It’s no secret that businesses have invested heavily into cloud platforms and applications over the past few years. With this comes an increased urgency to properly secure and protect those investments, especially with the stiff penalties facing companies that fail to do so. In this blog, we’ll explore some of the security challenges MSPs commonly face with M365 and Azure, and how our new service can help you and your customers lock those environments down, tight.
When the home plate is constantly shifting, keep advancing on your existing position.
Cyber security is a no-win game. The rules change on an almost daily basis, so it is essential to continue advancing and improving. Businesses are increasingly aware that standing still is essentially going backwards when it comes to security. There’s greater readiness to invest in their security posture, and many will turn to their service providers for advice.
Conversely, there are many partners that tell me they offer a full security stack for their clients. My first question is always ‘do you know what you are protecting?’ When the conversation turns to Microsoft 365 and Azure, most acknowledge it is difficult to know what assets their clients are using. Many cannot point to a mechanism that ensures what they know about their client organisations is correct and complete.
The point being, even when you are in the security game, you can still swing and miss on what is enabled and disabled on your client organisations M365 and Azure tenants. This is not due to any lack of capability, it’s simply due to the constant changes that occur as humans manage the client systems. Whether it is activity by the MSP team, or clients themselves that may have administrative access to their platforms, variations can happen “under the radar” and go unnoticed and/or undocumented.
Over time, this leads to a significant drift from best practice security posture into the state known as the “unknown unknowns.” An example of this may be an alert in the M365 Defender portal for a suspicious activity (the first unknown) where it cannot be confirmed whether the relevant mitigation was turned on (the second unknown).
Cloud Security Assessments are an essential part of the playbook.
Cloud security assessments (and security assessments in general) are purpose built to identify and mitigate potential risks within cloud environments, such as Microsoft 365 and Microsoft Azure. Typically, this involves a comprehensive evaluation of cloud infrastructure, applications, and data, covering security controls, data protection measures, access controls, network security, and compliance requirements.
It is important an assessment is conducted with the specifics of each business in mind. Aside from the IT and cloud estate, factors such as the size, industry, and jurisdiction of a business can add important nuance to the review process.
For example, if identity-based attacks were the most frequent and most successful assaults mounted on small to medium sized businesses (SMBs), a cloud security review might prioritise along the following lines:
– Identity protection
– Asset protection
– Device protection
– Threat and vulnerability management
– Application protection
With particular respect to Microsoft 365, some key areas to consider include the utilisation of built-in security features, such as multi-factor authentication, data encryption, and threat detection, which can be evaluated and optimised to enhance an organisation’s security posture. Additionally, it can consider ways to leverage Microsoft’s Security Score feature to measure their overall security posture and identify areas for improvement.
Azure also provides a range of security features and tools, such as Azure Security Center, Azure AD, and Azure Key Vault, and an assessment may also provide recommendations on optimising use of Azure’s Security Center to monitor security posture, identify potential vulnerabilities, and take corrective action.
Beyond the technical, a quality Cloud Security Assessment will also take the general security awareness and culture of an organisation into account, because human behaviour creates the greatest vulnerabilities in businesses. The ACSC found that 83% of successful cybercrime reported in the 2020/2021 financial year could be partly or entirely attributed to users.
This is also why assessments should combine tools with human expertise, for the simple reason that people are the best to understand people.
OK, so far, we have established
– things can go unchecked for M365 and Azure, even when you have good security game
– Cloud Security Assessments are a pragmatic way to keep things in check
– SMBs need pragmatic ways to advance their security postures
– Ideally, service providers can respond to that need, even if security is not a deep practice
Play the home club advantage
As I mentioned earlier, stepping up to the plate on security is good for business. If you’re not ready to field a team of your own, or you want to add to your existing game, that’s when it makes sense to bring in a squad from your home club.
Every great club has more than one team. Drafting those players to fill gaps in your side is a bona fide strategy. They know how to stick to established club rules, and they’ll stay only for as long as you need them around. Best of all, they tend to pass on some match-winning moves you may not have previously had in your playbook.
If you hadn’t picked it yet – we are part of your home club. You already know that the value we add makes rhipe a great distributor, but it’s the services capabilities we provide that make us unique. Now, as part of Crayon, we’re extending these capabilities in ways that provide our partners with even more competitive advantage.
This includes a new, true through-partner service in the form of a Cloud Security Assessment, purpose-built to gather configuration data from an M365 tenant, Azure tenant, and in some cases, on-premises.
As a through partner service, you offer it, we run it on your behalf. Our security analysts receive the information needed from the review to provide mitigation advisory back to you. The result is often an opportunity to add significant value to your customers, while reducing unrecognised risk and liability on your part as the service provider.
Various organisations can run a cloud security assessment using a tool-based approach, but tools only help to industrialise the effort. It is the human expertise that differentiates our service. We put star players on the field that gained their experience in the major leagues, running Security Operations Centre (SOC) environments for enterprise organisations. They provide the insight that adds value to the data tools generate, including:
– What must be done immediately to secure a vulnerability
– What is realistically achievable in 30 days, 3 months, 6 months
– How to achieve the recommendations
– Which mitigations may require assistance to undertake
– Turning extensive data findings into succinct recommendations and requirements that demonstrate what is needed, in the simplest terms, to support your ability to get senior internal and external stakeholders on board.
By leveraging our service, and enjoying the healthy margins that come with it, you’ll be in a position to better cover all bases with your customers.
Clients that are not yet planning an assessment of their security maturity should be planning to undertake in the near future. Assessments should be repeated on a 12 monthly cycle, while you continue leveraging their Microsoft Secure Score and Azure Security Centre actions to continually improve and increase their security posture baseline in between.
Having a trusted third party to run the assessment on your behalf can also demonstrate your ongoing commitment to customers, by providing external validation as an additional check and balance.