Serchen Blog

Top 4 reasons to turn to a cloud managed service provider

1. Security

When companies move to the cloud, it’s crucial that they know where the cloud provider’s security role ends and where theirs begins.

The shared-responsibility model is one of the basic tenets of a successful public cloud deployment, and often the least understood. It requires vigilance by both the cloud provider and customer – but in different ways.

Amazon Web Services (AWS), which developed the shared-responsibility philosophy when it introduced the public cloud, describes it succinctly as, “knowing the difference between security in the cloud versus the security of the cloud.”

This model, which is radically different from how organizations are used to securing their own data centers, often creates a “disconnect” for newer cloud enterprises. Their first question is often, “Is the cloud secure?”

The real question is, “Is my cloud being managed securely?”

The security of the cloud refers to all the underlying hardware and software: compute, storage and networking, in both the customer’s and the provider’s environments. But the cloud provider takes care of theirs; the customer takes care of theirs.

The configuration of the foundational services is in the hands of the customer, including the likes of: customer data; apps and identify-and-access management; operating system patches; network and firewall configuration; data and network encryption; continual security and compliance monitoring; resource allocation … the list goes on.

If this seems overwhelming, it’s because it is. Especially for bandwidth-strapped IT folks who may not have the time, resources or expertise to configure, continually optimize, monitor, secure, ensure compliance, etc. … for all the organization’s cloud resources and users, 24x7x365.

2. Prolific new product releases

At AWS’s big re:Invent conference in Las Vegas this December, the company introduced 70 new products and features.

To keep up with the new releases, incorporate their functionalities, and learn how to manage and secure them, is a continual job that few people have time to do. One of the major releases from re:Invent was the introduction of Amazon Outposts.

This release recognizes customers’ desires to have a single, managed platform with the value of the AWS cloud tools, while still maintaining their data on-prem, in their locations.

The job of managing your cloud environment and its security expands exponentially with the proliferation of capabilities and services of cloud providers like AWS.

3. Desire for a single managed platform to manage multi-cloud services

With so many releases and new products being introduced into the mix, it becomes very difficult for an on-prem IT team to manage.

That’s where a third-party managed service provider comes in: to keep up with the continual updates; to constantly monitor, optimize and secure; to keep eyes on your enterprise at all times, and to keep you informed along the way…all in a single, managed platform to which you have access.

Many companies that use a primary public cloud provider (like AWS) turn to third-party resources to help them fill in the gaps in their own skillsets and knowledge, and to augment the tasks required to properly manage and secure their cloud environments. This spreads-out the accountability for the “care and feeding” of the overall IT infrastructure. That’s why cloud managed services, like PTP’s platform, are gaining immense popularity right now.

When it comes to the continual monitoring and configuration of security services such as user access, authentication, security breach alerts, security threat remediation, and the like, many companies prefer not to leave it up to chance. They hire a third-party to ensure that their cloud environment is under the watchful eye of certified cloud security experts who can immediately spot, remediate and report on any malicious activity. – Read more

Cloud Data Security: Who Should Hold the Keys?

Nearly half (48%) of all corporate data is stored in the cloud according to the 2019 Thales Global Cloud Security Study conducted by the Ponemon Institute. Organizations admitted that on average, only about half (49%) of the data stored in the cloud is secured with encryption and only one-third (32%) believe protecting data in the cloud is their responsibility.

The reality is the cloud has created challenges in knowing where data is stored, who has access to it, and how to best secure it. A major catalyst to address the challenges of cloud security are new government regulations and compliance mandates that will make securing multi-cloud strategies more complex.

The question becomes “Who is responsible for cloud security, the cloud provider or organizations consuming cloud services?” According to the shared security model, the answer is both. Both cloud providers and enterprises are accountable and responsible for maintaining security.

Encrypting data in the cloud

For enterprises that elect to use encryption to protect their data, securing their encryption keys is of paramount importance. Enterprises want to leverage all of the advantages the cloud has to offer, but some of the benefits come at a price. In return for flexibility, scalability and automation, encryption key ownership is often given up to the cloud service provider, taking the control out of an organization’s hands, increasing compliance complexity.

When it comes to encryption keys, it is all about control. By default, the cloud provider generates the encryption keys on behalf of customers and manages the lifecycle of the keys. For many organizations that are hosting sensitive data in the cloud, this lack of sole control and ownership over encryption keys does not meet their compliance or internal security requirements. Instead, these organizations want full control over how and when encryption keys are used to protect and access encrypted data.

BYOK vs HYOK

Bring Your Own Key (BYOK) allows enterprises to encrypt their data and retain control and management of their encryption keys. However, some BYOK plans upload the encryption keys to the cloud service provider infrastructure. In these cases, the enterprise has once again forfeited control of its keys.

Whereas BYOK allows you to host your key inside the cloud provider, Hold Your Own Key (HYOK) allows the enterprise to retain the physical ownership and logical control of customer managed encryption keys.

Enter Google Cloud’s External Key Manager

Last month, Google unveiled the alpha version of Cloud External Key Manager (Cloud EKM) and today the company is announcing it is now available in beta.

