23 Nov 2021

The future of cloud hinges on getting security right

Guest Blog: Tris Morgan, Director of Security Advisory Services, BT Security as part of techUK's cloud week #CloudFuture

Enterprise cloud adoption isn’t exactly a new topic. Even before COVID-19 the cloud debate was at the forefront of the business agenda. However, the pandemic has pushed migration to a new high. With remote working shifting from a stopgap measure to the new norm, only a cloud-based infrastructure can provide the scalability and agility needed to maintain good user experiences for employees and customers. In fact, it’s not an exaggeration to say that the cloud now powers many of the world’s economies.  

Embracing the cloud presents a unique opportunity for businesses seeking increased flexibility, business continuity and cost efficiency. It has immense potential but there are also some pretty serious consequences if a business misses the mark. That’s why adopting this technology requires a new approach to cybersecurity.  

 

A new approach to cyber hygiene  

Securing the cloud is not the same as securing on-premise infrastructure. Blending Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), in addition to the fact that many hyperscalers are software-defined, means that traditional enterprise security controls don’t always convert. Organisations can’t simply copy what they had previously. 

Firstly, when a business takes the leap to the cloud, one of the most important things is knowing where data is located and how it flows. Today’s cloud is made up of employees, customers, partners and providers so maintaining visibility of this data has become much more complex. As a result, basic hygiene has unintentionally worsened for many businesses. By focusing on the fundamentals of cyber hygiene through asset and inventory management, vulnerability and configuration management, enterprises can understand where their most valuable information is stored, who has access to it, any vulnerabilities, and how it can be properly secured. 

 

Knowledge is king  

Vulnerabilities are unfortunately a fact of security life so it’s vital that an organisation’s team has the right skills and training to not only securely architect the cloud but also continue to maintain the right levels of security post implementation. With the rate of change in the technology industry, cloud providers often make changes on a daily basis. This variation and the sheer number of security products and services available can naturally be overwhelming. Whilst it’s crucial to begin with the correct knowledge to support early migration decisions, it’s also really important to continue staff education to avoid any challenges in the long term. 

Automate, automate, automate  

Cloud platforms are constantly improving their security services and capabilities. But, just as technology keeps advancing, so do the threats. Organisations need to adopt a continuous risk-led improvement cycle which translates to continual updating and patching.  

The future of cloud security is heading towards automation with technologies such as machine learning and artificial intelligence (AI) transforming both real-time detection of threats but also the implementation of updates and patching to protect networks faster than an attack spreads and minimise its impact.    

Lean on a trusted partner  

What’s become evident is that organisations, who are struggling to keep pace with the volume of threats, can’t go it alone. They should look to an expert partner to bolster their in-house capabilities. Partnering provides access to vendor knowhow, expertise on the evolving threat landscape, as well as cross-industry experience to avoid mistakes others have made.  

Cloud technology is the only viable way to power the future world of remote and hybrid work. Businesses that make the leap will achieve the greatest edge. However, although the cloud offers security-related benefits, it’s paramount to be conscious of the new risks the cloud ushers. If done right though, the advantages of this technology still largely outweigh the risks, and we’re well on our way to a cloud-first world.  

Author:

Tris Morgan, Director of Security Advisory Services, BT Security

 

Welcome to Cloud Week 2021!

You can catch up on all news and read all insights published as part of cloud week here

Read more here

Laura Foster

Laura Foster

Head of Technology and Innovation, techUK

Laura is techUK’s Head of Programme for Technology and Innovation.

She supports the application and expansion of emerging technologies, including Quantum Computing, High-Performance Computing, AR/VR/XR and Edge technologies, across the UK. As part of this, she works alongside techUK members and UK Government to champion long-term and sustainable innovation policy that will ensure the UK is a pioneer in science and technology

Before joining techUK, Laura worked internationally as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.

Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.

Email:
[email protected]
LinkedIn:
www.linkedin.com/in/lauraalicefoster

Read lessmore