Clouds lifting: A brighter public sector security outlook ahead?

While the pace of cloud computing adoption has reached new peaks, the public sector continues to lag relative to the private, despite initiatives to allay fears and spur uptake. There are a number of key reasons for this, but the major issue above all others is still the perception of insecurity. Although some innovative councils and even, more recently, the Metropolitan Police are beginning to embrace cloud adoption, the majority of the public sector remains overly risk averse and this has been a crucial blocker of uptake.

[easy-tweet tweet=”While #cloud computing adoption has increased, the public sector continues to lag relative to the private”]

In many minds, loss of control will always equate to an insecure environment. A continued lack of due diligence from the media has also added to this feeling of insecurity. Continually, large-scale cyber breaches of all forms are reported as “cloud” breaches, when most still target corporate networks, not the CSPs (Cloud Service Providers) themselves. The distinction, if made at all, is often unclear. The marketing strategy of some cybersecurity firms has also had a negative role to play. In lieu of data to conclusively demonstrate ROI of security spend at board level, scaremongering has become a default marketing strategy. This is counterproductive in the long term.

However, despite these fears, a cloud environment can actually be far more secure than in-house capabilities. Firstly, the nature of cloud computing allows reconfiguration in response to threats far easier. These threats are real, but are not necessarily more or less threatening to the cloud than to any other environment. We are too ready to forget the shortcomings of more familiar environments, particularly with regard to economies of scale and specialisation. Indeed, one of the major benefits of moving to the cloud is the ability to leverage the expertise of the vendor. Most CSPs with sufficient scale see many thousands of times more threats than the average enterprise. In a growing and diverse threat landscape, this is a powerful driver of uptake. Additionally, given the prevalence of risk from insider threats, there is also a strong argument that cloud environments can significantly hinder the potential damage a malevolent employee can wreck by physically separating them from where data is stored. This also makes common tactics such as social engineering much more difficult.

The nature of cloud computing allows reconfiguration in response to threats far easier. These threats are real, but are not necessarily more or less threatening to the cloud than to any other environment

CSPs would be well served to highlight transparency and security reporting features and capabilities. Transparency in particular can allay fears over loss of control. If these fears also extend to vendor lock-in, CSPs should emphasise interoperability. For example, some cloud services have gained such widespread uptake they have become defacto standards, with their functions emulated by others. Compliance with these APIs can ease the issue of vendor migration.

CSPs should also help customers test for security, regardless of any other provisions in place. Crucially, buyers should never accept a one-size-fits-all approach, regardless of how basic or limited a requirement they believe is needed. A good CSP will always be willing to work with the customer to create a cloud environment that is particular to their organisation.

Migrating to the cloud is the perfect time to undertake a holistic security audit of processes, assets and people. While the CSP has a crucial role to play in allaying fears, the buyer should of course undertake significant due diligence on their potential provider. IT security standards such as ISO27001 and the Cloud Security Alliance Cloud Controls Matrix (CCM) should be supplemented by personnel security standards such as BS7858.

The Cloud Security Principles issued in 2014 offer helpful guidance when building or implementing a cloud computing platform in the public sector. Empowered by changes to the Government Security Classification Policy, the requirements are far less prescriptive and more flexible than previous iterations and allow for easy adoption of off-the-shelf cloud products at the lowest official security band.

[easy-tweet tweet=”Migrating to the #cloud is the perfect time to undertake a holistic security audit of processes and people”]

Additionally, recent changes to the VAT regime for contracted out services in central government and the NHS has also shifted the cost calculation, as commodity cloud is now eligible for rebate. Taken together, these are powerful enablers of uptake, and of significant help in bridging the public-private cloud computing gap.

+ posts

Newsletter

Related articles

Don’t lose sight of SAP on Cloud operational excellence

Digital transformation projects can often become complex with twists and turns, which can lead organisations to focus solely on the migration itself.

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our Newsletter