Embrace cloud, embed cyber security

  • techUK techUK
    Wednesday26Sep 2018
    Opinions

    Guest blog and video: Andrew Hawkins, Zaizi, on why adopting cloud and embedding a “good enough” cyber security approach is a great starting point for organisations.

Cloud services are becoming ubiquitous. Big cloud providers such as Amazon, Microsoft and Google provide unrivalled scale and significant commercial benefits. These global providers are facilitating a dynamic market of new cloud software and technology that, a few years ago, sat in the realm of science fiction. And it is these platforms and services that can help your organisation to completely rethink how it does business.

In the private sector, this creates competitive pressures. Not only from traditional rivals but also new upstarts that utilise the new tech to build their business models. In the public sector, the opportunity is there to deliver public services in a completely different way. Health service provision, for example, feels like it could be on the cusp of a digital revolution.

All this is encouraging organisations to become digital. However, as technology advances, so to do cyber security threats. Criminals and state-sponsored threats can create embarrassment, cause financial loss and ultimately threaten the existence of businesses. So, taking advantage of cloud services requires a fresh approach to cyber security. Here are three key takeaways for organisations to consider when thinking about cyber security and cloud:

Embed cyber-security

Successful, innovative businesses and public sector bodies require a culture, governance and operational process that embraces change. Creating new digital services and adopting new technology is about continual improvement and making use of Agile and DevOps practices.

Cyber security is no longer just steps in these processes; security needs to be embedded from the start. Progressive organisations are embracing DevSecOps and embedding security within the development and delivery teams. Why does this matter? It means that at each step of the development and release process, from initial design to ongoing improvement in live service, cyber security is ingrained. It ensures a secure system, but critically a system that can respond to new threats.

 

 

“Good Enough” is good enough

The phrase “good enough” is not one that many organisations would choose to shout about. As consumers, we are told: “Why have good enough, when you can have the BEST!”. But for organisations looking to capitalise on the opportunity cloud represents, and to become innovative, nimble, whilst maintaining comprehensive cyber security, “good enough” is good enough.

When embedded in your business, security begins with understanding the threat, the risk to your business and to your customers. Manage your understanding of threats and risks proactively. This is much more than managing a risk log; it is living and breathing cyber security as part of the business culture.

This understanding enables cyber security to be built into services, maintains flexibility to respond to new threats and allows the services to adapt. In reality, it is the best security based upon your business needs. And that is “good enough.” There is plenty of guidance on this; a good place to start is the National Cyber Security Centre’s 14 Cloud Security Principles and the OWASP security by design principles.

Cloud is ready

Hypercloud providers take cyber security seriously. It is at the heart of what they do; it has to be. The bottom line is cloud is ready for business applications, not all, but the majority. Like the public sector, businesses should adopt a Cloud First approach. Start with your business risks, understand those, define your cyber security requirements and if cloud meets the requirements, adopt it. The prize is competitiveness, commercial savings and risk mitigation.

In summary, adopting Cloud First and embedding a “good enough” cyber security approach is a great starting point to build an organisation that is prepared and enabled to adopt innovative technologies and services rapidly. There are other elements too, such as the power of open source software which can facilitate real innovation. But the power cloud services offer today represents a massive opportunity for everyone.

 

@zaizi, @andrewhawkins65

LinkedIn

 

To read more from techUK's Cloud Week, visit our landing page

  • Sue Daley

    Sue Daley

    Associate Director, Technology & Innovation
    T 020 7331 2055
  • Katherine Mayes

    Katherine Mayes

    Programme Manager | Cloud, Data, Analytics and AI
    T 020 7331 2019

Share this

FROM SOCIAL MEDIA

One month to go until #SmarterStateUK 2019. Join us on 18 September, along with digital leaders from across the pub… https://t.co/VpqmzqeVfK
Join us on 06 November in #Manchester for #Supercharging the Digital Economy 2019. We'll be discussing how digital… https://t.co/kMvV06oX7E
Make sure you get your vote in before the deadline this Friday! #womenintech #CWwit50 https://t.co/1eaIpNRE1I
Neil Ross (@neil13r), Policy Manager at techUK, writes on the impact of Brexit on data flows and the importance of… https://t.co/9qweZGGEQK
Calling all #healthtech suppliers: @NHSX wants to bring all guidance on information governance together in one pl… https://t.co/FcD9QAKYnB
Just over 1 month to go until #techUKSmarterState 2019. Book your ticket now and join 200+ digital leaders from acr… https://t.co/Zp3IL6n0Bv
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...