Overcoming security and compliance barricades during digital transformation
Accelerated investment in the cloud became a necessity to support businesses’ immediate needs for remote working, and business resiliency throughout the pandemic. This critical transition emphasised cloud’s impact on businesses’ ability to scale, securely build and deploy pipelines, and respond quickly to changing customer demands.
According to Gartner, growth in the cloud market is expected to increase exponentially until 2024 due to businesses rapidly accelerating their digital transformation plans. As IT leaders assess their short and long-term goals about which workloads are best suited to public or private clouds, organisations are increasingly taking a hybridised approach to their cloud set up.
Aptum’s Cloud Impact Study reaffirmed this, revealing many organisations plan to take a hybridised approach to their cloud infrastructure, with more than half (59%) of respondents saying they will reduce their on-premises infrastructure to some degree and increase public cloud deployments within the next 18-24 months. A further 66% intend to expand their private cloud workloads. The shift is explained by the need to offer more flexible working options, strengthen business continuity plans and bolster agility.
Uptake in both private and public cloud allows organisations to take advantage of the security features associated with both infrastructures too. Fifty-one per cent of senior IT decision makers cited security as a key driver behind a migration to the cloud, specifically to reduce the potential of data breaches and human error that can come with traditional on-premises solutions.
Improving security with cloud
User data is safer in cloud infrastructures than in on-premise environments. This claim has been validated by 91 percent of respondents from the Aptum study reporting a high degree of success in improving their security when migrating to the cloud. An impressive 42 percent see complete success.
Most companies now understand the security benefits of cloud computing and the opportunities it offers in terms of securing a remote workforce, especially during the pandemic. In fact, 51 percent of all survey respondents listed security as a business driver for their investment in cloud services.
IT security teams are now responsible for protecting a scattered workforce, adding to the complications of securing multi-cloud environments in a time where there is also scrutinised budget and resources alongside an increasing number of malicious cyberattacks. A recent McAfee report found a 630% increase in attacks aimed at cloud services since January of 2020. Despite the increased security in hybrid cloud environments that companies are seeing, there are also a range of challenges to overcome.
Cloud security challenges
The top three challenges that respondents in the Aptum Cloud Impact Study cited as barriers to security, governance and compliance are commonly associated with the management, or mismanagement, of infrastructures:
- 85 percent of respondents cite a lack of a clear mechanism to detect and respond to threats across all cloud environments.
- 82 percent of respondents cite access management to multiple cloud environments.
- 81 percent of respondents cite a lack of visibility into all cloud environments through a single portal.
Organisations migrating to hybrid-cloud solutions can manage these complexities and achieve better security levels than they could in their server rooms by embedding security at the beginning of digital transformation. Security must run through initial conception, deployment, and ongoing operation in any cloud migration project. Companies must also continually revisit security principles as their hybrid cloud infrastructure shifts and grows.
For companies to be truly effective in their cloud security solutions, they must have total visibility across the organisation’s entire IT infrastructure to be able to identify, prioritise and respond to any threat that may arise.
A strategic security approach
Companies that don't monitor and control operations in the cloud risk one of the biggest security dangers: configuration drift. This is where new resources and configurations move operations away from what the policy demands, creating vulnerabilities and compliance violations. IT environments are malleable and always evolving, which is why any deployment must adhere to detailed security protocols that comply with industry and privacy regulations.
The answer lies in a strategic approach to security as part of a cloud transformation initiative. Security should be a priority at all stages of the cloud transformation process, from initial concept through to design, implementation, and ongoing operation.
A cloud environment is only as secure as the policies and controls an organisation has in place, which is why organisations need to build security into the foundation of any cloud strategy. A long-term partnership with an experienced cloud service provider enables organisations to get their cloud transformation right from the outset by highlighting and handling the questions that they might not have thought to ask. Investing that time and attention now will help build a reliable and secure platform for tomorrow's digital transformation.

Rory Daniels
Rory joined techUK in June 2023 after three years in the Civil Service on its Fast Stream leadership development programme.

Tess Buckley
A digital ethicist and musician, Tess holds a MA in AI and Philosophy, specialising in ableism in biotechnologies. Their professional journey includes working as an AI Ethics Analyst with a dataset on corporate digital responsibility, followed by supporting the development of a specialised model for sustainability disclosure requests. Currently at techUK as programme manager in digital ethics and AI safety, Tess focuses on demystifying and operationalising ethics through assurance mechanisms and standards. Their primary research interests encompass AI music systems, AI fluency, and technology created by and for differently abled individuals. Their overarching goal is to apply philosophical principles to make emerging technologies both explainable and ethical.

Laura Foster
Laura is techUK’s Associate Director for Technology and Innovation.

Sue Daley OBE
Sue leads techUK's Technology and Innovation work.

Elis Thomas
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on Semiconductors and Digital ID.

Usman Ikhlaq
Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence.

Harriet Allen