Business
Veeam Immutable Backup
Find out why Veeam Immutable Backup is a solution fit for responding to increased demand for optimised security in backup and recovery data.
Businesses have invested heavily into cloud platforms and applications over the past few years
With this comes an increased urgency to properly secure and protect those investments, especially with the stiff penalties facing companies that fail to do so.
In this blog, we’ll explore some of the security challenges MSPs commonly face with M365 and Azure, and how our new Cloud Security Assessment service can help you and your customers lock those environments down, tight.
When the home plate is constantly shifting, keep advancing on your existing position.
Cyber security is a no-win game. The rules change on an almost daily basis, so it is essential to continue advancing and improving. Businesses are increasingly aware that standing still is essentially going backwards when it comes to security. There’s greater readiness to invest in their security posture, and many will turn to their service providers for advice.
Know what you are protecting.
There are many partners that tell me they offer a full security stack for their clients.
My first question is always ‘do you know what you are protecting?’
When the conversation turns to Microsoft 365 and Azure, most acknowledge it is difficult to know what assets their clients are using.
Many cannot point to a mechanism that ensures what they know about their client organisations is correct and complete.
The point being, even when you are in the security game, you can still swing and miss on what is enabled and disabled on your client organisations M365 and Azure tenants.
This is not due to any lack of capability, it’s simply due to the constant changes that occur as humans manage the client systems.
Whether it is activity by the MSP team, or clients themselves that may have administrative access to their platforms, variations can happen “under the radar” and go unnoticed and/or undocumented.
Over time, this leads to a significant drift from best practice security posture into the state known as the “unknown unknowns.”
An example of this may be an alert in the M365 Defender portal for a suspicious activity (the first unknown) where it cannot be confirmed whether the relevant mitigation was turned on (the second unknown).
Cloud Security Assessments are an essential part of the playbook.
Cloud security assessments (and security assessments in general) are purpose built to identify and mitigate potential risks within cloud environments, such as Microsoft 365 and Microsoft Azure. Typically, this involves a comprehensive evaluation of cloud infrastructure, applications, and data, covering security controls, data protection measures, access controls, network security, and compliance requirements.
It is important an assessment is conducted with the specifics of each business in mind. Aside from the IT and cloud estate, factors such as the size, industry, and jurisdiction of a business can add important nuance to the review process.
Culture is a key factor.
Human behaviour creates the greatest vulnerabilities in businesses.
The ACSC found that 83% of successful cybercrime reported in the 2020/2021 financial year could be partly or entirely attributed to users.
There is no technology that can automate this issue into non-existance. That’s why it’s essential that assessments go beyond the technical to also take the general security awareness and culture of an organisation into account.
Crayon’s cloud security assessments combine tools with human expertise, for the simple reason that people are the best to understand people.
OK, so far, we have established:
- Things can go unchecked for M365 and Azure, even when you have good security game
- Cloud Security Assessments are a pragmatic way to keep things in check
- SMBs need pragmatic ways to advance their security postures
- Ideally, service providers can respond to that need, even if security is not a deep practice
So, what’s next?
What's involved?
For example, if identity-based attacks were the most frequent and most successful assaults mounted on small to medium sized businesses (SMBs), a cloud security review might prioritise along the following lines:
- Identity protection
- Asset protection
- Device protection
- Threat and vulnerability management
- Application protection
With particular respect to Microsoft 365, some key areas to consider include the utilisation of built-in security features, such as multi-factor authentication, data encryption, and threat detection, which can be evaluated and optimised to enhance an organisation’s security posture. Additionally, it can consider ways to leverage Microsoft’s Security Score feature to measure their overall security posture and identify areas for improvement.
Azure also provides a range of security features and tools, such as Azure Security Center, Azure AD, and Azure Key Vault. An assessment may also provide recommendations on optimising use of Azure’s Security Center to monitor security posture, identify potential vulnerabilities, and take corrective action.
They know how to stick to established club rules, and they’ll stay only for as long as you need them around. Best of all, they tend to pass on some match-winning moves you may not have previously had in your playbook.
If you hadn’t picked it yet – we are part of your home club.
You already know that the value we add makes Crayon a great distributor, but it’s the services capabilities we provide that make us unique and that provide our partners with even more competitive advantage.
This includes our true through-partner service in the form of a Cloud Security Assessment, purpose-built to gather configuration data from an M365 tenant, Azure tenant, and in some cases, on-premises.
Play the home club advantage
As I mentioned earlier, stepping up to the plate on security is good for business.
If you’re not ready to field a team of your own, or you want to add to your existing game, that’s when it makes sense to bring in a squad from your home club.
Every great club has more than one team. Drafting those players to fill gaps in your side is a bona fide strategy.
How it works
As a through partner service, you offer it, we run it on your behalf. Our security analysts receive the information needed from the review to provide mitigation advisory back to you.
The result is often an opportunity to add significant value to your customers, while reducing unrecognised risk and liability on your part as the service provider.
Various organisations can run a cloud security assessment using a tool-based approach, but tools only help to industrialise the effort. It is the human expertise that differentiates our service.
We put star players on the field that gained their experience in the major leagues, running Security Operations Centre (SOC) environments for enterprise organisations.
They provide the insight that adds value to the data tools generate, including:
- What must be done immediately to secure a vulnerability
- What is realistically achievable in 30 days, 3 months, 6 month
- How to achieve the recommendations
- Which mitigations may require assistance to undertake
- Turning extensive data findings into succinct recommendations and requirements that demonstrate what is needed, in the simplest terms, to support your ability to get senior internal and external stakeholders on board.
Ongoing engagement
Clients that are not yet planning an assessment of their security maturity should be planning to undertake this in the near future.
