More companies than ever are dedicating a larger percentage of their IT budgets to cloud computing, and it’s not hard to see why. In the cloud, a single server can host many virtual servers, dramatically cutting hardware costs and service delivery. But it’s not just about reduced hardware costs; cloud computing offers rapid deployment, reduced cost of implementation and overheads, improved collaboration, and increased scalability.
With cloud solutions, upgrades and software patches are managed by the provider, freeing up the valuable time of in-house teams. Time saved from constant bug-fixing can also help companies struggling with the shortage of talented IT staff – like the NHS. We discuss how to manage cloud security, turning risk into opportunity…
Organisations who want to stay competitive are looking to the cloud revolution to upgrade their ageing technology without breaking the bank. Many companies are looking to implement new projects in the cloud due to the speed of deployment and reduced cost. They’re moving expenditure from the cost of buying hardware and software to run business applications (Capex), to a cost of running the “service” (Opex).
33% of NHS trusts already use the cloud, for example, and 39% see it as their next big IT project. Cloud computing has been beneficial mostly to technology companies but has recently become popular with smaller businesses looking to scale, as well as retail. Dynamic companies like Specsavers and other retailers are using the cloud to flex their infrastructures on demand, to extend capabilities during peak hours and expand services in the international operations. They’re already seeing growth and improved customer satisfaction from Black Friday and other key sales dates.
Cloud computing makes it easier to measure costs – you’re paying directly for what you’re using, rather than trying to estimate capacity over time. This is especially useful to retail companies, who typically have low budgets and make use of thousands of speciality applications designed for various purposes. Such companies can gain huge economies of scale by using the same infrastructure across multiple applications in a cloud-computing architecture.
Most interestingly, the cloud also offers businesses a way to explore the potential of big data analytics to better understand their customers and improve the overall customer experience and business process. Such marketing efforts make use of huge amounts of data, but a cloud-based solution with the elastic storage it provides makes them financially feasible for companies to experiment and get to grips with. There are retail cloud collaboration platforms that capture real-time status information, streamline inventories, collect marketing data and track deliverables, and it’s only a matter of time before other industries get involved.
Currently, only 17% of NHS trusts expect a financial return from cloud adoption. Grave concerns over security and increasing numbers of cyber-attacks, compliance and management of the cloud are the biggest barriers to adoption, according to 61% of NHS trusts surveyed. This is followed by budget fears (55%), and legacy tech and vendor lock-in (53%).
When asked about challenges faced in managing cloud services, 47% said they were worried about a lack of control over performance, but 45% felt that protecting and securing the cloud was a key concern. The risks are great. Organisations like the NHS Digital, for example, have deemed the cloud a “safe” enough location for all of their sensitive data, but we’ve seen it go badly wrong. Unsupported operating systems, such as Windows XP, left the NHS vulnerable to WannaCry, which affected over a quarter of trusts, preventing access to computers, and important medical equipment such as MRI scanners.
Theft of cloud-hosted data is the new holy grail for cyber-criminals, as it’s so easy to quickly move large amounts of data. If your company and customer data lives outside of your business’s walls and in the cloud, security and access must be protected, and you should know what is happening to it at all times. Giving up control of your data to someone else means it could get stolen, lost, wiped or corrupted. This is an all-too-common scenario when working with third parties. Businesses often assume that security is taken care of (or at least matches their own) when they outsource file and data management to a third company, but even if that’s an initial consideration before contracts are signed, defences fall out of date quickly.
Cloud computing is not fundamentally insecure; it just needs to be managed in a secure way.
Cloud computing is not fundamentally insecure; it just needs to be managed in a secure way. If the risks are handled sensibly and expertly, deployment to the cloud actually offers a chance to improve IT security. All companies, regardless of industry or where they sit in the supply chain, should be looking at the cloud as a huge business opportunity.
Yes, budgets are tight, and there are many other things to spend them on (particularly where the NHS is concerned), but the healthcare sector, for example, is under organised attack from gangs of data thieves and ransomware extortionists. The attacks are getting more frequent, and more damaging. Cybersecurity has never been so important for organisations like the NHS. Out of date technology simply won’t cut it anymore.
The Cloud took some time to win people’s hearts and minds, but as pieces of infrastructure come up for renewal, organisations are now seeing the benefits. It’s a process – although only 4.2% of trusts use the cloud for storage and backup compared to 20.8% for email and collaboration, last year 66% of them confirmed cybersecurity to be a priority, compared to just 23% the previous year.
It’s no wonder businesses can feel like deer trapped in headlights when it comes to cloud security; one false move and any business can end up splashed across a tabloid newspaper. However, if a third-party cloud provider is responsible for managing all your data and applications, make sure they’re doing so securely. It’s important to have complete visibility of your data, even if a cloud provider promises to keep it safe at a service contract level. That cloud provider might have great firewalls, but they could easily miss a rogue malicious employee hacking a server room one lunchtime. Most major cloud vendors have fairly tough security measures in place, but when cybercriminals can’t access cloud-hosted servers via conventional attacks, they will make use of social engineering tactics to bypass security systems and steal users’ privileged login credentials. These privileged credentials grant them access to all of your data and stored infrastructure.
The volume of cyber-attacks doubled in the first half of 2017, so it’s safest to assume that all workstations are compromised, and plan a proper strategy of defence. It’s not a case of ‘if it ain’t broke, don’t fix it’ because keeping up with the competition today means keeping ahead of the technological times. When moving to the cloud, it’s important to partner with experts who can help you stay in control of your data and prevent mistakes from happening, avoiding costly data breaches. Privileged account abuse presents one of today’s most critical security challenges, but our Privileged Access Management solution, Osirium PAM, addresses both security and compliance requirements by defining who gets access to what and when.
Osirium PAM can control access to the deployment of cloud projects to the people that need privileged access, even third parties. To mitigate risk, the PxM Platform’s Password Lifecycle Management ensures that all managed passwords are as strong as possible and have full break-glass and rollback features, so the platform copes seamlessly with devices that leave the network or are restored from backups. Businesses can assign privileges to specific users without having to reveal passwords, preventing would-be hackers from accessing or stealing hosted data and protecting against potentially irreparable damage to both bottom line and reputation.
If the cloud is about doing better business all round, then security, specifically privileged access management, should be a primary consideration. Doing nothing, this far in, renders you a sitting duck. If you’d like to find out about Osirium PAM, Contact us.