Cloud services are becoming ubiquitous. Big cloud providers such as Amazon, Microsoft and Google provide unrivalled scale and significant commercial benefits. These global providers are facilitating a dynamic market of new cloud software and technology that, a few years ago, sat in the realm of science fiction. And it is these platforms and services that can help your organisation to completely rethink how it does business.
In the private sector, this creates competitive pressures. Not only from traditional rivals but also new upstarts that utilise the new tech to build their business models. In the public sector, the opportunity is there to deliver public services in a completely different way. Health service provision, for example, feels like it could be on the cusp of a digital revolution.
All this is encouraging organisations to become digital. However, as technology advances, so to do cyber security threats. Criminals and state-sponsored threats can create embarrassment, cause financial loss and ultimately threaten the existence of businesses. So, taking advantage of cloud services requires a fresh approach to cyber security. Here are three key takeaways for organisations to consider when thinking about cyber security and cloud:
Successful, innovative businesses and public sector bodies require a culture, governance and operational process that embraces change. Creating new digital services and adopting new technology is about continual improvement and making use of Agile and DevOps practices.
Cyber security is no longer just steps in these processes; security needs to be embedded from the start. Progressive organisations are embracing DevSecOps and embedding security within the development and delivery teams. Why does this matter? It means that at each step of the development and release process, from initial design to ongoing improvement in live service, cyber security is ingrained. It ensures a secure system, but critically a system that can respond to new threats.
“Good Enough” is good enough
The phrase “good enough” is not one that many organisations would choose to shout about. As consumers, we are told: “Why have good enough, when you can have the BEST!”. But for organisations looking to capitalise on the opportunity cloud represents, and to become innovative, nimble, whilst maintaining comprehensive cyber security, “good enough” is good enough.
When embedded in your business, security begins with understanding the threat, the risk to your business and to your customers. Manage your understanding of threats and risks proactively. This is much more than managing a risk log; it is living and breathing cyber security as part of the business culture.
This understanding enables cyber security to be built into services, maintains flexibility to respond to new threats and allows the services to adapt. In reality, it is the best security based upon your business needs. And that is “good enough.” There is plenty of guidance on this; a good place to start is the National Cyber Security Centre’s 14 Cloud Security Principles and the OWASP security by design principles.
Cloud is ready
Hypercloud providers take cyber security seriously. It is at the heart of what they do; it has to be. The bottom line is cloud is ready for business applications, not all, but the majority. Like the public sector, businesses should adopt a Cloud First approach. Start with your business risks, understand those, define your cyber security requirements and if cloud meets the requirements, adopt it. The prize is competitiveness, commercial savings and risk mitigation.
In summary, adopting Cloud First and embedding a “good enough” cyber security approach is a great starting point to build an organisation that is prepared and enabled to adopt innovative technologies and services rapidly. There are other elements too, such as the power of open source software which can facilitate real innovation. But the power cloud services offer today represents a massive opportunity for everyone.
To read more from techUK's Cloud Week, visit our landing page