Overcoming security and compliance barricades during digital transformation
Ross Woodham, General Counsel and Chief Privacy Officer, Aptum discusses creating a strategic security approach
Accelerated investment in the cloud became a necessity to support businesses’ immediate needs for remote working, and business resiliency throughout the pandemic. This critical transition emphasised cloud’s impact on businesses’ ability to scale, securely build and deploy pipelines, and respond quickly to changing customer demands.
According to Gartner, growth in the cloud market is expected to increase exponentially until 2024 due to businesses rapidly accelerating their digital transformation plans. As IT leaders assess their short and long-term goals about which workloads are best suited to public or private clouds, organisations are increasingly taking a hybridised approach to their cloud set up.
Aptum’s Cloud Impact Study reaffirmed this, revealing many organisations plan to take a hybridised approach to their cloud infrastructure, with more than half (59%) of respondents saying they will reduce their on-premises infrastructure to some degree and increase public cloud deployments within the next 18-24 months. A further 66% intend to expand their private cloud workloads. The shift is explained by the need to offer more flexible working options, strengthen business continuity plans and bolster agility.
Uptake in both private and public cloud allows organisations to take advantage of the security features associated with both infrastructures too. Fifty-one per cent of senior IT decision makers cited security as a key driver behind a migration to the cloud, specifically to reduce the potential of data breaches and human error that can come with traditional on-premises solutions.
Improving security with cloud
User data is safer in cloud infrastructures than in on-premise environments. This claim has been validated by 91 percent of respondents from the Aptum study reporting a high degree of success in improving their security when migrating to the cloud. An impressive 42 percent see complete success.
Most companies now understand the security benefits of cloud computing and the opportunities it offers in terms of securing a remote workforce, especially during the pandemic. In fact, 51 percent of all survey respondents listed security as a business driver for their investment in cloud services.
IT security teams are now responsible for protecting a scattered workforce, adding to the complications of securing multi-cloud environments in a time where there is also scrutinised budget and resources alongside an increasing number of malicious cyberattacks. A recent McAfee report found a 630% increase in attacks aimed at cloud services since January of 2020. Despite the increased security in hybrid cloud environments that companies are seeing, there are also a range of challenges to overcome.
Cloud security challenges
The top three challenges that respondents in the Aptum Cloud Impact Study cited as barriers to security, governance and compliance are commonly associated with the management, or mismanagement, of infrastructures:
- 85 percent of respondents cite a lack of a clear mechanism to detect and respond to threats across all cloud environments.
- 82 percent of respondents cite access management to multiple cloud environments.
- 81 percent of respondents cite a lack of visibility into all cloud environments through a single portal.
Organisations migrating to hybrid-cloud solutions can manage these complexities and achieve better security levels than they could in their server rooms by embedding security at the beginning of digital transformation. Security must run through initial conception, deployment, and ongoing operation in any cloud migration project. Companies must also continually revisit security principles as their hybrid cloud infrastructure shifts and grows.
For companies to be truly effective in their cloud security solutions, they must have total visibility across the organisation’s entire IT infrastructure to be able to identify, prioritise and respond to any threat that may arise.
A strategic security approach
Companies that don't monitor and control operations in the cloud risk one of the biggest security dangers: configuration drift. This is where new resources and configurations move operations away from what the policy demands, creating vulnerabilities and compliance violations. IT environments are malleable and always evolving, which is why any deployment must adhere to detailed security protocols that comply with industry and privacy regulations.
The answer lies in a strategic approach to security as part of a cloud transformation initiative. Security should be a priority at all stages of the cloud transformation process, from initial concept through to design, implementation, and ongoing operation.
A cloud environment is only as secure as the policies and controls an organisation has in place, which is why organisations need to build security into the foundation of any cloud strategy. A long-term partnership with an experienced cloud service provider enables organisations to get their cloud transformation right from the outset by highlighting and handling the questions that they might not have thought to ask. Investing that time and attention now will help build a reliable and secure platform for tomorrow's digital transformation.
Tess Buckley
Programme Manager - Digital Ethics and AI Safety, techUK
Tess is the Programme Manager for Digital Ethics and AI Safety at techUK.
Prior to techUK Tess worked as an AI Ethics Analyst, which revolved around the first dataset on Corporate Digital Responsibility (CDR), and then later the development of a large language model focused on answering ESG questions for Chief Sustainability Officers. Alongside other responsibilities, she distributed the dataset on CDR to investors who wanted to further understand the digital risks of their portfolio, she drew narratives and patterns from the data, and collaborate with leading institutes to support academics in AI ethics. She has authored articles for outlets such as ESG Investor, Montreal AI Ethics Institute, The FinTech Times, and Finance Digest. Covered topics like CDR, AI ethics, and tech governance, leveraging company insights to contribute valuable industry perspectives. Tess is Vice Chair of the YNG Technology Group at YPO, an AI Literacy Advisor at Humans for AI, a Trustworthy AI Researcher at Z-Inspection Trustworthy AI Labs and an Ambassador for AboutFace.
