The ISV route to better IT security, resilience and compliance in a dangerous world

  • Article

 

Microsoft partners who understand the latest security challenges can deliver higher levels of protection and assurance to their clients through partnership with independent software vendors (ISVs).

 

Security as an opportunity

 

The opportunity for partners is clear: the UK cybersecurity market is worth more than £3.4 billion in 2017 and is growing every year.

 

At the same time the need for robust security has never been greater. Nearly half (46%) of UK firms suffered a cyber security breach or attack in the last 12 months, according to an Ipsos MORI survey.

 

However, partners should recognise that it isn't about selling fear. Instead, they should focus on selling reassurance. Partners who can offer innovative solutions can differentiate themselves from slower-moving competitors, driving growth and profitability in their business.

 

Security is a journey, not a destination

 

Times change, it's no longer enough for partners to rely on traditional approaches to security to sell successfully. This is because the old security model - endpoint protection, network perimeter defence and (perhaps) intrusion detection systems - isn't sufficient any more to ensure protection.

 

In part, this is because of changes in the way that people and companies do IT, including:

 

  • Cloud. Businesses are moving to the cloud fast. Indeed, Microsoft's Azure revenue nearly doubled in the second quarter of 2017 alone.
  • Mobile. Satya Nadella set out his agenda for a 'cloud-first, mobile-first' journey for Microsoft in 2014. This agenda reflects the way that people use many devices in many locations to do their work. A strategy aimed at protecting only desktops in an office would end in failure.
  • BYOD. Bring your own device is becoming mainstream. By 2020, Gartner expects that 45 percent of companies will no longer provide their employees with personal devices such as phones and computers.
  • New technology. In addition, emerging technologies such as machine learning and the internet of things bring their own security and data protection challenges. For example, the denial of service attacks launched on Dyn in 2017 from up to 100,000 IoT devices.

 

The changing threat landscape

 

As the nature of IT changes, so too does the cyber security threat facing companies. The rapid growth and evolution of this threat has caused tectonic shifts in the security landscape. For example:

 

  • Advanced persistent threats. Security firms have seen a rise in attacks from well-resourced groups using difficult-to-detect techniques. These groups penetrate security defences to steal data either for commercial gain or for reasons of industrial, commercial or state espionage. These stealthy attacks are not limited to large companies.
  • New types of attackers. Microsoft's security team reports that new types of attackers have emerged. These range from hacktivists, 'black hat professionals' who make a living from hacking, to organised criminal gangs that steal data to make money. There are even cyberweapons dealers who sell exploits to other hackers.
  • Evolving attacks. The latest cryptomalware, including the WannaCry attack that hit the headlines in early 2017, shows that cybercriminals are finding new ways to monetise their attacks and create new challenges for their victims.
  • A burgeoning black market. There's a dark market for zero-day exploits, attack kits, stolen data and more. This allows for 'script kiddie' attackers to get started easily. It also allows for more rapid evolution and exploitation of new techniques and provides a ready market for stolen information.

 

Protect, detect and respond

 

Partners who adapt to the new security landscape know their tools need to provide excellent client service. As a result, they are better able to select appropriate ISV partners.

 

With this in mind, the new security paradigm rests on new assumptions:

 

  • Shadow IT is a given. IT departments are fighting a losing battle against unauthorised use of cloud apps and other IT services. Indeed, the harder IT departments try to control what employees do, the more likely they are to try to work around the restrictions. No wonder more than 80 percent of employees admit to using non-approved apps, for example. This means CISOs and IT managers need to assume that people are going to use it and find additional, complementary ways to protect data and control access to it.
  • Attackers have already breached your defences. Assume you're always under attack. Assume they have already infiltrated your network. 'The unprecedented scale and sophistication of modern cyberthreats, combined with the rapidly disappearing IT perimeter, means that while preventing an attack from becoming a breach is ideal, it is no longer realistic,' according to Microsoft security experts.
  • Protection means different things now. While prevention remains important, IT managers and CISOs now need to think in terms of protection, defence in depth, damage limitation and data protection at a granular level rather than an institutional or network level.

 

In the past, IT managers concentrated on keeping the moat full of water and keeping a close eye on the drawbridge. Today the castle is full of spies, ninjas and fourth columnists. So, if you want to protect the crown jewels, you need to think in terms of layered defences.

 

But that doesn't mean you can afford to knock down the walls or drain the moat. You still need anti-virus, firewalls, software updates and all the traditional elements of IT security. Neglecting them can be dangerous. For example, the spring 2017 outbreak of WannaCry ransomware exploited a long-patched vulnerability. Despite this, astonishingly, 12 percent of computers still don't have up-to-date real-time security software according to the latest Microsoft Security Intelligence Report.

 

Essential ISV Solutions

 

Several of Microsoft's ISV partners have developed powerful technologies to help software providers address this changing security landscape.

 

Veeam

 

'IT has some very specific challenges to make sure that data and applications are available all the time,' says Mark Murrin from Veeam. Their solutions help companies ensure that critical systems, including virtual servers, stay up and running.

 

Watch Mark Murrin, Head of Strategic Alliances at Veeam, explain how their solutions provides back up, recovery and replication across mulitiple clouds.  

 

Commvault

 

Point-in-time backups give companies more flexibility when dealing with disaster recovery situations. They allow companies to 'rewind' backed up files to a point before, say, a cryptomalware infection locked them.

 

On-premise backup is constrained by the amount of available storage and there's always a risk of under - or over-provisioning. But cloud storage is, effectively, bottomless. This means that backing up to the cloud is more efficient, scalable and cost-effective than on-premise backup. This is why cloud-ready backup solutions like Commvault are so attractive. 'Commvault lets people back up TO Azure and IN Azure,' says Commvault's Edward Hyde.

Watch Edward Hyde, Commvault's Channel and Alliances Director, discuss their comprehensive end-to-end data management and protection.  

Barracuda Networks

 

Availability and backup in the cloud are important but companies also need to protect cloud systems against attack. Just moving an application or service online doesn't automatically make it secure against internet criminals. When you are migrating workloads to the cloud, consider adding security solutions, such as Barracuda's, to the mix. 'If people are making deployments on Azure, they really need to look at how the applications are secured,' says Stephen Wagstaff from Barracuda Networks and their tools can help companies do that.

Watch Stephen Wagstaff, from Barracuda Networks, explain how extra security is crucial to protecting vital business applications.

Be brave in the new world

 

It's a scary world out there, but you can use ISV solutions to give your clients the confidence to embrace the cloud. ISVs like Veeam, Barracuda and Commvault can help to protect client data and applications against emerging threats. This reassurance is fundamental to the kind of trusted advisor relationships that bring long term growth and profitability for partners.