Skip to main content
Server room

Security assurance in the cloud

Sean Grimes, director of IT services at Agilisys shares his thoughts.

Why is security still such a sticking point for local authorities when considering cloud adoption?

In today’s digital age, security assurance in the cloud is an issue with which local authorities are still grappling

More lately, any caution about the cloud lies not so much from the likelihood of a security breach but the high-profile nature of these breaches in the media and the impact on an organisation as a whole.

Cloud adoption across the public sector has overall been good, with a clear understanding of the concept and benefits of harnessing a cloud solution – but we’re yet to see the same level of adoption among local authorities. Although not a completely new paradigm, teams have historically been hindered by the ability to redesign and transform services to the cloud securely.

Every aspect of IT requires a holistic approach to security and cloud is no different. Understanding the value of data being stored in the cloud and the pressures on an organisation to protect sensitive data is critical when selecting a Cloud Service Provider (CSP).

We often hear the phrase ‘sleepwalking into the cloud’, where the division of responsibility between the chosen CSP and in-house IT team is not always clear. Recent reports claim that 80% of chief information officers worry cloud will cause them to lose control over their IT; even more startling predictions suggest 95% of cloud security failures will be the customers’ fault.

In our experience, cloud security is a joint responsibility between CSP and customer, who must treat the security of their cloud systems in the same way as locally hosted services. Early identification of systems and infrastructure for which the CSP is responsible and the solutions and applications that remain under the control of the CIO can avoid any potential pitfalls. In other words, the cloud should not reduce control; it should increase an organisation’s capability to focus on and achieve higher levels of security.

Changing any IT system has inherent risk and moving to the cloud is no different but the shift should be seen as a transformative move about which CIOs can feel positive, potentially providing more control over specific aspects of their IT, not less.

From our perspective confidence is growing. Our cloud services have been adopted by 70% of our major local authority partnerships, with the remainder actively considering cloud. It is possible that over time security will be one of the major factors quoted in favour of a move to the cloud; that, along with our proven adherence to local government security principles, will contribute greatly to dispelling any fears about the cloud.