Managed security services enhance cloud cover for SMBs, others

Additional layers of security above baseline compliance necessary to neutralize threats

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

How Armor got start­ed stands out. Founder and CEO Chris Drake was serv­ing as a para­troop­er in the U.S. Army’s 82nd Air­borne Divi­sion based out of Fort Bragg, North Car­oli­na, when he was select­ed to build some of the Army’s first pri­vate and secure websites.

After his mil­i­tary ser­vice, Drake start­ed a mar­ket­ing and web devel­op­ment com­pa­ny focused on secur­ing crit­i­cal data and sys­tems for com­mer­cial web­sites. One day a well-known poul­try com­pa­ny came to Drake for help respond­ing to a major secu­ri­ty breach around the hol­i­day sea­son, a breach that impact­ed its cus­tomers at a par­tic­u­lar­ly bad time.

Fill­ing a need

Drake couldn’t find a provider that offered a lev­el of secu­ri­ty he felt the poul­try com­pa­ny real­ly need­ed, so he set out to devel­op a pur­pose-built secure cloud host­ing plat­form. That tech­nol­o­gy now is at the heart of a man­aged secu­ri­ty ser­vice Armor pro­vides for some 1,200 clients in 45 countries.

I recent­ly spoke with Wayne Reynolds, Armor’s vice pres­i­dent of secu­ri­ty oper­a­tions, who out­lined for me how Armor’s sweet spot has turned into help­ing orga­ni­za­tions add a robust lay­er of secu­ri­ty to cloud infra­struc­ture services.

Small- and medi­um-size busi­ness­es, in par­tic­u­lar, are increas­ing­ly rely­ing on net­work infra­struc­ture ser­vices resid­ing in the inter­net cloud—supplied as a pay as you go ser­vice by the likes of Ama­zon, Google and Microsoft Azure.

Relat­ed sto­ry: Three things all busi­ness­es should know about MSSPs

Wayne Reynolds, Armor’s vice pres­i­dent of secu­ri­ty operations

We take what the cloud ser­vice providers give you as a base offer­ing, and we put it on steroids, specif­i­cal­ly around a secu­ri­ty play,” Reynolds says. “We will deploy anti-virus solu­tions for you, we will deploy file integri­ty mon­i­tor­ing, we will cap­ture all those logs from those fire­walls, or from the end­points them­selves, and ana­lyze them and tell you what’s going on. We will also proac­tive­ly go back in and try to put pre­ven­tive mea­sures in place.”

Patch was a priority

As an exam­ple of how focused Armor is on secu­ri­ty, the ven­dor rec­og­nized that a Win­dows secu­ri­ty patch Microsoft issued for old­er Win­dows sys­tems in late April was a very hot potato.

So it made it a pri­or­i­ty to install the patch on its cus­tomers’ sys­tems well before the cre­ators of the Wan­naCry mal­ware released a land­mark ran­somware worm that sought—and encrypted—hundreds of thou­sands of unpatched Win­dows machines. Most, if not all, of Armor’s cus­tomers thus were unaf­fect­ed. And for good mea­sure, Armor also made avail­able a 14-day envi­ron­men­tal snap­shot that would have allowed restora­tion of any encrypt­ed machines, had there been any among its clients.

Help­ing pro­tect SMBs

Armor is one of sev­er­al promi­nent ven­dors proac­tive­ly pitch­ing man­aged secu­ri­ty ser­vices, par­tic­u­lar­ly to SMBs. Oth­ers include Dell Secure­Works, Clear­DA­TA, Alert Log­ic and Rack­space. These ven­dors rec­og­nize that for small­er orga­ni­za­tions, main­tain­ing a strong secu­ri­ty pos­ture has long since become far too com­plex and cumbersome.

On the oth­er hand, SMBs quite often will begin shop­ping for a man­aged secu­ri­ty ser­vice provider in order to sat­is­fy com­pli­ance stan­dards, such as the Pay­ment Card Indus­try Data Secu­ri­ty Stan­dard (PCI DSS) and the Health Insur­ance Porta­bil­i­ty and Account­abil­i­ty Act (HIPAA.) But in today’s threat envi­ron­ment that’s not near­ly enough; it real­ly takes a focused secu­ri­ty team to lim­it the dam­age intrud­ers can do.

Com­pli­ance is a foun­da­tion,” Reynolds says. “It’s that black and white lay­er of things you have to do. In order to mit­i­gate threats, you need to start adding more lay­ers of secu­ri­ty above the com­pli­ance baseline.”

For a deep­er drill down, please lis­ten to the accom­pa­ny­ing podcast.

More sto­ries relat­ed to cloud secu­ri­ty, man­aged secu­ri­ty services:
As threats mul­ti­ply, more com­pa­nies out­source secu­ri­ty to MSSPs
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats
Busi­ness­es must remem­ber shared cloud secu­ri­ty requires shared responsibility