Increasing Confidence in the Cloud Among the Public Sector

public-sector-cloud-blog.jpg

Since it was first flagged by John McLelland's report in 2011, Cloud computing has become more and more of a burning issue in the realm of public sector ICT infrastructure. McLelland correctly identified the sizable advantages that Cloud computing can offer over legacy on-premises IT systems in terms of scalability, elasticity, efficiency and, perhaps most crucially of all, affordability.

Two years later, the UK government introduced its Cloud First policy, stipulating that all public sector organisations should give precedence to Cloud solutions when investigating new or upgrading existing services. Scotland published its own Public Sector Cloud Computing Guidance dossier in 2015, encouraging and advising local authorities and other public sector offshoots to migrate to the Cloud. Despite this push from above, a tangible transition has been slow to materialise. Why?

Immense Potential, Reluctant Uptake

The benefits of switching to a Cloud-based storage system are well-documented: it can facilitate ubiquitous accessibility, allow flexible and elastic scalability and potentially save significant funds through outsourcing hardware and software to a third-party. Despite these enticing advantages, adoption of the process has been a laboured process among the public sector, especially with regard to local authorities. Last year’s survey from Socitm and Eduserv found that while 62% of local councils do utilise some form of Cloud computing, the vast majority (80%) still rely primarily on legacy onsite IT systems, with only 40% reporting they have a Cloud strategy worked out.

The reasons for this sluggishness are manifold. While commentators may unfavourably compare these figures with private business (where Cloud adoption rates have reached almost 90%), it must be remembered that the public sector has far more logistical challenges to overcome. With various departments controlling all manner of services and their data often stored in disparate silos and processed by incompatible platforms, it’s nigh-on impossible to coordinate these distinct elements into a single entity, on the Cloud or elsewhere. What’s more, individual resistance to new technologies make switching to a new system a hard sell on the ground level. Arguably, local authority finance departments have struggled with how to procure systems with an almost exclusively op-ex model with monthly payments in what has traditionally been a cap-ex annual or multi-year purchasing area. Perhaps the biggest deterrent, however, remains concerns about the security of such sensitive information.

The Cloud: Stronghold or Sitting Duck?

For governmental branches which deal in such critical data as tax records or medical histories, security is understandably an important priority. The very idea of entrusting this crucial info into the hands of a third-party is enough to set alarm bells ringing, but experts are largely in agreement that the idea that the Cloud is less secure than on-premise data storage is a myth. That’s because Cloud service providers have a vested interest in maintaining an impeccable reputation when it comes to something they know is a sticking point and a narrower field of focus at which they can direct their budget.

For example, a quality Cloud company will employ stringent security personnel and measures at its physical location to ensure the servers and other IT equipment cannot be compromised or harmed – and will be able to justify a significantly larger expenditure on these activities, leveraged across a much larger customer base. They will also have backups in several locations around the world to safeguard against natural disaster or power outage resulting in data loss or operational downtime. Meanwhile, their cyber defences should be second-to-none, with all data encrypted at all times, and the latest firewalls and anti-viruses in place to protect against malicious hack attempts. Moreover, they will conduct inhouse audits on the efficacy and robustness of their defences on a constant basis, which is something an ordinary company or public sector outfit will not do (see WannaCry for corroborating evidence).

Confidence not Complacency

As a result of all these factors, there’s every reason to believe that a Cloud service provider is far more equipped to deal with security concerns than your average local authority or other organisation. However, it shouldn’t be assumed that all Cloud companies are created equal; the level of coverage and the security protocols that are in place may vary considerably from one provider to the next, so due diligence must be carried out to confirm that its credentials are up to scratch. Any contracts entered into with the chosen company should also be put firmly under the microscope to ensure that its finer points are fair to all concerned.

Finally, an organisation should not assume that any data stored in the Cloud will immediately become safer than Fort Knox. Confidence in the Cloud is to be encouraged, but only if it does not breed complacency. For example, internal threats still comprise a significant worry, so user access should still be heavily restricted, and an online forensic trail established to guarantee transparency with regard to all data interactions and transmissions. What’s more, Cloud security shouldn’t be used as a proxy or replacement for your own online precautions and any organisation keen to accommodate the four risk assessment concerns raised by the Scottish government in the aforementioned guidance dossier would do well to ensure their own house is in order, regardless of where their data is stored.

The Best of Both Worlds?

One approach which is becoming increasingly popular among companies unwilling to commit their most sensitive data to the Cloud is a hybrid solution. In this scenario, different silos and platforms are uploaded to the Cloud one by one, allowing an organisation to outsource menial tasks and less critical information to the third-party Cloud provider, freeing up valuable resources and manpower in the process, while still keeping its most confidential assets close to its chest. This approach has the added advantage of giving decision-makers the chance to witness the advantages of the Cloud in action on a smaller scale, affording them the evidence they need to fully commit.

Of course, any organisation opting for this latter approach must go the extra mile to ensure the data it retains on premises is adequately protected. For smaller outfits, cash-strapped non-profits or governmental organisations, having the manpower or the resources to devote to such a thankless but essential endeavour might not be possible. That’s where we come in. Quorum Cyber are a dedicated team of cyber security specialists who know the industry inside out and can help keep your company safe from online harm. From targeted protection against malware or phishing campaigns to a fully managed cyber security operations centre (C-SOC), our Managed Services are designed to help you stay protected at an affordable price and against all threats.

For more information on how to bolster your organisation’s cyber defences – whether it operates in the public or private sphere, in the Cloud or onsite – contact Quorum Cyber online or via phone at +44 333 444 0041. We’re here to help.

Darren Phillips