Is Cloud Migration Complexity Depriving the Public Sector of Security Talent?

Written by

In the same way that commercial organizations that have been adopting cloud services in droves, public sector and government organizations are now viewing the cloud as a real opportunity.

In the UK, the government is looking to the cloud to support its aim of providing a more agile, customer-centric services model, taking advantage of its agility and flexibility so that it is more capable of serving its users wherever they are.

The cloud also offers significant opportunities for reducing costs, as its scalability enables the organization to add and remove resources when they require them. It also allows organizations across different sites to pool resources, whether that be across an NHS trust or various local governments. 

For the public sector, this unleashes huge potential for more strategic, cost-effective IT purchasing. However, a serious challenge that many organizations are facing is exactly how to manage, both effectively and securely, the rapidly increasing number of cloud applications and environments. 

McAfee’s Cloud Adoption and Risk Report found that the average enterprise uses 1,427 distinct cloud services – a 23% rise on the same quarter one year earlier. This growth is only expected to continue, making it even more complex and challenging to securely manage.

Another drawback of this approach is that it potentially leaves data vulnerable as it travels between different applications. As the public sector deploys more and more cloud services, it will become an increasingly complex task for security professionals to manage the controls of each offering. 

The impact of the UK’s cybersecurity skills gap has been well publicized, but this trend is hitting public sector organizations even harder. A recent report by the Joint Committee on the National Security Strategy argued that the public sector is hampered by an inability to compete with salaries offered by the private sector, as well as a failure to attract women to the security profession. 

What’s more, the stakes for securing the public sector and critical infrastructure are extremely high, given their strategic importance to the country and their position as a prime target for cyber criminals.

Given the skills gap and the stakes at play here, security talent needs to be best deployed where it is most needed – at the front line, so to speak, where they have the time and resources to investigate and provide strategic solutions to defend organizations against a sophisticated threat environment. It is therefore crucial that public sector organizations plan ahead for how they can most effectively manage the security of their growing cloud services, so that their security professionals are freed up to protect valuable information and data.

One approach that is rising in popularity is to consolidate the security controls management into one single platform. Cloud access security brokers (CASBs) sit between the end-user and the cloud providers to consistently deliver security, compliance, and governance policies across all the applications in use.

Gartner predicts that by 2020, nearly two thirds of large enterprises will be using a CASB service, up from just 10% today. This approach presents a significant opportunity for the public sector to ensure that not only are their cloud services secure, but that the transition now and over the next few years doesn't dominate their security talent's time. 

There is enormous potential for the public sector to drive further efficiencies and deliver better services through the cloud-first model. Security is often seen as a barrier to such progress.

However, by adopting a solution that future-proofs organizations against the complexity of managing a rapidly growing number of diverse applications, the public sector can truly harness the benefits of the cloud confidently, efficiently and securely. 

What’s hot on Infosecurity Magazine?