Assessments should be repeated on a 12 monthly cycle, while you continue leveraging their Microsoft Secure Score and Azure Security Centre actions to continually improve and increase their security posture baseline in between.
By leveraging our service, and enjoying the healthy margins that come with it, you’ll be in a position to better cover all bases with your customers.
Having a trusted third party to run the assessment on your behalf can also demonstrate your ongoing commitment to customers, by providing external validation as an additional check and balance.
Related
Featured
Blogs
Cytrack.io AI-enabled Productivity Solutions from Crayon
Explore how Cytrack.io solutions meet emerging SMB demand for AI-enabled, unified communications platforms.
Featured
Insights
Modern Work 2027
Explore data trends from the Future of Operations and learn how to turn insights into action in the Productivity domain.
Featured
Insights
Business Continuity 2027
SMB operations in the Asia Pacific region are shifting from traditional backup and disaster recovery toward something more transformative.
Featured
Training
Harnessing Hybrid Cloud
Explore how Azure can help partners respond to dominant trends within SMB customer cloud strategies.
Featured
Insights
Cloud Strategies 2027
The latest in our Future of Operations insights series looks at why SMBs are pursuing hybrid cloud and multi-cloud strategies to achieve their business objectives.
Business
CSP Price, Margin and Value
CSP price and margin matter, but Microsoft's program updates mean partners must weigh up short-term discounts over strategic alignment.
Featured
Insights
Partners of the Future
Rhonda Robati, Executive Vice President of Crayon APAC assesses the factors driving Microsoft's channel strategy and the evolution needed to be a Partner of the Future.
Featured
Blogs
Choosing the right Cloud Distributor
Warren Nolan believes Microsoft has invited partners to join them on a new journey to value, and the role of Cloud Distribution providers has never been more critical.
Featured
Blogs
Proactive Steps for CSP Program Partners
After decades of experience navigating seismic shifts in vendor strategy, Warren Nolan knows the importance of being pragmatic and proactive in the face of disruption to the Microsoft CSP Program.
Featured
Blogs
Microsoft CSP Program Updates
In the first of a three-part series, Warren Nolan, SVP Strategy and Channel explores the recently announced updates to the Microsoft CSP program and the opportunities it presents.
Featured
Vendor Announcements
Microsoft’s new CSP requirements
Microsoft's new CSP requirements mean Direct Bill partners should take proactive steps to re-evaluate current models. Crayon can help.
Blogs
Unlock Customer Data Value with Microsoft Fabric
Explore how Crayon gets partners and their customers on the road to data-led innovation and growth.
Featured
Guides and eBooks
The Microsoft Fabric Partner Guide
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Training
Exploring Microsoft Fabric: Crayon Cloud Chat
Join in-house experts and Solentive for an exploration of how Microsoft Fabric supports the journey to data-driven business for your customers.
Guides and eBooks
Microsoft Fabric Adventures
eBook: The world's greatest detective is on his toughest case yet. Find out how human ingenuity combined with unified data analytics unravels a series of wicked riddles!
Blogs
Windows 11 Upgrade
With Windows 10 nearing end-of-life, it's time for partners to prepare customers for the transition to Windows 11.
Insights
Tech Buying Budgets for SMBs on the Rise
SMBs across the APAC are not just increasing their technology investments—they are making strategic, forward-thinking moves to position themselves for long-term growth.
Insights
SMB Strategic Objectives
Small to medium-sized businesses in the APAC region are gearing up tech investments to drive outcomes for customer experience, revenue, business adaptability and innovation. How will SMBs leverage emerging technologies to achieve their strategic objectives?
Featured
Insights
Future of Operations 2025
What are the most critical business objectives and solution adoption priorities for SMBs in our region? Download the latest Forrester study to find out!
Case Studies
Crayon Security Assessment service delivers growth for AfterDark
Working with Crayon, AfterDark scaled its ability to build longer-term cybersecurity engagements with customers.
Vendor Announcements
EA to CSP Transition Made Easy
Microsoft changes to its licensing programs means some customers will not be able to renew EAs. Find out how to transition them to CSP in hours, with no disruption or upfront cost, only with Crayon.
Blogs
Security 2027: Why ContraForce stands out
Looking to provide clients with Managed Detection and Response (MDR) and Managed SIEM services? Read on for six hot takes on why ContraForce should be in consideration.
On Demand Webinars
Security Assessments: Identify hidden revenue potential
Watch this interactive webinar as the Crayon team discuss how to identify and harness hidden revenue potential with Security Assessments.
Webinars Series
Microsoft E5: Do more security and compliance with less
Our latest webinar provides a technical deep dive into the advanced security features of Microsoft 365 E5.
Webinars Series
A deep dive into Microsoft Defender for Endpoint
This webinar covers key features and best practices to help you stay ahead of threats.
Webinars Series
Master Modern Security with Microsoft Defender XDR and ContraForce
The webinar highlighted the capabilities of Microsoft Defender XDR and ContraForce in providing comprehensive security coverage.
Sales and Marketing
Webinar: How to monetise Security as a Managed Service
Pricing models, service definitions and competitive accelerators. Our latest webinar breaks down how to build a successful MSSP business.
Featured
Guides and eBooks
The Data Operatives Field Guide
Mission essentials for winning data protection business in education, healthcare, retail and manufacturing.
Webinars Series
How to build a simplified cybersecurity practice
Practical insights for simplifying cybersecurity service and solution offerings.
Guides and eBooks
Cyber Operatives Field Guide
Partners, get your Bond on! Our Cyber Operatives Field Guide breaks down five cybersecurity missions to foil would-be cybercriminals.
