MSSPs and the Cloud: A Security Fabric is Key

For many years, organizations were hesitant to adopt multi-cloud solutions due to security concerns. However, the pandemic demonstrated the superiority of cloud first enterprises versus their traditional counterparts, and we’ve witnessed tremendously accelerated cloud adoption.  Indeed, public sector agencies and businesses of all sizes are embracing Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS) as part of multi-cloud solutions provided by numerous cloud service providers (CSPs).  These organizations are reaping the rewards of accelerated time to market, agility, innovation and cost savings, along with better business outcomes and customer experiences.  Needless to say, it’s easy to see why so many enterprises have implemented a multi-cloud strategy.

Along with these tangible benefits, we’ve also seen increased complexity and risks arising from a much more distributed computing environment – from remote workers to computing that spans private clouds, enterprise edges, edge clouds and core clouds.  The practical reality of so many organizations using multi-cloud, is that the complexity of securing a highly adaptive, scalable network is usually something many organizations cannot handle alone - creating an opportunity for managed security services providers (MSSPs).  The key to success for MSSPs will be the ability to bridge different platforms, networks and clouds to deliver unified cross-platform visibility and control.  MSSPs must consider how they can deliver on the promise of self-healing SD-WAN, along with elastic, highly scalable cloud computing while providing holistic edge-to-edge security.   Contactless commerce and other digital transformation initiatives require accelerated networks and computing with milli-second SLAs which requires networking, security and the compute to operate as an integrated solution.

Managed services are all about predictable outcomes and managing complexity.  To help their customers get the most out of the cloud, MSSPs must focus on ensuring that everything - from cloud computing to security to networking - works as one complete solution.

Establishing Relationships with the Cloud Platform

One of the most challenging aspects of multi-cloud strategies is how to ensure uniform visibility into legacy private clouds, as well as newer deployments across multiple cloud service providers.  It’s often said that “you can’t protect what you can’t see.”  This is most evident in multi-cloud strategies where visibility into the processing and storage of data in multiple CSPs is very challenging.  This drastically reduces visibility into the confidentiality, integrity and availability of data, as well as user/entity behavior, let alone compliance risks. It also makes it difficult to ensure each data point is properly secured and segmented.

As organizations move workloads and applications to multi-clouds, having a platform approach that provides a common view along with tight integration with cloud providers will be key. In shifting compute to the cloud, security and networking also shift, meaning all of these components must work together to be successful. As there are more edges accessing services directly from the cloud, MSSPs must be able to deliver services to these edges while shifting security to a more hybrid model.  The way we think about commerce, communications and entertainment is changing, and the expectation of a seamless user experience across devices is on the rise. To meet these outcomes, MSSP business models will need to change, as well. 

The Challenges of a Lack of Integration

One of the biggest challenges for security teams is the notion of cross-platform visibility and control. An MSSP’s role is to reduce complexity and improve outcomes, so to be successful, it’s important to think about what exactly it is that they’re supporting. As everything becomes increasingly disaggregated and distributed, the need for cross platform visibility on a single pane of glass becomes very clear – especially for management issues.

Another leading challenge is the shared responsibility model, which can make it difficult for everyone involved to know who exactly should be managing various aspects of security. The reality is that while there are many responsible parties, including technology vendors and service providers, it’s still the IT teams that are accountable for security.  This is why cross-platform visibility and understanding who is responsible, who is accountable, who needs to be consulted, and who needs to be informed are so important.

In the shared responsibility model, the CSP takes responsibility for securing the infrastructure and in some instances the platforms, while data security, application security, and other functions are the responsibility of the user.  CSPs offer a multitude of tools and services which are optimized for their IaaS, PaaS or SaaS offerings, but not necessarily optimized for integration with other CSPs.  It’s easy to see why the challenge of ensuring uniform security controls and continuous management across multiple clouds is driving many organizations to use MSSPs.

