaaS landscape
-
The channel’s evolving relationship with SaaSIndustry Insights Software as a service has had a sizable impact on the channel since its introduction in the 1990s, but as the channel evolves so must SaaS platforms
-
Public cloud does not hold all the answersIndustry Insights Public cloud has long been the default option for many organizations, but is it time businesses questioned their assumptions on how to get the most out of cloud?
-
Putting the channel at the heart of the cloud marketplace economyIndustry Insights AWS Marketplace represents a huge opportunity for partners – now is the time to seize it