Tess holds a MA in Philosophy and AI from Northeastern University London, where she specialised in biotechnologies and ableism, following a BA from McGill University where she joint-majored in International Development and Philosophy, minoring in communications. Tess’s primary research interests include AI literacy, AI music systems, the impact of AI on disability rights and the portrayal of AI in media (narratives). In particular, Tess seeks to operationalise AI ethics and use philosophical principles to make emerging technologies explainable, and ethical.
Outside of work Tess enjoys kickboxing, ballet, crochet and jazz music.
- Email:
- [email protected]
- Website:
- tessbuckley.me
- LinkedIn:
- https://www.linkedin.com/in/tesssbuckley/
Read lessmore
Laura Foster
Head of Technology and Innovation, techUK
Laura is techUK’s Head of Programme for Technology and Innovation.
She supports the application and expansion of emerging technologies, including Quantum Computing, High-Performance Computing, AR/VR/XR and Edge technologies, across the UK. As part of this, she works alongside techUK members and UK Government to champion long-term and sustainable innovation policy that will ensure the UK is a pioneer in science and technology
Before joining techUK, Laura worked internationally as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.
- Email:
- [email protected]
- LinkedIn:
- www.linkedin.com/in/lauraalicefoster
Read lessmore
Sue Daley
Director, Technology and Innovation
Sue leads techUK's Technology and Innovation work.
This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy. She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame. A key influencer in driving forward the data agenda in the UK Sue is co-chair of the UK government's National Data Strategy Forum. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.
Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
- Email:
- [email protected]
- Phone:
- 020 7331 2055
- Twitter:
- @ChannelSwimSue,@ChannelSwimSue
Read lessmore
Rory Daniels
Programme Manager, Emerging Technologies
Rory joined techUK in June 2023 after three years in the Civil Service on its Fast Stream leadership development programme.
During this time, Rory worked on the Government's response to Covid-19 (NHS Test & Trace), school funding strategy (Department for Education) and international climate and nature policy (Cabinet Office). He also tackled the social care crisis whilst on secondment to techUK's Health and Social Care programme in 2022.
Before this, Rory worked in the House of Commons and House of Lords alongside completing degrees in Political Economy and Global Politics.
Today, he is techUK's Programme Manager for Emerging Technologies, covering dozens of technologies including metaverse, drones, future materials, robotics, blockchain, space technologies, nanotechnology, gaming tech and Web3.0.
- Email:
- [email protected]
- LinkedIn:
- https://www.linkedin.com/in/rorydaniels28/
Read lessmore
Katherine Holden
Associate Director, Data Analytics, AI and Digital ID, techUK
Katherine joined techUK in May 2018 and currently leads the Data Analytics, AI and Digital ID programme.
Prior to techUK, Katherine worked as a Policy Advisor at the Government Digital Service (GDS) supporting the digital transformation of UK Government.
Whilst working at the Association of Medical Research Charities (AMRC) Katherine led AMRC’s policy work on patient data, consent and opt-out.
Katherine has a BSc degree in Biology from the University of Nottingham.
- Email:
- [email protected]
- Phone:
- 020 7331 2019
Read lessmore
Elis Thomas
Programme Manager, Tech and Innovation, techUK
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on AI, Semiconductors and Digital ID.
He previously worked at an advocacy group for tech startups, with a regional focus on Wales. This involved policy research on innovation, skills and access to finance.
Elis has a Degree in History, and a Masters in Politics and International Relations from the University of Winchester, with a focus on the digitalisation and gamification of armed conflicts.
- Email:
- [email protected]
- Website:
- www.techuk.org/
- LinkedIn:
- https://www.linkedin.com/in/elis-thomas-49a1aa1a1/
Read lessmore
Usman Ikhlaq
Programme Manager - Artificial Intelligence, techUK
Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence.
Prior to joining techUK, Usman worked as a policy, government affairs and public affairs professional in the advertising sector. He has also worked in sales and marketing and FinTech.
Usman is a graduate of the London School of Economics, BPP Law School and Queen Mary University of London.
When he isn’t working, Usman enjoys spending time with his family and friends. He also has a keen interest in running, reading and travelling.
- Email:
- [email protected]
- LinkedIn:
- https://uk.linkedin.com/in/usman-ikhlaq,https://uk.linkedin.com/in/usman-ikhlaq
Read lessmore
