Overcoming security and compliance barricades during digital transformation
Accelerated investment in the cloud became a necessity to support businesses’ immediate needs for remote working, and business resiliency throughout the pandemic. This critical transition emphasised cloud’s impact on businesses’ ability to scale, securely build and deploy pipelines, and respond quickly to changing customer demands.
According to Gartner, growth in the cloud market is expected to increase exponentially until 2024 due to businesses rapidly accelerating their digital transformation plans. As IT leaders assess their short and long-term goals about which workloads are best suited to public or private clouds, organisations are increasingly taking a hybridised approach to their cloud set up.
Aptum’s Cloud Impact Study reaffirmed this, revealing many organisations plan to take a hybridised approach to their cloud infrastructure, with more than half (59%) of respondents saying they will reduce their on-premises infrastructure to some degree and increase public cloud deployments within the next 18-24 months. A further 66% intend to expand their private cloud workloads. The shift is explained by the need to offer more flexible working options, strengthen business continuity plans and bolster agility.
Uptake in both private and public cloud allows organisations to take advantage of the security features associated with both infrastructures too. Fifty-one per cent of senior IT decision makers cited security as a key driver behind a migration to the cloud, specifically to reduce the potential of data breaches and human error that can come with traditional on-premises solutions.
Improving security with cloud
User data is safer in cloud infrastructures than in on-premise environments. This claim has been validated by 91 percent of respondents from the Aptum study reporting a high degree of success in improving their security when migrating to the cloud. An impressive 42 percent see complete success.
Most companies now understand the security benefits of cloud computing and the opportunities it offers in terms of securing a remote workforce, especially during the pandemic. In fact, 51 percent of all survey respondents listed security as a business driver for their investment in cloud services.
IT security teams are now responsible for protecting a scattered workforce, adding to the complications of securing multi-cloud environments in a time where there is also scrutinised budget and resources alongside an increasing number of malicious cyberattacks. A recent McAfee report found a 630% increase in attacks aimed at cloud services since January of 2020. Despite the increased security in hybrid cloud environments that companies are seeing, there are also a range of challenges to overcome.
Cloud security challenges
The top three challenges that respondents in the Aptum Cloud Impact Study cited as barriers to security, governance and compliance are commonly associated with the management, or mismanagement, of infrastructures:
- 85 percent of respondents cite a lack of a clear mechanism to detect and respond to threats across all cloud environments.
- 82 percent of respondents cite access management to multiple cloud environments.
- 81 percent of respondents cite a lack of visibility into all cloud environments through a single portal.
Organisations migrating to hybrid-cloud solutions can manage these complexities and achieve better security levels than they could in their server rooms by embedding security at the beginning of digital transformation. Security must run through initial conception, deployment, and ongoing operation in any cloud migration project. Companies must also continually revisit security principles as their hybrid cloud infrastructure shifts and grows.
For companies to be truly effective in their cloud security solutions, they must have total visibility across the organisation’s entire IT infrastructure to be able to identify, prioritise and respond to any threat that may arise.
A strategic security approach
Companies that don't monitor and control operations in the cloud risk one of the biggest security dangers: configuration drift. This is where new resources and configurations move operations away from what the policy demands, creating vulnerabilities and compliance violations. IT environments are malleable and always evolving, which is why any deployment must adhere to detailed security protocols that comply with industry and privacy regulations.
The answer lies in a strategic approach to security as part of a cloud transformation initiative. Security should be a priority at all stages of the cloud transformation process, from initial concept through to design, implementation, and ongoing operation.
A cloud environment is only as secure as the policies and controls an organisation has in place, which is why organisations need to build security into the foundation of any cloud strategy. A long-term partnership with an experienced cloud service provider enables organisations to get their cloud transformation right from the outset by highlighting and handling the questions that they might not have thought to ask. Investing that time and attention now will help build a reliable and secure platform for tomorrow's digital transformation.
Iain is the Programme Manager for the Digital ID Programme at techUK.
He joined techUK in January 2022 as the principal liaison with the Digital ID Programme Working Group Members, the UK Government and other key industry stakeholders, particularly in relation to UK regulation governing the ID sector.
Iain’s background in the mobile/digital ecosystem covers handset distribution, network infrastructure, messaging, digital identity and regulatory sectors including Ministerial and C-Level engagement across the UK, Western & Eastern Europe, APAC, the Russian Federation and North America.
His principal interest outside of work is music, (he plays bass guitar and double bass quite well, guitar and piano much less so…), both recording and playing out live and ran his own small record label until late last year. He is also a keen cyclist for much-needed exercise and enjoyment, even in London...
- [email protected]
- 07739 925345
Katherine joined techUK in May 2018 and currently leads the Data Analytics, AI and Digital ID programme.
Prior to techUK, Katherine worked as a Policy Advisor at the Government Digital Service (GDS) supporting the digital transformation of UK Government.
Whilst working at the Association of Medical Research Charities (AMRC) Katherine led AMRC’s policy work on patient data, consent and opt-out.
Katherine has a BSc degree in Biology from the University of Nottingham.
- [email protected]
- 020 7331 2019
Carmine is techUK’s Policy Manager for Artificial Intelligence & Digital Ethics. She joined the organisation in January 2023.
She formerly worked for Public Affairs consultancies, advising clients in tech, defence, financial services and the creative industries. Carmine also previously worked in the News Review section of the Sunday Times.
Carmine holds a BA in History from University College London, where she focussed on war and political history, as well as the history of philosophy. She was elected at the UCL Students’ Union and held the position of Politics Editor at the student paper.
More personally, Carmine is a literature and music fan, and rarely misses an opportunity to discuss politics and current affairs.
Laura is techUK’s Head of Programme for Technology and Innovation.
She supports the application and expansion of emerging technologies, including Quantum Computing, High-Performance Computing, AR/VR/XR and Edge technologies, across the UK. As part of this, she works alongside techUK members and UK Government to champion long-term and sustainable innovation policy that will ensure the UK is a pioneer in science and technology
Before joining techUK, Laura worked internationally as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.
Sue leads techUK's Technology and Innovation work.
This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy. She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame. A key influencer in driving forward the data agenda in the UK Sue is co-chair of the UK government's National Data Strategy Forum. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.
Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.