In this guest post, Dob Todorov, CEO of managed services company HeleCloud, outlines why enterprises and SMEs can ill-afford to take a “set it and forget it” attitude to their public cloud investments
Against a backdrop of economic uncertainty, all UK organisations – large and small – are being forced to make the previously impossible, possible. Both businesses and government bodies must be able to address any sudden spikes in demand, undertake wide-scale cost cutting exercises, all while delivering at full capacity and upholding experience.
As a result, we’ve seen an unparalleled uptake in public cloud among UK organisations. A positive side effect of a rather difficult reality. Yet, as the adoption of public cloud accelerates, so too does the threat of data breaches.
With the huge fines and reputational damage that also come with any attacks, cybersecurity has never been more important. On HeleCloud’s behalf, Opinion Matters recently conducted a survey into how UK organisations are managing cybersecurity and compliance within the cloud during the current climate.
Business, IT and security leaders across a range of UK organisations were asked about their opinions, practices, and concerns with regards to the protection of their public cloud environments.
As suspected, the research revealed these organisations are facing the ultimate stress test as their public cloud architecture meets new pressures during the pandemic. The mismanagement of data within public cloud can be rife under these circumstances and many organisations will find themselves unintentionally exposing sensitive personal data and presenting the opportune environment for scammers.
For example, there is a clear misunderstanding among UK organisations when it comes to what the public cloud offers in terms of data protection. According to the survey, only a third (38%) had assessed their public cloud architecture in the past six months. Yet, this falls short of the continuous assessment advocated by leading public cloud providers and their partners.
It is not uncommon for organisations to overestimate what public cloud does in terms of cybersecurity and compliance. While public cloud is without a doubt the most secure platform for data, businesses and government bodies alike have a number of duties that they must fulfil to uphold this level of security, which includes continuous assessment.
The survey also confirmed this misunderstanding is, in part, due to a demand for specialised cloud and security skills within UK organisations. It revealed 46% of SMEs and 43% of enterprise organisations in the UK believe human error to be their biggest vulnerability.
Despite this, 85% of all UK organisations surveyed strongly agreeing with the statement “my company understands all the technical requirements needed to protect data within the public cloud”.
A false sense of cloud security
We see this a lot, organisations falling into the trap of believing that they have the necessary cyber security skills onboard, without recognising the specialist knowledge and experience needed to support public cloud platforms.
The fact is, you don’t know what they don’t know and as many as 90% are unaware of the full capabilities of cloud security and compliance. This is down to the weighty, and continuingly growing, skills gap that exists in the UK – particularly around cloud security capabilities.
Frustratingly, while 42% of UK organisations said that they believe they will need to hire new cloud security competencies in the next three months, 40% of respondents said it would take them between four and six months to hire people with the skills needed, while 49% said it could take up to three months.
With the projected hiring timelines so long for prospective specialists, it’s no surprise that such a large proportion of UK organisations choose to rely on individual contractors rather than filling internal positions.
In total, 38% of IT teams acquire a quarter of their specialist skills this way, while that number rises to just over half (51%) for SMEs in the UK. Yet during such turbulent times, this costly approach could still leave organisations exposed.
Instead, UK organisations should look to specialist partnerships for their public cloud architecture. It seems obvious, but those that focus on a specific platform will have unparalleled expertise when it comes to navigating and securing their complex architectures. Partnerships, therefore, can offer more reassurance and allow businesses to focus on longer-term targets even during a crisis as large as this one.
With targeted cyber-attacks on the rise, all UK organisations must be extra cautious when it comes to the security of their IT environments. Public cloud, if not managed correctly, can leave these organisations and their data exposed. Taking on a huge fine or, even worse, serious reputational damage cannot be an option during these challenging times.
The good news is that security is the number one priority for business and IT leaders alike – and there are many public cloud partners available to help ensure that the organisation does not buckle under the ultimate stress test.