The demands of the digital economy require innovation, and new ways of thinking force new ways of working.
There is a reason that the global cloud providers –Microsoft, Amazon, Google and Alibaba - are often referred to as hyper-scalers. The pace of organisations migrating and transitioning to the cloud is relentless. In 2019, more than two thirds of businesses were utilising cloud technologies; in 2020, our own – anecdotal – experience shows that over 95 per cent of NCC Group’s customers engage in some form of digital transformation – and all of them are using cloud.
Cloud is evergreen. The pace of change is transforming countless industries, but, as ever, every new opportunity presents new challenges and vulnerabilities.
On the one hand, a move to the cloud can offer organisations the chance to improve their security posture. Cloud service providers do implement best practice security standards, and organisations are more easily able to scale their efforts in the cloud, alleviating pressure on scarce, internal security resources.
On the other hand, the concentration of data in the cloud makes it an attractive target for attackers and introduces a range of new risks for organisations – from data breaches, account hijacking, and insecure application programming interfaces, to denial of service and shared technology issues.
Perhaps it is no surprise that over two thirds of IT professionals state that security is their most significant concern in adopting an enterprise cloud computing strategy, not least when analysts predict that by 2023, the vast majority of cloud security failures will be the customer’s rather than the provider’s fault. Cloud customers’ primary concerns also include lack of access to data, loss of data and ability to rebuild data into a usable form.
That should not distract, however, from the fact that cloud security is a shared responsibility, covering the ecosystem of people, processes, policies and technologies that protect the data and applications that operate in the cloud:
Cloud providers need to ensure that their infrastructure is secure.
Cloud customers need to break with tradition and build the foundations to become secure and resilient in the cloud. They need to understand that: cloud migration means critical data sitting on third party systems; their biggest challenge might be their own security policies and technologies that protect access to the cloud, and traditional disaster recovery and business continuity loses all relevance in a constantly evolving environment. This means organisations moving to the cloud to meet the demands of the digital economy should do three things:
Be aware of what new risks might be introduced and asking the right questions at the outset e.g. What does the cloud provider do to protect my security, and how do we gain assurance the cloud service is indeed safe?
Think about platform security to ensure secure foundations from the outset e.g. Am I able to trust identities, am I able to control data flows across my networks, have I got visibility of threats, and can I automate and orchestrate to keep pace with a constantly changing environment?
Accept that next generation cloud resilience means holistic resilience, ensuring continued access to all data sources – from traditional software to technology – that underpin business critical functions.
Ultimately, if done right, securely and resiliently, meeting the demand for innovation in the cloud will build organisations’ confidence in the digital economy now and in the future.
More information at: https://newsroom.nccgroup.com/news/cloud-resilience-webinar-series-403798
This insight is part of techUK's Cloud Week 2020. You can find related news and insights here.