UK public sector organisations aren’t debating whether they should adopt cloud or not. The real debate is about how they can adopt cloud technologies. UKCloud’s State of Cloud Adoption Report recently uncovered that 87.2% of organisations would move their IT to the cloud if the perfect solution existed. But there lies the problem – the ‘perfect solution’ doesn’t exist. This can be attributed to the technical challenges, commercial risk, or the skills and capabilities required. So how can the UK public sector adopt cloud technologies safely?
The top three concerns that are slowing cloud adoption:
Cost and Affordability of Cloud
Public sector organisations understand that Cloud First doesn’t mean cloud only. There also isn’t a one-size-fits-all solution. Some organisations have a policy not to use public cloud at all, and others would prefer private cloud to mirror their existing environment. It’s clear that digital transformation is coming, but it is happening too slowly. Especially when most organisations agree that cost is the most significant factor slowing cloud adoption, with some being unable to afford to move until existing environments have fully depreciated.
A lot of organisations would agree that CAPEX costs are much easier to budget for than OPEX costs. So, does the solution lie in multi-cloud and private cloud environments?
Security Concerns of Cloud
Our public services must be protected, and security concerns and risks shouldn’t be dismissed. However, organisations can take advantage of the benefits cloud can offer with a whole range of security mitigations. Other prevalent concerns about risk can be broken down into compliance, fear of failure, vendor lock-in, and reliance on a sole partner.
A loss of visibility can also cause concerns about migrating to cloud. 85% of those surveyed said their organisation is reluctant to move workloads to the cloud due to risk and security concerns. However, there are numerous cloud-native monitoring options, and those that sit across the entire stack, to help manage cyber risk.
Almost two-thirds of local authorities surveyed would not consider using public cloud for their most secure and sensitive systems, like those connected to the PSN. However, the Police National Computer is moving to a public cloud environment. This attitude to risk also suggests an increased demand for multi-cloud solutions, combining private and secure clouds. However, data classification can play a part in helping to secure these platforms, for example, stopping employees from sharing sensitive information such as child protection records with users who are not authorised to view them. Getting data classification right from the start and driving policies from the centre makes it much easier to keep data safe and secure. Ultimately, employees need to be protected by policies that stop them from inadvertently exposing confidential data.
Skills and Capabilities for Cloud
We have seen many organisations choose to build new applications rather than utilise legacy migration or specialist Software-as-a-Service (SaaS) providers. Some organisations also lack the skills and resources to build and manage cloud-native applications and being unable to find the right professional skills can also hinder cloud adoption.
Your cloud strategy and policies must be clear to progress with the implementation of cloud technologies; otherwise, this can also hinder adoption. Well-thought-out security policies, security awareness programmes, and access control procedures are essential. Getting data classification right from the start and driving policies from the centre makes it much easier to keep data safe and secure.
In conclusion, public sector organisations must look to diversify their cloud strategy and look to multi-cloud environments to achieve their goals. The survey found that more than half of public sector organisations expect to do so. This means that you can choose the right mix of private, public and secure cloud services to suit all of your requirements, ultimately speeding up your cloud adoption. Faster adoption is important to start accessing the resources and data that your organisation holds, delivering better insight and outcomes for citizens.
Cantium recently released a white paper exploring cyber security for the public sector, including:
COVID and the accelerated adoption of cloud technologies
Exploring an accelerated adoption of cloud technologies, ‘Cloud First’ and the promise of cloud.
Cloud governance considerations
The challenges of the public sector, data governance and cloud spend.
Building secure cloud environments
How to build secure cloud environments, data classification and the zero-trust security model.
The role of human error in the threat landscape
Why humans are the weak point, remote workforce and how to successfully mitigate risk.
People, Process and Technology
How to balance each of the components and how cyber criminals will target your network.
Keeping your cloud secure
The layered security strategy, Table-top exercises, and Data location and Classification.