Overcoming security and compliance barricades during digital transformation
Accelerated investment in the cloud became a necessity to support businesses’ immediate needs for remote working, and business resiliency throughout the pandemic. This critical transition emphasised cloud’s impact on businesses’ ability to scale, securely build and deploy pipelines, and respond quickly to changing customer demands.
According to Gartner, growth in the cloud market is expected to increase exponentially until 2024 due to businesses rapidly accelerating their digital transformation plans. As IT leaders assess their short and long-term goals about which workloads are best suited to public or private clouds, organisations are increasingly taking a hybridised approach to their cloud set up.
Aptum’s Cloud Impact Study reaffirmed this, revealing many organisations plan to take a hybridised approach to their cloud infrastructure, with more than half (59%) of respondents saying they will reduce their on-premises infrastructure to some degree and increase public cloud deployments within the next 18-24 months. A further 66% intend to expand their private cloud workloads. The shift is explained by the need to offer more flexible working options, strengthen business continuity plans and bolster agility.
Uptake in both private and public cloud allows organisations to take advantage of the security features associated with both infrastructures too. Fifty-one per cent of senior IT decision makers cited security as a key driver behind a migration to the cloud, specifically to reduce the potential of data breaches and human error that can come with traditional on-premises solutions.
Improving security with cloud
User data is safer in cloud infrastructures than in on-premise environments. This claim has been validated by 91 percent of respondents from the Aptum study reporting a high degree of success in improving their security when migrating to the cloud. An impressive 42 percent see complete success.
Most companies now understand the security benefits of cloud computing and the opportunities it offers in terms of securing a remote workforce, especially during the pandemic. In fact, 51 percent of all survey respondents listed security as a business driver for their investment in cloud services.
IT security teams are now responsible for protecting a scattered workforce, adding to the complications of securing multi-cloud environments in a time where there is also scrutinised budget and resources alongside an increasing number of malicious cyberattacks. A recent McAfee report found a 630% increase in attacks aimed at cloud services since January of 2020. Despite the increased security in hybrid cloud environments that companies are seeing, there are also a range of challenges to overcome.
Cloud security challenges
The top three challenges that respondents in the Aptum Cloud Impact Study cited as barriers to security, governance and compliance are commonly associated with the management, or mismanagement, of infrastructures:
- 85 percent of respondents cite a lack of a clear mechanism to detect and respond to threats across all cloud environments.
- 82 percent of respondents cite access management to multiple cloud environments.
- 81 percent of respondents cite a lack of visibility into all cloud environments through a single portal.
Organisations migrating to hybrid-cloud solutions can manage these complexities and achieve better security levels than they could in their server rooms by embedding security at the beginning of digital transformation. Security must run through initial conception, deployment, and ongoing operation in any cloud migration project. Companies must also continually revisit security principles as their hybrid cloud infrastructure shifts and grows.
For companies to be truly effective in their cloud security solutions, they must have total visibility across the organisation’s entire IT infrastructure to be able to identify, prioritise and respond to any threat that may arise.
A strategic security approach
Companies that don't monitor and control operations in the cloud risk one of the biggest security dangers: configuration drift. This is where new resources and configurations move operations away from what the policy demands, creating vulnerabilities and compliance violations. IT environments are malleable and always evolving, which is why any deployment must adhere to detailed security protocols that comply with industry and privacy regulations.
The answer lies in a strategic approach to security as part of a cloud transformation initiative. Security should be a priority at all stages of the cloud transformation process, from initial concept through to design, implementation, and ongoing operation.
A cloud environment is only as secure as the policies and controls an organisation has in place, which is why organisations need to build security into the foundation of any cloud strategy. A long-term partnership with an experienced cloud service provider enables organisations to get their cloud transformation right from the outset by highlighting and handling the questions that they might not have thought to ask. Investing that time and attention now will help build a reliable and secure platform for tomorrow's digital transformation.
Alessandra is techUK’s Policy Manager for Data. She leads techUK’s working groups on Data Protection and Open Data and supports members on key issues such as the UK’s National Data Strategy.
Prior to working for techUK, Alessandra was a Consultant for a Public Policy firm based in London where she helped international technology companies navigate the risks and opportunities of digital policy. Alessandra has experience working for the European Asylum Support Office, the Malta High Commission in London during Malta’s first rotating presidency of the Council of the EU, and the European Parliament Information Office in Valletta. She holds an MSc in Public Policy and a B.A in European Studies.
Katherine joined techUK in May 2018 and currently leads the Data Analytics, AI and Digital ID programme.
Prior to techUK, Katherine worked as a Policy Advisor at the Government Digital Service (GDS) supporting the digital transformation of UK Government.
Whilst working at the Association of Medical Research Charities (AMRC) Katherine led AMRC’s policy work on patient data, consent and opt-out.
Katherine has a BSc degree in Biology from the University of Nottingham.
- [email protected]
- 020 7331 2019
Laura is techUK’s Programme Manager for Technology and Innovation.
She supports the application and expansion of emerging technologies across business, including Geospatial Data, Quantum Computing, AR/VR/XR and Edge technologies.
Before joining techUK, Laura worked internationally in London, Singapore and across the United States as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.
Sue leads techUK's Technology and Innovation work.
This includes work programmes on cloud, data protection, data analytics, AI, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy. She has been recognised as one of the most influential women in UK tech by Computer Weekly and as a key influencer in driving forward the Big Data agenda in the UK Big Data 100. Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.
Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
Zoe is a Programme Assistant, supporting techUK's work across Policy, Technology and Innovation.
The team makes the tech case to government and policymakers in Westminster, Whitehall, Brussels and across the UK on the most pressing issues affecting this sector and supports the Technology and Innovation team in the application and expansion of emerging technologies across business, including Geospatial Data, Quantum Computing, AR/VR/XR and Edge technologies.
Before joining techUK, Zoe worked as a Business Development and Membership Coordinator at London First and prior to that Zoe worked in Partnerships at a number of Forex and CFD brokerage firms including Think Markets, ETX Capital and Central Markets.
Zoe has a degree (BA Hons) from the University of Westminster and in her spare time, Zoe enjoys travelling, painting, keeping fit and socialising with friends.