Article

Our point of view on Cloud Security

March 5 2019

Cloud is often seen as a high risk venture, and there are certainly some key considerations to keep in mind before deciding on how to make the move. But there are also significant opportunities to improve security by sourcing compliant services and reducing the burden on internal IT Security functions.

There’s no single right answer to moving your information systems into the cloud. Different data requires different levels of security and confidence in third parties. As the cloud matures, vendors are becoming more aware of the need for clarity and transparency and governments and regulatory bodies are now setting out standards which are likely to be reflected across industry.

Cloud is often seen as a high risk venture, and there are certainly some key considerations to keep in mind before deciding on how to make the move. But there are also significant opportunities to improve security by sourcing compliant services and reducing the burden on internal IT Security functions.

In reality, everyone will move to ‘a cloud’ in some form over the course of the next few years – most have already begun in terms of small scale SaaS solutions for non-core services. It’s highly likely that in many cases the transition will take the form of a hybrid solution, with existing infrastructure hardware being deployed as a private cloud.

To remain secure, CIOs must ensure that they have a Cloud Strategy and remain in control. To do this, operational departments must be given options to solve business problems and increase efficiency using the cloud, rather than procuring services independently out of frustration, and as a result creating significant hidden information risks.

In recent years, a number of organisations have successfully deployed secure internal private clouds through server, storage and network consolidation, then outsourced the infrastructure to a trusted external provider. This can result in significant savings on the time spent by IT staff on maintenance and support, and allows the additional resource effort to be put towards aligning IT with the business, improving tasks like requirements gathering and adding additional value to business activities through the delivery of innovative technology solutions. In turn this results in better adherence to process and policy, reducing information security risk and improving staff satisfaction across the organisation.

The cloud is difficult to define, but by establishing a clear view of the data held within the organisation, the options available and risks associated with managing it within the cloud a clear strategy can be established. The key element of a secure cloud solution is trust. As the level of risk increases, the trust required to hand-off that data also increases, until eventually a decision is taken to ensure certain data is kept in house. That does not mean that cloud is not an option, more likely it will result in the data being held in a private cloud managed internally, thus enabling the business to benefit from increased flexibility and performance of IT, but requiring the technology Department to retain sufficient skills and budget to manage the associated assets.

For more information on developing a secure strategy for moving to the cloud