For most enterprise IT shops, cloud migration is no longer a matter of “if” but “when” (and “how”). This trend doesn’t have to shrink your bottom line, however. As your clients move more of their computing infrastructure to clouds, you have an opportunity to increase your value and become a more trusted partner. The key is remaining ahead of the technology curve and developing the right mix of skills and services to be useful – and remain profitable – in this more cloud-oriented world.
There are four different technology areas that offer opportunity. You don’t necessarily need to implement all four, but certainly, these four can serve as a model for how you can become more skilled in helping to manage your customers’ cloud deployments.
Perhaps the first area of specialization should be in managing the migration of email services to the SaaS-based world of Office 365 and Google’s G Suite. Many enterprises choose this application as their first foray into the cloud, and if you can understand these issues with migration you will find a solid foothold that can be used to expand your coverage into supporting other SaaS apps such as Salesforce. Email migration involves numerous decisions to ensure it will go smoothly, as Microsoft outlines here. Numerous vendors offer tools to help as well, and you can lead the way in choosing them and managing the overall process.
But once an enterprise moves into the cloud for email, they tend to adopt numerous other cloud technologies. That brings up a key specialization area of opportunity: managing this cloud collection and ensuring overall security. This is where cloud access security brokers (CASBs) come into play. It has become a popular technology niche. CASBs are useful to understand the interaction between cloud and on-premises applications and the security implications of this mix. Many of the leading CASB vendors offer partner programs to help resell their products and train you in their use.
CASBs also can be a part of your arsenal in performing cloud risk assessments. This is because these tools can often pinpoint weaknesses in cloud configurations, identify backdoors that can be exploited to leak sensitive data, and can find insecure areas that need further protection. This is why Gartner predicts that 60% of large enterprises will use CASBs by the end of 2022, up from 20% of companies that used them at the end of 2018. In this report, Steve Riley says that cloud-first initiatives are good starting places for enterprises who wish to “monitor sensitive data flows and conduct continuous risk assessments.” CASBs can be used to illuminate shadow IT and recommend appropriate controls, and once you understand the technology, you can offer recommendations on which CASB tools to deploy. As more enterprises adopt CASBs, they will need expert advice to understand their differences and strengths and weaknesses. This means your knowledge could put you in a very strategic position to provide.
“CASBs are designed to work with any and all SaaS applications by delivering add-on security capabilities and analytics that are mandatory to enable detection and response for cloud apps,” says Masergy’s Jay Barbour.
CASBs also can be the first step towards building more sophisticated cloud deployments. Barbour suggests that you can take things a step further by looking at the combination of a CASB with an integrated identity management component. Having this integration helps to “accelerate deployment and increase the CASB’s value for organizations that have yet to roll it out.”
But there are other technologies that you can offer in the security space, and one of them is to offer a security operations center as a service (SOC-as-a-service) model to your customers. Many companies are moving away from running their own SOCs because they can’t justify the expense for the personnel. “Qualified people are the most limited resource, and it is causing the most pain for MSPs today,” says Megan Clothier of BoltonLabs, a SOC-as-a-service provider. There are other reasons, including better centralized control and a more holistic view of your clients’ risks, along with having distributed SOCs already in place in different geographic areas to ensure redundant coverage in case of outages.
One final offering is for you to include recommendations on phishing awareness training. As quoted in CSOonline, Gartner research Vice President Andrew Wells said the global security awareness training market exceeds $1 billion in annual revenue, and is growing approximately 13 percent year. This training is an essential tool in the fight against attacks, and to be effective should be done on a regular basis—which offers you the opportunity for high touch with your clients. Vendors such as KnowBe4 have solid programs and a number of free security assessment tools that can help demonstrate their effectiveness.