search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
industryopinion


Is your customer’s software putting their business at risk?


Barb Huelskamp, senior vice president, global channels and alliances at Qualys discusses IT security and cloud misconfigurations.


C


ompanies of all sizes rely on their IT assets to get work done. These assets have to be kept secure and protected against attacks. However, not all of these assets are


treated equally. How can you help your customers manage their hidden risks that exist within their systems? Employees rely on applications to carry out


their tasks and collaborate with each other. These tools are often essential in how employees work, but they can easily be taken for granted when it comes to security. These services have to be available on the


“Utilities like MFT tools are easy


to overlook as they are not the most critical


Internet in order to fulfil their role in processes or tasks, and they may have to be public so others outside the business can access them. The features that make them useful to employees are what can make them vulnerable. According to our 2023 TotalCloud Insights report, approximately four percent of cloud assets are external- facing, which means they have public IP addresses and are visible to attackers. These assets can be useful to your customers’ employees, but they need additional security. Another good example of this is managed file transfer (MFT)


applications that your customers rely on.”


The role for channel providers Customers need help measuring, communicating and eliminating their cyber risk. A big part of the challenge is prioritising issues so they know what to mitigate first, based on how serious the risks are to their unique environment. Knowing what your customers have in place and which of those applications are critical to them is essential to managing this risk, whether you provide this as a service to your customers or manage it on their behalf. Applying automation to patching and update processes can massively reduce risk for your customers, as well as making your own operations more effective. Company IT teams will probably want to test updates for their critical applications in advance of deploying those patches, so they don’t affect any


systems or cause problems later. However, the vast majority of applications can have patches deployed automatically. The risk of a problem is much lower than that from attempted attacks, particularly for secondary applications that your customers’ employees won’t use every day. Getting continuous insight into your customers’ deployments


tools - these help employees get large files from one place to another. While these might not be critical for how a business generates revenue, they save significant time for employees working with their colleagues and customers. In 2023, these tools were repeatedly targeted by threat actors for potential faults. Businesses large and small were hit by zero-day attacks as part of coordinated campaigns that led to ransomware deployments or data theft. Utilities like MFT tools are easy to overlook as they are not the


most critical applications that your customers rely on. However, risk levels can change rapidly as new issues are discovered. MFTs are ubiquitous and available, so they should be included in your customers’ risk and security planning. They are examples of applications in your customers’ business processes that should be fixed quickly, as well as kept protected over time. So how can you improve your customers’ security processes and help them mitigate risk overall?


16 | March/April 2024


and configurations can show up where those problems exist, and help you deliver any necessary changes in a fast and efficient way. This can provide ongoing service opportunities to help customers avoid misconfiguration problems and any resulting data breaches. This offers an opportunity to develop long-term and trusted relationships with customers, as well as differentiating your services from other channel organisations. If you provide your customers with MFT products or services then ensure you talk to them about their ongoing security needs too. Checking vulnerabilities and misconfigurations has to be


automated, so that it can keep up with the volume of changes, patches and updates that are required. Threat actors use automation to detect potential issues, so we as partners and providers have to work as fast as they do. For the channel, managing security priorities for your customers will be essential in 2024 - it will help them achieve their business goals, as well as providing long term revenue streams for your organisation.


www.pcr-online.biz


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52