Congratulations to Nigel Hawthorn, Cloud and Privacy Spokesperson, EMEA for being selected as techUK’s ‘Cloud Security Champion’ for the month of June.
The purpose of techUK’s Cloud Security Champion campaign is to celebrate the work of UK cloud security specialists in helping build a culture of trust and confidence in cloud computing and showcase how they are supporting organisations to adopt, deploy and use cloud services securely. This is also an opportunity to learn from those working in cloud security about the current threat landscape and examples of the strides being made in enhancing security.
A new techUK 'Cloud Security Champion’ will be chosen every month, so if you would like to nominate a friend or colleague to be the next Champion please drop us a line.
Please find the full interview below:
1. What is your current role and responsibilities?
My role is talking, writing, reading and discussing cloud in all its forms, especially cloud security. I am the key spokesperson for McAfee’s cloud solutions in EMEA aiming to educate everyone on the huge benefits of using the cloud while ensuring safety and security at all times.
2. What does a typical day involve?
My days are varied, usually including writing new materials, recording videos or giving webinars in between meetings and discussions with colleagues and partners. I read a lot too as the industry changes quickly. When I get time away from computing devices, I’ll often be thinking about how to communicate more widely to people who need to know about the risks and rewards of cloud use.
3. What do you most enjoy about your work?
I have worked in a number of fast-growing areas and always love being at the forefront of technology. Being able to create a new way of discussing concepts and explaining the needs and capabilities is always a fun challenge.
4. Why is Cloud important to UK’s economic growth and what does the future hold for adoption and maturity of cloud in the UK?
The verdict on cloud is in – it is the most flexible tool for ensuring employee productivity. For the UK in particular, we have great knowledge and skills – cloud allows us to export these globally. COVID-19 has meant that cloud adoption has rocketed to be the primary computing mechanism, but we need to be sure we haven’t rushed so fast that we have forgotten controls, education and security needs.
5. The conversation about cloud security seems to have changed over the years. Cloud users seem to be increasingly recognising the security benefits of cloud services. Would you agree and how have you seen the conversation about cloud security change recently?
5 years ago, those even talking about cloud security were worried about shadow cloud services being used by employees with no oversight and the attitude was often to block what is not known.
Now, though the shadow concerns don’t go away, the main conversations are around making sure the trusted clouds are being used securely. While cloud services deliver low-level security (data centre, connectivity, load-balancing, OS etc.) the customer is still responsible for higher level controls (authentication, access, collaboration, DLP etc.)
My concern is that some customers are assuming that because CSPs provide the low-level security that this means the customer’s data is safe, this is like assuming that because a car has seat belts and airbags you can drive it recklessly.
6. Are cyber security issues still holding organisations back from greater cloud adoption? If so, what are the key security concerns you see and what do you think needs to happen to help address these concerns?
Security is still one of the top issues holding customers back from full-scale cloud deployment. I think one of the greatest challenges is IT needs to work closely with other stakeholders (especially GRC) and describe the actions users can take inside each cloud service to decide appropriate policies and then the platforms that can enforce those policies.
7. What steps should organisations take to adapt their cloud security posture to the rapidly changing online environment?
Everyone will have multiple cloud services, so paying extra for additional security that just covers one will lead to increased complexity and a patchwork of different security methodologies.
Organisations should take a step back and review the fundamental questions from cloud use and set security policies from there. For example – an employee can share a file via a cloud service with a 3rd party. What should the policy be to minimise data loss? Are all shares allowed, if not, how should they be bounded, what can the 3rd party do – just read, or download or edit/change? Cloud is the enabler, but the questions are fundamental.
8. What are the existing cloud security challenges you see and how do you see the cloud security challenges evolving in the next few years? What steps do think organisations need to take to prepare?
Growth in breadth and number of services is not slowing down. IT needs to recognise its position as a service arm and enabler of technology, providing guard rails and education while allowing the lines of business to adopt the services that are most suited to their needs.
While we will always need smart and knowledgeable people with specific skills and the problems of recruitment are acute, we also need people who can step back and provide broader analysis of threats, from both external and internal sources.
9. What would you suggest is the one thing all companies should do to improve their Cloud security?
If you haven’t already got a cross-functional cloud security team, set one up. Include GRC, legal, LOB, employee representatives to ensure all areas are represented. Bring in facilitators to discuss overarching cloud issues and have open workshops and plenty of discussion to ensure all areas are covered. We need to move away from IT making all the decisions and deciding primarily on the security OF the cloud where the major issue now is security IN the cloud and of data travelling THROUGH the clouds.
10. What advice would you give to someone considering a career in Cloud security?
Come on it – there’s a huge amount of change still happening – join us in the fight.