Introducing September's Cloud Security Champion
Congratulations to Luke Pilfold-Thomas, Operations Director at Aitemology who is techUK's Cloud Security Champion for the month of September
The purpose of techUK’s Cloud Security Champion campaign is to celebrate the work of UK cloud security specialists in helping build a culture of trust and confidence in cloud computing and showcase how they are supporting organisations to adopt, deploy and use cloud services securely. This is also an opportunity to learn from those working in cloud security about the current threat landscape and examples of the strides being made in enhancing security.
A new techUK 'Cloud Security Champion’ will be chosen every month, so if you would like to nominate a friend or colleague to be the next Champion please drop us a line.
Read the full interview below:
What are your current responsibilities as Operations Director and what does a typical day involve?
My remit within Aitemology™ is fairly broad, owing to a mixed background in both commercial and technical disciplines. I look after the day-to-day business operations such as finance, legal and internal IT as well as honing the strategic aspects of our technical value proposition. From a cloud security point of view, this includes safeguarding our internal cloud services and analysing emerging technologies and principles to ensure our Cloud Plug and Playbook is reflective of the latest market trends. As you can probably guess, no two days are the same!
What do you most enjoy about your work?
It’s the variety that keeps me motivated; knowing I’ll be working across multiple disciplines (including security) to deliver genuine business value within Aitemology™ and to our customers.
Why is cloud important to UK’s economic growth and what does the future hold for adoption and maturity of cloud in the UK?
The pace of technology maturity changes almost every week, with new cloud services being developed continuously. It’s also a fact that the adoption of cloud has grown exponentially in light of the ongoing pandemic. The rate of uptake we’re seeing from customers and the wider business community is unprecedented. Organisations are accelerating their digital transformation plans to facilitate more flexible, remote ways of working, and cloud is the central enabler of this rapid transition.
From an economic growth standpoint, the UK is already relying more heavily on distributed, cloud-based technologies. Our move towards e-commerce and online business has created opportunities for existing companies to diversify, and new market entrants to innovate.
Digitalisation of national services will be a critical framework from which to encourage companies to invest here by making it easier to do business. Wider adoption of cloud will also undoubtedly increase automation levels. As automation matures, so too should the degree of efficiency, and together this will inevitably enable faster business growth rates.
The renewed demand for a better work-life balance paves the way for cloud to create a happier, more productive workforce, which in turn creates better economic output.
Would you agree that the conversation about cloud security has shifted and cloud users increasingly recognise the security benefits of cloud services?
Cloud security has always been a double-edged sword. Organisations want to protect and control their data assets, which traditionally was easier to do when you owned the full technology stack. With the newly evolved power and capabilities of cloud technology, many of these same security controls are still available but with added benefits of enhanced agility and intelligence.
I’m sure many readers will have heard about or directly experienced any number of dire consequences as a result of unpatched, legacy infrastructure. I’ve certainly seen unencrypted credit card databases and insecure document hosting in the past. As a result, the key question has become ‘what more can I do with the new and improved security measures available to me via cloud platforms?’ rather than the hackneyed position of ‘on-premise is more secure than cloud’. Working out the most suitable/robust architecture and right blend of public, private and hybrid cloud environments also underpins the new rhetoric regarding cloud and its security.
What are the key security concerns affecting greater cloud adoption and how can these issues be addressed?
While lots of organisations have already leapt feet-first into cloud, there are still many teetering on the edge. The customers and individuals we speak to regularly cite security as a key concern for wider cloud adoption. Most of the time this comes from a place of ignorance, a fear of the unknown and being risk averse, so addressing these concerns is no mean feat. Confidence will be built through a mix of successful trialling, stories and wider market uptake. In extreme cases, businesses will be pushed to ‘feel the fear and do it anyway’ under threat of being left behind by competitors who have been quicker to adopt the cloud advantage. As a company, we work extensively on this ‘education’ piece, using real-world case studies to showcase the strategic benefits of cloud adoption. In 9 out 10 instances, enhanced security, tighter access controls and intelligent threat analysis/detection will be priorities but undertaking a thorough discovery exercise to determine the application of these within each unique business context is crucial.
What steps should organisations take to adapt their cloud security posture to the rapidly changing online environment?
In the case of cloud security, it's far easier for a hacker to attack your systems than it is for you to defend them. We’re pouring more and more personal and business data into distributed cloud systems, which undeniably has big socioeconomic implications. Gartner recently reported that by 2023, 75% of organisations will restructure risk and security governance to address the widespread adoption of cloud technologies, a huge jump from less than 15% today. Today, starting with a resilient cybersecurity strategy that encourages protection against security threats, data breaches and other enterprise cybersecurity risks of cloud is essential to running your business securely. Security must be at the top of any Board agenda and should be used to guide strategic business decisions. At a more operational level, it’s critical you use the technologies and tools available to continually assess, govern, test and educate the business on not just the benefits of cloud security, but also the risk realities of when things go wrong. Tactics as simple as a principle of ‘least privileged access’ and strong passwords can go an awfully long way to protecting yourself when adhered to at all levels of the organisation.
How can the cloud market equip organisations with the understanding, skills and knowledge to make the right cloud decisions for now and for the future?
By being honest and transparent with customers, competitors and the market in general about the realities and foibles of implementing and operating cloud services, together with the potential/likely benefits. After all, there are no guarantees in life apart from death and taxes! Again, this education piece is critical, which is why our Cloud Plug and Playbook delivers clarity, convenience and control to anyone looking to transform their digital footprint to wholesale cloud services.
From a personal point of view, forums like techUK are vital in supporting these open conversations. I serve on the not-for-profit TechSkills Employer Board, where we focus heavily on the UK’s current digital skills gap. Making sure we’re equipped and fit for a cloud-first future ultimately starts at grassroots level. It’s crucial we upskill tomorrow’s workforce with the right knowledge and tools and encourage healthy debate around cloud’s cultural and socioeconomic implications. This will enable future generations to navigate complex, digital business environments.
Building trust and confidence in the security of cloud computing services remains fundamental to the continued use of cloud services by organisations. What would you suggest is the one thing all companies should do to improve their cloud security?
Two words - reflect and innovate. These enable a cycle of continuous improvement. I’ve already highlighted security as a hot Boardroom topic, but someone in the organisation really needs to own it. Be honest and reflective about your internal state of security as it will help you understand your strengths and weaknesses. Teams really need to think like hackers, exploring new and creative ways to expose vulnerabilities. Formulating bespoke security policies to get ahead of threat agents means you can proactively mitigate risk and/or incidents before you’re hit.
How can the cloud industry encourage someone considering a career focussed on cloud?
The advent of digital credentials has been great, but there’s still a way to go to prevent a huge pool of potential candidates being put off by global brand elitism. For single user tenants, major cloud providers could create more accessible material, provide more free credits and do more to encourage the younger generations, career swappers and workplace restarters to learn and develop their cloud skills (this will also start plugging that skills gap). Making the growth path clear, incentivising certification uptake, and articulating the huge variety of cross-discipline opportunities needs to be shouted about. In short, the industry should be more proactive, more educational and even more vocal. After all, cloud is a hot topic in the technology world; with numerous predictions about tremendous sector growth and jobs creation, the reality is a career in cloud is a no-brainer!
Laura Foster
Laura is techUK’s Head of Programme for Technology and Innovation.
Rory Daniels
Rory joined techUK in June 2023 after three years in the Civil Service on its Fast Stream leadership development programme.
Elis Thomas
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on AI, Semiconductors and Digital ID.
