Security Must Be an Integral Part of the IT Strategy

One of the biggest challenges when looking at cloud adoption and migration is the level of risk associated with your current estate. Today, we find businesses protecting everything that they have because they don’t have either the visibility or the toolsets required to protect and monitor their estate effectively and efficiently.

Without visibility it’s very challenging to secure network connections, the dispersed endpoints that are being utilised or the data that is passing between them. One of the earlier benefits of cloud adoption was the process of discovery that ensured businesses could gain this much-needed visibility, enabling them to effectively perform a security risk assessment and begin the process of plugging the gaps and mitigating any historical security risks.

We’ve been working with public sector organisations for nearly a decade and we recognise that adoption of cloud has been slower than in other industries and sectors. This presents a significant risk, especially as many of the online services citizens and organisations are increasingly dependent on are delivered through aging and non-resilient infrastructure. Cloud presents an opportunity to de-risk these workloads by using cloud service providers who deliver services through enterprise-grade technology and have the scale to operate and monitor workloads. Despite this, according to UKCloud’s State of Cloud Adoption survey85.2% agree that their organisation is reluctant to move workloads to the cloud due to risk and security concerns.

Let’s examine why this is the case in public sector?

The nature of public sector services means that they need to remain available 24/7 for both end users and to the staff that deliver these services. Take healthcare as an example, patients need to be able to quickly self-diagnose and book appointments using online applications. Similarly, clinicians need to have access to medical records to treat patients effectively both at the physical hospital building or, as many have done, remotely during this pandemic. The following example, demonstrates the complexities involved:

  • Shared patient data needs to be managed and stored correctly according to key healthcare standards and principles
  • Applications need to be accessed over secure healthcare networks, such as the Health and Social Care Network (HSCN)
  • Services need to be available on any device with a consistent experience for both patients and medical staff

The current pandemic has provided an opportunity to accelerate the use of technologies in public sector to deliver digital services to employees and citizens observing lockdown measures. As digital transformation progresses, this helps address the risks around the use of legacy hardware and the security vulnerabilities from on-premises IT estates mentioned earlier. However, as organisations adopt more cloud-based technologies the risk of cyberattack is increased. The WHO recently reported that there’s been a five-fold increase in cyber-attacks since the start of the COVID-19 pandemic, and we’ve seen the impact of these attacks on organisations such as EasyJet. Businesses need to be prepared for this, but it’s by no means a blocker to further digital adoption.

To overcome these challenges, security must be an integral part of the IT strategy, not just for protecting workloads on-premises. As multiple cloud providers are utilised, private clouds and hybrid clouds are added to the mix, meaning that single dashboards and centralised monitoring will become much-needed aids.

These challenges aside, cloud computing has the power to revolutionise the way citizens interact with public services. In fact, four in five respondents (80.9%) agree the cloud is an enabler for their organisation to adopt transformative technologies such as AI, smart places and IoT/ hyperconnectivity (UKCloud’s State of Cloud Adoption Survey).

UKCloud offers a suite of technology solutions to help organisations adopt cloud securely. We also provide discovery and management services to ensure they are safe and compliant whilst being agile in the delivery of innovation, scale and speed to keep public services safe and compliant. Find out more here.

This blog has been written for techUK’s Cloud Campaign Week.