Unlock Cloud Platform Capabilities with Tightly Integrated SD-WAN=

The shift to multi-cloud solutions rendered traditional, router-based hub and spoke WANs obsolete as users were no longer back-hauling traffic to a central data center but connecting directly with cloud resources via SD-WAN.  SD-WAN’s highly adaptive capabilities allow it to prioritize critical applications, have multi-path intelligence, and provide self-healing WAN capabilities to optimize network performance and quality-of-experience.  To do this, an effective SD-WAN solution must be able to integrate with core security and multi-cloud compute.  These self-healing, adaptive capabilities have to be broad, integrated and automated to ensure that a change in one element results in synchronized optimization across networking, security and computing.  This level of monitoring and orchestration is the sweet spot opportunity for MSSPs.  Therefore, MSSPs must be able to support SD-WAN and have visibility into the cloud computing environment so that they know how changes in security architecture might  impact user experience on application performance.

With the majority of enterprises leveraging multi-cloud strategies, there’s an immense opportunity for MSSPs to grow their business while ensuring security and compliance for customers. This is especially true as organizations contend with the skills gap, often leaving them lacking the level of expertise necessary to secure these complex environments.

MSSPs can offer customers guidance on where they need to deploy additional controls in order to remain compliant with regulations and the shared responsibility model.

Beyond this, MSSPs can assist in mitigating common multi-cloud security challenges by deploying and adaptive cloud security strategy that provides the same look and feel across any cloud as well as, integrated controls that enable customers to have visibility and control of each cloud deployment. This will specifically include advanced services such as:

  • Next-generation firewall
  • Intrusion prevention
  • Web application security
  • Antivirus
  • Advanced threat management
  • Secure SD-WAN
  • SASE

MSSPs should consider a security fabric-based approach that provides customers with visibility into their data, no matter where it’s processed and stored.  In addition, security fabrics provide a more complete understanding of the attack surface, along with better detection and faster mitigation.  Special attention should be focused on artificial intelligence capabilities supporting mature prevention, detection and orchestration technologies.

Enable Service Provider Success with Delivery Options

Aside from small to mid-size companies, most enterprise businesses will operate in hybrid environments since there will always be sensitive information that cannot be moved off private clouds for a number of reasons, including compliance and intellectual property protection. Thus MSSPs must be able to deliver services that can meet legacy requirements, today’s multi-cloud networks and tomorrow’s edge computing ecosystem.

Clients often look to MSSPs to manage complexity and offer predictability in regard to outcomes and cost, so it’s important to have adaptive management and orchestration for network and application performance, as well as security protecting the LAN, WAN, data center and cloud edges.  MSSPs will need to be able to secure current cloud environments using SD-WAN and offer flexible options in terms of form factors, appliances, consumption models, and more. This tight integration will enable flexibility as customers embrace digital transformation.

Each organization’s cloud journey is different. While a CISO may think it makes the most sense to use appliances now, over time, he or she may find requirement and resource changes that drive a to shift to VMs, or a cloud-delivered service.  MSSPs will do well to ensure their strategic technology partners can seamlessly support different form factors, consumption models and licensing models that adapt with changing customer needs.  When organizations move their services from in-house to a partner, they expect to get the same results, if not better. For this reason, MSSPs should select platforms with tight SD-WAN and cloud service provider integrations.

Final Thoughts

The cloud can unlock tremendous benefits for customers, but it can also expose customers to unprecedented levels of risk.   According to Gartner, approximately 95% of all problems that occur in the cloud are caused by customers, and the shared responsibility model can exacerbate this even further if not properly managed. Additionally, roughly 99% of all vulnerabilities exploited are known for at least a year, which is why MSSPs must have end-to-end visibility across the environment.   This is why MSSPs must begin forming the foundation for success today, which means broad, integrated and automated security for SD-WAN and multi-clouds.

Author Jonathan Nguyen-Duy is VP of Field CISO at Fortinet. Read more Fortinet blogs here.