Yet another hot summer (and an extended one), yet another massive breach.
During the summer, I have been reflecting on the first half of the year, and what insights it could give for the second half. Some of the expectations and requirements from our customers will most likely be within secure cloud transformation services and/or migrations. But I also believe the need for Cloud Security Assessment or Cloud Security Reviews will be needed for a lot of the business who were early adopters. The current speed of cloud migration and adoption is immense.
Businesses are one thing; but how does the public sector stand in relation to the cloud? As discussed in my previous post, there seems to be some hesitance for using the cloud in the public sector.
It is gratifying to see that things are happening on this front. In Finland, The Ministry of Finance has drafted a decision on policies which ”...specify how data owned by a public sector organisation can be processed in cloud services.” (…) ”The aim of the policies is to support decision-making in the central government, counties and municipalities as they plan and procure new ICT services.”
In Sweden, the situation is somewhat different. As reported in February, based on a six-month review by Sweden’s National Purchasing Center, “The Swedish government has said it will not set up a cloud framework for the procurement of public sector contracts, claiming it would receive “zero tenders”. (…) “It found that suppliers in the Swedish market would not be able to meet its technical or legal requirements.”
In a way, the hesitance of the public sector – reflected as differing policies in even neighbouring countries - is completely natural. Considering that for example only recently there was news from overseas that the FBI has arrested a person in what seems to be quite a breach of customer data from the bank Capital One. The data of 100 million customers compromised from data stored in the cloud. 100 million customers equal the population of Germany and Sweden combined.
While any breach is, of course, disturbing and painful for the parties involved, the public sector (as it should) is even warier of citizen data or other society sensitive data falling into the wrong hands.
However, the cloud is here, and much needed. No one organization can possess the resources to maintain AND develop an ICT environment which encompasses all that it is required to do in this day and age.
There are some things which come naturally as first steps when considering the cloud. Below these tips listed:
Tieto Security Services can help you with the necessary controls and mechanisms to make your cloud transformation journey secure! Already out there? Contact us to get assistance from one of our consultants - ensure you are on the safe side and on the right track.
Peter has a long track record of helping businesses increase their security posture. With a curious mindset and a geek's mentality towards technology, Peter helps customers navigate through the enormous security landscape to achieve the best possible outcome. This curiosity led to a deep dive into GDPR and the many challenges our customers and their consumers face, to better understand and advise on how security can play a supportive role in order to obtain compliance. Peter has a background from companies such as F-Secure, Atea as well as Nordic startups.