A recent reader survey published in October 2020 captured the main concerns and considerations impacting greater adoption of cloud services. More than 100 transformation, architecture and infrastructure executives took part, among whom an overwhelming 55% said security was their biggest worry, followed by cost (35%), skills (20%) and application migration (10%).
To discuss the results, a panel of industry experts joined our ‘Cloud Clinic’. The panel included Chris Feltham, industry technical specialist for cloud at sponsor Intel; UKCloud’s product manager Bart Challis, and director of product management, Andy Webb; and UKFast’s head of security and compliance, Stephen Crow, and director of enterprise technologies Chris Folkerd.
The conversation addressed a range of topic areas, including new requirements prompted by an increasingly distributed workforce, legacy concerns around cloud stability and robustness, managing costs, and the growing need to harness AI capabilities. Given its high survey ranking, however, security sat at the top of the agenda.
“As attacks get more sophisticated and attack surfaces get bigger, the way security is deployed has to evolve to keep up,” said Feltham. “Using software to protect software has limitations – the way forward is to use hardware security, the benefits of which extend all the way up through operating and software stacks to applications and the cloud.”
Prioritising security considerations
He offered a straightforward message for those looking to secure cloud operations: “Encrypt everything – there’s really no reason now that people shouldn’t be encrypting everything they use.”
Bart Challis agreed with Feltham that identifying and prioritising security considerations from the very start of the adoption process was essential. “It’s a case of building security right into the heart of what the cloud is doing and thereby having that trusted infrastructure on which to layer additional security services on top of,” he said.
“Security has long been seen as an insurance policy, people do it begrudgingly,” Challis continued. “One of the reasons for this is that it is very expensive to do properly – there’s a high cost of entry.”
Challis went on to stress the importance of making it easier for organisations with smaller budgets to protect their data – and to help SMEs interpret the latest security standards in a way that was relevant to their specific requirements.
“Industry standards seem to be moving a lot slower than the cloud industry as a whole, so there is a struggle to find newer standards as they’re not being released as quickly as we’d expect,” added Stephen Crow. “PCI DSS 4.0 [the latest iteration of a minimum set of requirements for protecting cardholder data], for example, will be released in 2021; a new standard a lot of people will be jumping onto and looking to see how they change their security requirements to adapt to the move towards more public cloud services.”
As cloud adoption continues to pick up pace in 2021, these issues will come under ever greater scrutiny. To watch the video in full, read associated white papers, and see a breakdown of the reader survey results here.