When I went to work for IBM in the early 2000’s, one of the first things I learned was how to work with business partners to create hardware and software solutions in the SMB space. At that time, the business model for partners was far less ambiguous. Hardware in all of its forms, and the corresponding software it supported, were sold in a tangible transaction. The idea of no physical transfer of good and services, as the world is trending now with cloud and virtualization, seemed impossible to grasp.
Evolution of the Datacenter
Now, the face of the modern datacenter has changed forever. More and more applications are moving to the cloud, virtualization density is at an all-time high, and the hybrid cloud is now a reality. With this new technology, it’s natural to have hesitation when an organizations’ data doesn’t reside in their server room or closet.
As a result, security has now emerged at the top of everyone’s mind. Unfortunately, there are not enough skilled professionals to keep pace with fast-moving threats. The complexity of securing hybrid cloud, in particular, requires well-trained experts to be at the helm. Recent industry estimates place the number of unfilled cyber security jobs each year in excess of one million positions. There simply isn’t enough talent in the market to protect all the companies progressing through today’s digital transformation.
In my last five years at Microsoft I was involved with its datacenter business, which resulted in working with large scale clients to move applications to Azure. It was eye-opening on many levels. Early on, I realized that Microsoft was very serious in trying to compete with AWS for public cloud market share and, without a doubt, the behemoth in Redmond had plenty of resources in place. In fact, the sheer size and scope of the Microsoft datacenter is worthy of a sightseeing tour should you ever have the opportunity!
Shared Security Responsibility
The cloud shared security model articulates the responsibility of the vendor to secure the cloud (physical datacenters, role-based and time-bound access to customer environments, etc.). On the flipside, the customer is responsible for the security of their applications on the cloud (in IaaS and PaaS environments). With both Microsoft and AWS talking very openly about the shared responsibility model, partners have a decision how to, both in terms of their business and how to support clients’ transformation, to consume the public cloud. In my experience, partners in both the AWS and Azure ecosystem are very used to leveraging the rich ISV (independent software vendor) ecosystem of tools and solutions that enhance both public cloud providers.
Planning for the Public Cloud
For most regional and national systems integrators, cloud security is new ground. It’s uncomfortable, unnatural and complex. They know they need an answer, but choosing the right solution or multiple solutions is overwhelming. In some cases, they’ve taken a tool, or a set of tools to market and offered them as a solution. But, this approach doesn’t solve the talent shortage and does not create favorable security outcomes.
To adapt and thrive in this new era, consider the following when determining if a cloud security partner is a good fit for your business as well as your client base:
- Ensure you understand what the outcome for the customer or solution will be. Just because you have a security system at your house doesn’t mean you won’t get robbed. The solution should have clear metrics of success complete with compliance adherence.
- Is this solution proactive? Often, tools just create more clutter. With the CISO’s and CIO’s I’ve met with, this is the last result they want. It is essential to stay ahead of the threats and have a mix of protection and detection to filter out the noise.
- How does the partner support your business? There is nothing worse than signing a new partnership agreement, with promises of great margin, if the solution is not a fit for your practice and the sales teams lack proper training. It is important to ensure partners have onboarding and incentives to train a salesforce to start identifying initial leads and opportunities right out of the gate.
- Is the solution aligned with the cloud vendor(s) your company works with? The race to innovation in the cloud is real and there are more vendor options out there than ever. In a recent conversation with the AWS Security Marketplace team, we asked: “what’s missing from their marketplace?” With more than 500 products available, they responded: “it’s not that anything is missing, it’s simply too difficult for a customer to understand what to purchase, integrate and manage in their AWS environment.”
- Maintaining security in the cloud means having expertise in both cloud and security. Select a partner who excels in both areas, ensuring that you are offering the very best-of-breed to your sales teams.