EDITOR’S COMMENT
L
ike most companies, channel partners
work closely with other organisations
and need to share often sensitive data
with their partners. Trust between channel
partners, the vendors they work for and the
end customers is essential.
Of course, this trust extends to security
and as more information moves off
premises, the security of data stored on
multi-cloud environments is paramount.
In the current rapidly changing digitised
environment, the CISOs, CIOs or whoever
happens to be overseeing security within the
channel partnership need to plan for a broad
security strategy.
Depending on the projects that channel
partners are working on, sensitive data may
reside in a variety of places including mobile
devices, private cloud, SAAS, or public cloud
environments. In each of these locations
and everywhere in between, the data must
be secure.
When storing your data with another
entity, such as cloud service providers
(CSPs), the key pillars are really trust, control
and visibility.
In order to maintain those pillars, CISOs
must take a zero trust approach that
incorporates the cloud. What does this
16
Pa
sh
a
HAIDER PASHA, PALO ALTO NETWORKS EXPERT
ENSURING
SECURITY
, P
a lo
Alto
Netwo
rks expert
mean on the ground? It means ensuring they can limit access by
micro-segmenting users’ access, applying least-privilege access and
inspecting all the relevant traffic to ensure continuous compliance.
Certainly, it is vital for the CSO and the channel partner to have an
in-depth understanding of the ‘shared responsibility model’.
This is essentially the main differentiator when compared to
legacy on premises environments.
Once this model is understood and clearly documented and
agreed to in an organisational RACI, we recommend customers
conduct a risk assessment informed by a thorough understanding of
security in the cloud.
This means that CISOs at channel partner companies should be
able to develop an access and management platform that provides
complete end-to-end cloud security.
To achieve this, CISOs must focus on all inline traffic capabilities
that can protect and segment cloud workloads. In addition, they
would also need to protect the hosts in the cloud with technologies
that can secure the OS and applications within those workloads.
Moreover, to ensure compliance and security are maintained at all
times, they should focus on working with an open API-based solution
that can integrate new cloud solutions with the same level of speed
and agility that the cloud offers.
There are a variety of tools such as CASB, VFWs, Identity, Cloud
DLP/Compliance, Host-based protection and automated Security
Orchestration/Response (SOAR) available.
All should be utilised and integrated into their cloud security
fabric. CISOs at channel partners can deploy each of these capabilities
as they achieve cloud maturity, from maintaining hybrid to multi-
cloud and SAAS solutions.