Cloud EKM enables organizations to leverage Google cloud services, and comply with complex regulations and policies by not giving up ownership and control of encryption keys. This allows organizations to connect their own key management system with Google Cloud’s Key Management system (KMS), and confidently secure their workloads.

Thales is working with Google to provide this capability. The integration between Google Cloud’s KMS and Thales will enable organizations to store encryption keys in their on-premises, colo, or cloud-based FIPS 140-2 level 3 HSMs as opposed to storing keying material in the Google Cloud Platform or a software-only KMS. As a result, access to internal and highly sensitive data associated with Google Cloud Platform services such as Google Compute Engine or BigQuery are now under the customer’s control.

Furthermore, when a service like BigQuery wishes to decrypt data for a query job, it will request that the data encryption key (DEK) that is used to protect the data in Google’s infrastructure be decrypted with a key service that will manage a key encryption key (KEK). – Read more

Data backup has never been more important

Backup redundancy and disaster recovery

What businesses want from cloud platform services is changing. Pure cloud adopters fear vendor lock-in and we’re increasingly seeing organisations spread the risk by utilising multiple cloud providers. In fact, our own research found that more than half (58%) of companies that currently use one cloud provider plan to expand their portfolio across multiple cloud platforms. This gives them the greatest chance to deliver the best, most responsive customer experiences.

Meanwhile, those running a hybrid cloud model have the option of operating their most critical workloads on-premises and using cloud platforms for less sensitive transient data, data that feeds customer-facing applications. To hedge their bets, some companies opt for a hybrid and multi-cloud approach, using their on-premises sites as well as a multitude of cloud environments, to ensure they have the best service outcomes whatever the circumstances.

A hybrid and multi-cloud framework may be the next stage in an organisation’s evolution towards the cloud. But it poses an urgent risk if data protection and availability aren’t taken seriously.

Trouble in paradise

As they continue their migration to the cloud, organisations have come to realise that different workloads are better suited to certain IT environments. When used strategically, these environments deliver a combination of greater speed, flexibility, agility, endpoint security and savings when organisations have visibility over their IT estate and pay close attention to matters like cloud usage.

A multi-cloud strategy has all the agility and scalability of the cloud without depending on a single provider. It gives businesses the ability to move workloads to other clouds for the purpose of disaster recovery. A hybrid approach, meanwhile, allows an organisation to reduce unexpected cloud costs and customise certain applications further than what’s possible in the cloud. It’s a good option for companies that want to take full control over application and data availability, its protection and ability to have insights that provide visibility into their operations and help ensure regulatory compliance.

However, if organisations aren’t careful this greater flexibility comes at a price. Hybrid and multi-cloud environments are extremely complex: an application may have its tiers residing on multiple different clouds or physical data centres. This complexity only increases with the number of environments and applications businesses have. A highly complex and fragmented data environment is difficult to monitor and control, providing many points for failure and intrusion.

Businesses risk fragmenting their IT management strategies and toolsets if they don’t utilise solutions that can operate in hybrid environments, resulting in numerous overlapping and contradictory policies. Without a unified approach to data management and protection, businesses may find inconsistencies not in only the tools they use but also in their policies on retention of data, encryption of data and most importantly recovery of their data in critical situations.

Many cloud service providers (CSPs) offer data protection services in a bid to become more competitive and capitalise on growing awareness around data protection. However, coverage differs drastically between providers when what organisations need is comprehensive protection across all environments. In short, companies can’t rely on their CSP to keep their data safe. The majority of contracts still place responsibility for data protection in the cloud on their customers. Yet this isn’t clear to many – 69% of organisations still incorrectly believe data protection, privacy and compliance are the responsibility of the cloud provider.

It’s worth remembering also that data protection regulations like GDPR place responsibility for data loss on the organisation, not its cloud provider. Those that fall foul of the regulator face the prospect of considerable fines, reputational damage and the risk of shrinking market share. The only solution is for companies to take responsibility for their own data protection. A critical part of this is having a strong, well-defined data backup plan in place.

Preventing data downtime

A multi-cloud strategy can help spread the risk when it comes to downtime – if an application environment goes offline, it can be switched or failed over to run in another cloud or hybrid environment that is being used for online storage. The challenge always occurs should multiple complex applications go offline. How would businesses recover their mission critical services within the agreed SLA? Organisations need to plan on implementing both application and data availability but also application and data resiliency. The nirvana would be to have it completely automated.

Organisations must also contend with ransomware. Once malware infects their system, it spreads like a virus. Ransomware can surge across a company’s network, knocking out any onsite data centres one minute and blocking access to their private cloud the next. If a ransomware attack can’t be contained, it rarely matters how many different environments you run.

A multi-cloud approach may be more flexible and efficient than relying on a single cloud for antivirus protection, but its many moving parts can make security and governance highly complex. To resolve this, organisations need a backup plan. Backing up the most crucial data and services ensures that any business interruption, whether it’s caused by a server outage or ransomware attack, won’t stop a business in its tracks or incur massive costs while they wait for systems to come back online.

The first step in delivering a strong backup plan is visibility. Organisations cannot protect what they cannot see. When data is visible it is easier to protect under a single, consistent set of policies, so investment in tools that link together disparate data environments and the infrastructure that supports it is vital for success. – Read more