A guide for Business Leaders – Increasing and Scaling Cloud securely and safely in 2021 – Launch Webinar
The report outlines seven key areas for business leaders to discuss with their cloud providers including:
Responsibilities for cloud cyber risks – the Shared-Responsibility Model
Securing a multi-cloud environment
Addressing system interoperability and data portability securely
The role of industry standards, certifications and how they can help
Moving business data and processes to the cloud without increasing risks
Managing data flows and data localization and privacy
Managing user risk – controls available to safeguard data in the cloud
To explore the themes in the report, techUK’s Programme Manager for Technology and Innovation, Laura Foster, was joined by three expert panelists:
Michelle Unterbrink, Customer Engineering Manager at Google
John Godwin, Director of Compliance at UKCloud
Nigel Hawthorn, then Portfolio Marketing Director at McAfee, now at Securiti
Laura kicked off the session by providing a short summary of the report, why it has been published, and the ways techUK hope that it will inform business leaders as they decide which cloud solutions to utilise.
This guide is intended to empower businesses to have informed discussions with their Cloud Service Providers around safety and security, and techUK hopes will ensure that organisations make more informed decisions when choosing a provider. This guide provides a list of questions that organisations can ask their cloud providers. However, this is just the start of a larger discussion and further information on each topic should be explored by businesses and CSP’s alike.
Following this introduction, each of the speakers explored sections of the report in more depth. Nigel Hawthorn from McAfee highlighted the importance of a Shared-Responsibility Model and explored ways cloud providers, and their customers, can better manage user risk. Nigel emphasised that organisations need to work with their CSP to secure their access to the cloud, and suggested that while the CSP should provide for the physical security of the data, the server and the load balancing, higher layer responsibilities may need to be controlled by the customer. This inevitably leads to a shared-responsibility model where both the provider and the customer have particular duties and responsibilities, and both parties need to understand where their obligations lie.
John Godwin of UKCloud moved the conversation towards the importance of industry standards & certifications. John stressed that though industry standards provide a baseline, too often organisations and consumers assume that these standards make the vendor suitable for the client’s agreements. Consequently, John argued that organisations should look beyond the standards and ensure that the vendors services are fit for the purchasing organisations particular needs. John also argued that it would be futile for the UK to create a standards regime, if this regime was not able to integrate internationally with similar global controls.
Finally, Michelle Unterbrink from Google drew on her extensive experience helping the healthcare sector to talk about the importance of managing data privacy and the issues that can occur when you’re securing a multi-cloud environment. Mainly, Michelle suggested that organisations need to talk with their cloud providers to ascertain the correct data security measures to put place and also to determine the level of transparency required. She also argued that organisations need to understand how requirements may differ in different parts of your network.
Each speaker showcased why investment in cloud computing enables organisations to be increasingly agile, increase collaboration between customers, suppliers and employees, and improves efficiency. This is particularly important as companies look to rebuild, recover and overcome the business challenges presented by the global pandemic.
techUK hopes this guide helps business leaders explore the full opportunities that cloud computing has to offer as they look to increase the use of cloud computing.
The full report covers these topics in more depth and can be found here.