Introducing February's Cloud Security Champion
The purpose of techUK’s Cloud Security Champion campaign is to celebrate the work of UK cloud security specialists in helping build a culture of trust and confidence in cloud computing and showcase how they are supporting organisations to adopt, deploy and use cloud services securely.
A new techUK 'Cloud Security Champion’ will be chosen every month, so if you would like to nominate a friend or colleague to be the next Champion please drop us a line.
Aptum have recently released part two of their Cloud Impact Study, The Security and Compliance Barricade which you can read here.
1. What is your role, and what are your current responsibilities? What does a typical day involve?
My role at Aptum straddles two core functions – General Counsel and Chief Privacy Officer. My role exists to understand and manage risk within our business; and naturally, as a global hybrid multi-cloud managed service provider, a significant part of that is how the confidentiality, integrity and availability of our customers’ data is protected. My team provides oversight on the controls used to achieve this – this includes both internal and industry audits, as well as verifying standards of our suppliers and third parties such as the hyperscale providers.
2. What do you most enjoy about your work?
One aspect that excites me is the creation of strategies behind the development of our management systems. It is my job to ensure these systems offer assurance that their data is well cared for and being looked after.
Data security isn’t an easy thing to solve, whether it’s managed by a small team with little experience or a large team with a host of experience. Navigating those challenges, delivering the right assurances, and developing strategy to enable our customers to manage the security of their data is a very enjoyable part of the job.
3. Why is cloud important to UK’s economic growth and what does the future hold for adoption and maturity of cloud in the UK?
There is no doubt that cloud is going to be fundamental across all industries. In fact, recent research forecasts the cloud migration and modernisation market to grow by almost 25% towards a worth of ~$516bn by 2027; and Forrester predicts the global public cloud infrastructure market will grow by 35% to over $120 billion in 2021. The skills and resources needed to operate a cloud infrastructure effectively and efficiently will be highly sought-after.
I’m confident that the UK is well positioned, but we cannot take our eye off the ball – we’re already in a digital skills gap and this is a continuing problem which needs an alignment between both government and industry – and that includes specialisms such as cloud and network security.
4. Would you agree that the conversation about cloud security has shifted and cloud users increasingly recognise the security benefits of cloud services?
Certainly. Aptum conducted a study of 400 senior IT professionals in the US, Canada and UK which showed that many companies still cite security and data protection as the number one barrier to cloud transformation. Anecdotally, I believe cloud is better understood as a concept and firms have adapted their approach to data security to factor in third party service providers. The reality for most companies is that the biggest risk to their security are their own employees. Educating and training your workforce is key!
5. What are the key security concerns affecting greater cloud adoption and how can these issues be addressed?
Perhaps my view is slightly skewed by my exposure to the legal challenges of cross-border transactions, but regulatory uncertainty across borders is one of the biggest security risks affecting cloud adoption. Increasingly, we are seeing regulation at a national level which makes navigating cloud service supply chains a challenge.
If you look at the US, Canada, and other jurisdictions, where they are putting new regulations in place, it becomes a minefield to navigate the security regulations. In fact, the findings of part two of the Cloud Impact Study, The Security and Compliance Barricade report confirmed this – 80% of respondents cited ability to meet requirements of compliance efficiently across cloud environments as a main security challenge. This disparity is going to impact companies’ ability to make the best decisions from a technology and security perspective.
For firms it’s an opportunity, but for customers I can see times when they must compromise on technology to meet requirements.
6. What steps should organisations take to adapt their cloud security posture to the rapidly changing online environment?
Every company's IT function should have a cloud strategy that has security as a design principle within it. Far too often companies plan a cloud strategy driven by the technology but don’t prioritise including security as an aspect within the design.
It’s worth partnering with an expert managed services provider (MSP) like Aptum to work through the best strategy, especially for companies who are working in isolation on that strategy. If they are not talking to the market, then they are not getting the full picture. At Aptum, organisations leverage our highly qualified technicians who offer advice on investments in an optimised workload. After investing in the right technology, to maximise a return on investment, organisations should strengthen their policies and educate their workforce on security issues.
7. How can the cloud market equip organisations with the understanding, skills, and knowledge to make the right cloud decisions for now and for the future?
With COVID-19 underscoring the importance of cloud, organisations are feeling pressure to accelerate cloud transformation. The complexity of cloud computing and a lack of specialist expertise the main barriers preventing business success. 69% of organisations want to accelerate cloud deployments, but many recognise the need for help, as 26% of respondents view lack of skills to be a barrier to cloud transformation.
The digital skills gap means many firms do not have expertise to execute a good cloud strategy. We also find that even if they do, augmenting it by consulting a third-party provider with a breadth of industry knowledge will improve their viewpoint.
8. Building trust and confidence in the security of cloud computing services remains fundamental to the continued use of cloud services by organisations. What would you suggest is the one thing all companies should do to improve their cloud security?
There is no ‘silver bullet,’ that can be adopted to improve security. If companies do not know the risk, then they should have the directors and IT team explain it to them while they ask a host of questions. It is during these conversations that companies will get a clear picture of how strong the security posture is and where adaptations need to be made, especially regarding infrastructure.
Not all workloads operate efficiently or as securely in the same environment. Building infrastructure around data priority, alongside considering security at design, is crucial for success. Regardless of where the data resides, it must be treated as the top priority
9. How can the cloud industry encourage someone considering a career focussed on cloud?
We need to re-commit to training and development – the pandemic has been tough on everyone for various reasons. With many people working from home I think all companies need to think about how in this climate they create the on-ramp for cloud skills. We should also consider how we can enable people with more traditional skills within the IT industry to reinvent themselves. It is such a critical issue and now is a critical time.
If we can demonstrate as an industry that we are trying to solve these problems, we will encourage people to enter the sector. What we really need to do is come together to find a way to support and retrain people to inspire them, and others to stay in the cloud industry.
Laura Foster
Laura is techUK’s Head of Programme for Technology and Innovation.