SMBs and the cloud: Evolving security needs

Remote work has forced many small businesses to accelerate cloud adoption; MSPs can help them stay secure.

By Chris Crellin, senior director of product management, Barracuda MSP

Chris Crellin, senior director of product management, Barracuda MSP

According to a recent SMB Group report (Top 10 SMB Technology Trends), small and medium-sized businesses have become increasingly reliant on technology as the COVID-19 pandemic altered the way they did business, delivered services, and interacted with employees, clients, and vendors.

The cloud emerged as a clear differentiator, with more than 80 percent of respondents saying cloud-based business applications have been valuable in sustaining their business. Also, 37 percent noted that the pandemic has made them more likely to choose the cloud for new application investments.

SMBs were already embracing the cloud before the pandemic because it offered cost savings, resource allocation, and ease of use. The pandemic pushed them to test these solutions across even more application areas, including security, IT access, and collaboration. And the cloud enabled them rapidly adjust their operations while reinforcing the overall value of working on these platforms.

The SMB Group report states:

“Cloud solutions have enabled SMBs to access applications and data from anywhere. Having proved their worth, SMBs will move more business processes to the cloud sooner than they would have planned before the pandemic to maintain business continuity. But the value will extend far beyond this as cloud vendors embed new technologies—such as artificial intelligence (AI), machine learning (ML) and natural language processing (NLP)—into their offerings to supply SMBs with more of the automation and insights they need to innovate and grow.”

The lesson here for MSPs: Providers with cloud services expertise can help small businesses maintain cloud momentum while potentially improving their competitiveness and profitability. The shift to remote work also changed security priorities. More considerable reliance on cloud-based and remote technologies heightened awareness of the security risk of doing business online, according to the SMB report. Remote work has forced these companies to move away from the firewall-centric view they previously held.

Among the top security challenges that SMB respondents listed were home/public network security (64 percent), employees accessing apps and data from personal devices (56 percent), lack of visibility and control (50 percent), securing sensitive company data (48 percent) and user awareness/training (42 percent). Cost was only a concern for 21 percent of respondents.

MSPs can help these companies operate securely in this new environment by providing technology and services that enable them to follow several security strategies.

Secure home/public Wi-Fi and personal device access: Small businesses and the MSPs that service them should implement Zero Trust Network Access (ZTNA) to verify every access attempt to data and resources on these networks. Solutions like Barracuda CloudGen Access offer an innovative ZTNA solution that provides secure access to applications and workloads from any device and location. 

The ZTNA approach also solves the personal device challenge at the endpoint by reducing the exposure of a business’ infrastructure via access control for SaaS applications while removing the need for long-living connections. This type of multi-tenanted solution allows MSPs to keep their customers safe, regardless of network or device and enables them to monetize devices they previously were unable to monetize because they weren’t technically under management.  

Improve visibility with assessments, RMM: MSPs should offer regular security assessments for SMB customers to help identify security gaps and proactively address those vulnerabilities before an attack or breach occurs. Using a remote monitoring and management (RMM) tool allows MSPs to set alerts and automate remediation actions that can help them address security gaps promptly. For example, the Barracuda Managed Workplace RMM can help improve visibility and control for MSPs. 

Provide employee training and policy guidance: Employees are the weakest link in any security infrastructure. Modern cyberattacks are much more complex and convincing, particularly advanced phishing schemes like business email compromise (BEC) attacks. These attacks are designed to circumvent traditional firewall-based email security.

That is why education is critical. MSPs can help clients create strong policies and protocols around data and money transfers (i.e., requiring in-person or phone-based confirmations) while also assisting clients in implementing awareness training to help employees recognize these more advanced attacks. MSPs should also train clients on how to properly report attacks so that the cybersecurity team has time to respond and mitigate the damage caused by these events.

On the technology side, these policies can be augmented with artificial intelligence and machine learning technologies (such as Barracuda Sentinel) that evaluate typical communication patterns and use that data to check for anomalies that a human might miss.

The expected 2021 economic recovery will lay the groundwork for MSPs to help current clients implement disaster response and recovery plans and evaluate their customers’ security postures. Increased reliance on remote work has created more opportunities for MSPs centered around their IT expertise and ability to make remote workers productive and secure. The threat landscape did not change in 2020, but the susceptibility of the client base did. To thrive, MSPs will need to become security-centric service providers.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.