24 Nov MSPs, Take Your Assessments to the Cloud
As more organizations upload their data into cloud computing environments, MSPs should look to evolve their traditional cybersecurity practices accordingly. They must shift focus from primarily on-premise security to services that also protect hybrid and pure-cloud networks.
Microsoft’s cloud platform, Azure, has grown 59 percent in its last reported quarter. Microsoft also predicts that Teams will amass an even larger following than Windows, with Windows currently running on more than a billion devices. Another indicator of the growth of the Microsoft cloud is Azure’s commercial revenue shooting up nearly 40 percent and Microsoft 365 jumping 13 percent.
That’s a lot of data migrating to the cloud and a lot of data to protect. McAfee analyzed the usage of over 20,000 cloud services and found that almost 60 percent of sensitive data in the cloud is stored in Microsoft 365 documents.1 And as Microsoft continues to integrate its applications with the cloud, usage will only grow.
Of course, Microsoft protects its products with high-grade security, but that’s designed to combat external infiltrations only. The platform’s native security doesn’t protect against internal threats such as careless or malevolent acts at the hands of employees. For instance, entry-level Microsoft 365 subscriptions get a free terabyte of OneDrive storage for each user. So, every user has plenty of space to move data into, in addition to creating groups, adding users, sharing files, etc. However, internal security becomes an issue.
Think about it. With just one click, an employee can share entire folders of data, inside or outside the organization, intentionally or accidentally. Firewalls and Microsoft security won’t prevent that. The average organization falls victim to nearly three threats a month within Microsoft 365 such as users downloading data and sharing it with a competitor, administrators doling out permissions beyond a user’s duty and unauthorized persons using stolen credentials to log in to accounts.
The responsibility of internal cloud security falls to the client, their end users and the MSP. For their part in providing data security, MSPs must gain a complete picture of a client’s Microsoft cloud landscape, including what’s stored in Azure AD as well as usage details about Microsoft 365 cloud services – SharePoint, OneDrive and Teams. They must know the vulnerabilities, what kind of data is stored and shared, how the environment is configured, how and when things change – and document it all.
And this is where Microsoft cloud assessments comes in.
Assessments explicitly designed for the Microsoft 365 environment work to gather critical security and user information and provide documentation for audits and rollbacks. MSPs can create new services around ongoing analysis, maintenance and reporting.
As organizations continue to do more business via the cloud, they will require additional security to identify vulnerabilities. And MSPs can be there to help.