Cloud security and the public sector: A dangerous partnership or a growing necessity?
When it comes to making a move to the cloud, one of the biggest concerns is security. These concerns tend to be even greater among the public sector organisations, given the value and nature of the data residing within these organisations. The cloud is sometimes still considered the “sum of all fears” because it is intangible and invisible. Naturally, government organisations have many questions. Where is the data is located? Who has access to it? How it is kept safe? And that’s just to name a few.
But despite the perception that the public sector lags behind its private sector brethren, many in the public sector are starting to embrace the cloud. Decision-makers want to understand the potential benefits from a move to the cloud. However, given that change and procurement cycles are typically longer, as well as the sensitivity of the data they handle, government bodies are generally not the early adopters of technology. Operating in such highly regulated sectors also tends to curb the urge to make rapid changes. Organisational processes, such as budgeting, terms and conditions, and procurement, don’t allow for much flexibility when it comes to moving to the cloud. Additionally, regulations and processes have been designed to handle traditional sourcing methods, not cloud offerings, further slowing the adoption of new technologies. In short, quite a few challenges exist to keep public organisations from moving to the cloud as quickly as others.
While such hurdles have been in the way for some time now, public organisations have found ways to overcome them, in part because decision-makers wisely used this time to familiarise themselves with cloud technologies and their benefits. But, having a real necessity and compelling event can help drive adoption and speed necessary processes. And one compelling event that could propel cloud adoption is the growing challenge in recruiting cybersecurity talent.
The cybersecurity talent shortage is a real challenge. CSO Online reports that this skills shortage has worsened in each of the past four years. Forbes added that, by 2021, there will be more than 3.5 million unfilled cybersecurity positions on the market, calling this situation “an industry crisis.”
Source: CSO Online
Why do these figures matter for the public sector? Unfortunately, public organisations need to compete for talent with companies that are better positioned to attract employees simply by offering better wages. Cybersecurity is a complex discipline requiring deep and broad knowledge—a killer combination for many. This broad knowledge is sought after as security stacks are often based on a multivendor policy. There’s a need to know multiple technologies, operating systems, UIs, implementations, design patterns, and behaviours. People who need to operate those stacks need to be technical black belts, as security stacks only serve their purpose well when they’re properly maintained. Patching and upgrading to keep all of the stacks ready to fulfill their task is a time-consuming, never-ending endeavour.
Overcoming the challenge of hiring cybersecurity experts in an age of professionalised cybercriminals and an ever-growing need to heighten and automate security could be the compelling event for public organisations to turn to a cloud offering. Cybersecurity delivered through a cloud-based service can benefit private and public organisations. A complete cloud security stack is a fully managed service in which all operational aspects of updating patterns and patches are handled by the cloud provider. Such a cloud-based service provides incredible benefits for in-house security experts. There’s no need to worry about those timely upgrades and patches that take up so much of a security team’s time. Once these tedious, repetitive tasks are offloaded to the cloud security provider, a lean in-house team can focus on what really matters: security policies.
Cloud security provides additional benefits. One of them is the ease of introducing new features that can be turned on and off as needed. For instance, when organisations plan to deploy a sandbox, the traditional world process is lengthy: RFI, RFP, design, implementation. In many cases, this may take months and a lot of human cycles—including by the security team. In a cloud world, a sandbox feature is simply turned on and organisations can start using it almost immediately.
Cloud security can become a real advantage in a world featuring high demand for a watertight security posture and a lack of experts. Security teams can become more nimble and agile and can do much more with less effort.
A good example of cloud security is Zscaler Internet Access (ZIA). Internet access security stacks are the most complex and expensive security components at the enterprises. This is where organisations defend their network from the evil that sits in the internet by defining proper policies. ZIA works as a “perimeter as a service” from the cloud. As it is consumed as a service, it can radically simplify the traditional outbound internet gateway. The only component that stays at the premises is an edge device that forwards the traffic to Zscaler and the complete security stack at the Zscaler cloud will take care of the enforcement.
Cloud security is becoming a necessity for all types of organisations. It may help in addressing the security talent shortage, as those in the private and public sectors will be able to do much more with less.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sebastian Grabski is a Zscaler Sales Engineer for Eastern Europe