Embrace cloud, embed cyber security

  • techUK techUK
    Wednesday26Sep 2018

    Guest blog and video: Andrew Hawkins, Zaizi, on why adopting cloud and embedding a “good enough” cyber security approach is a great starting point for organisations.

Cloud services are becoming ubiquitous. Big cloud providers such as Amazon, Microsoft and Google provide unrivalled scale and significant commercial benefits. These global providers are facilitating a dynamic market of new cloud software and technology that, a few years ago, sat in the realm of science fiction. And it is these platforms and services that can help your organisation to completely rethink how it does business.

In the private sector, this creates competitive pressures. Not only from traditional rivals but also new upstarts that utilise the new tech to build their business models. In the public sector, the opportunity is there to deliver public services in a completely different way. Health service provision, for example, feels like it could be on the cusp of a digital revolution.

All this is encouraging organisations to become digital. However, as technology advances, so to do cyber security threats. Criminals and state-sponsored threats can create embarrassment, cause financial loss and ultimately threaten the existence of businesses. So, taking advantage of cloud services requires a fresh approach to cyber security. Here are three key takeaways for organisations to consider when thinking about cyber security and cloud:

Embed cyber-security

Successful, innovative businesses and public sector bodies require a culture, governance and operational process that embraces change. Creating new digital services and adopting new technology is about continual improvement and making use of Agile and DevOps practices.

Cyber security is no longer just steps in these processes; security needs to be embedded from the start. Progressive organisations are embracing DevSecOps and embedding security within the development and delivery teams. Why does this matter? It means that at each step of the development and release process, from initial design to ongoing improvement in live service, cyber security is ingrained. It ensures a secure system, but critically a system that can respond to new threats.



“Good Enough” is good enough

The phrase “good enough” is not one that many organisations would choose to shout about. As consumers, we are told: “Why have good enough, when you can have the BEST!”. But for organisations looking to capitalise on the opportunity cloud represents, and to become innovative, nimble, whilst maintaining comprehensive cyber security, “good enough” is good enough.

When embedded in your business, security begins with understanding the threat, the risk to your business and to your customers. Manage your understanding of threats and risks proactively. This is much more than managing a risk log; it is living and breathing cyber security as part of the business culture.

This understanding enables cyber security to be built into services, maintains flexibility to respond to new threats and allows the services to adapt. In reality, it is the best security based upon your business needs. And that is “good enough.” There is plenty of guidance on this; a good place to start is the National Cyber Security Centre’s 14 Cloud Security Principles and the OWASP security by design principles.

Cloud is ready

Hypercloud providers take cyber security seriously. It is at the heart of what they do; it has to be. The bottom line is cloud is ready for business applications, not all, but the majority. Like the public sector, businesses should adopt a Cloud First approach. Start with your business risks, understand those, define your cyber security requirements and if cloud meets the requirements, adopt it. The prize is competitiveness, commercial savings and risk mitigation.

In summary, adopting Cloud First and embedding a “good enough” cyber security approach is a great starting point to build an organisation that is prepared and enabled to adopt innovative technologies and services rapidly. There are other elements too, such as the power of open source software which can facilitate real innovation. But the power cloud services offer today represents a massive opportunity for everyone.


@zaizi, @andrewhawkins65



To read more from techUK's Cloud Week, visit our landing page

Share this


#iotbristol19 session 3| @Matthew_evs discussing transformations manufacturing needs to go through to receive ROI f… https://t.co/BaZIDtORUX
#iotbristol19 panel 2 | uh oh 😱 we are facing a real shortage of #skills❗️in #iot @ExperisUKIE @DamonJBallinger Dow… https://t.co/maUobPoevW
In this insight, techUK Head of Policy @vinousali takes a look at the stories and context behind the statistics in… https://t.co/kUQiu4RMbj
On Monday we're hosting a webinar with the @wef on ‘Unlocking AI Adoption in the Public Sector.’ If you're interest… https://t.co/28DJdTIw1V
Guest blog: Rick Muir (@rickmuir1), Police Foundation, blogs on the use of AI technology in policing and the necess… https://t.co/nkVF6LV1CQ
Guest blog: Simon Hall, @PoliceBox__, ponders the potential benefits of AI and the role that it can play in policin… https://t.co/4cZFBE6phX
Our own @Matthew_evs moderating 1st panel #iotbristol19 @DigiCatapult @CapgeminiUK UK Defence Solutions Centre HOW?… https://t.co/MeUe25Ixjs
Guest blog: Sam Wilson, @Atos, explores why iterative sprints delivering tangible value are the best step forward f… https://t.co/BuFAgVBIv6
#Collaboration 🤝is key in unlocking the opportunities of #IoT by learning quickly, scale up and demonstrate best pr… https://t.co/FXLHRFI9rk
Guest blog: Terry Walby, @thoughtonomy, writes on the potential for AI technology to hasten police response times f… https://t.co/AS3RtzqrTk
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...