A new report concludes that UK organisations are facing the ultimate stress test in protecting their Public Cloud architecture, as the pandemic sees new pressures applied – both in usage and cyber threats.
The survey, conducted by Opinion Matters and commissioned by AWS Premier Consulting and Managed Services Partner HeleCloud, discovered that while confidence in Public Cloud security has risen significantly among UK organisations (96%), there is a clear misunderstanding in what Public Cloud offers in terms of data protection.
Despite experts including the DCMS reporting a major spike in cyber-attacks since the pandemic began, only a third (38%) of UK organisations have assessed their Public Cloud architecture in the past six months. This falls short of the continuous assessment advocated by leading Cloud providers and their partners, leaving UK businesses open to data leaks and attacks.
“It is not uncommon that organisations of all sizes overestimate what Public Cloud does in terms of cybersecurity and compliance. It is without a doubt the most secure platform for data. However, to ensure this level of security, organisations have obligations and duties under that they need to fulfil,” explains Dob Todorov, CEO and Chief Cloud Officer at HeleCloud.
Business leaders vs. Security team
There was, however, some disparity in how confident people in different roles were about how well their organisations were utilising the tech. While 91% of security leaders felt that their chosen Public Cloud architecture was being used to its full potential, only 77% of business leaders agreed or strongly agreed with this statement.
“To Public Cloud providers, personal data is just zeros and ones. To organisations, personal data is an information asset and needs to be protected as such. GDPR obligations are much more straightforward to fulfil in the Cloud but they are still the responsibility of the organisations collecting and managing personal data – which is in effect every organisation – and not of the Cloud Services Providers,” he says.
UK skills shortage continues
The report also confirmed that a lack of understanding around Public Cloud security requirements was, in part, due to a demand for specialised cloud and security skills within UK organisations. In fact, 46% of UK SMEs and 43% of enterprise organisations believe human error to currently be their biggest vulnerability. What’s more, 7% of UK organisations don’t think they’ve got any vulnerabilities at all, suggesting a lack of expertise in identifying and managing Public Cloud dangers.
The report also found that your understanding of this demand and its impact depends on who you are in the business. While 68% of security leaders strongly agreed that their teams possess the necessary specialist skills to keep their businesses safe from cyber threats, only 45% of IT leaders and 38% of business leaders felt the same way.
Frustratingly for many, the skills gap cannot simply be solved by hiring more people. 40% of UK organisations noted a timeline of between four and six months to hire people with the specialist Cloud experience needed.
“When it comes to security you’re only as strong as your weakest link. To tackle this, a holistic approach to security is required as no area can be ignored. However, organisations must not attempt this alone. Partners with specific Public Cloud security competencies under their belt should always be first on the list when it comes to solving security and compliance challenges in complex AWS architectures. Organisations don’t know, what they don’t know. This means that if an expert in Public Cloud security is not present, the architecture will not be held up to objective scrutiny and their exposure is much higher than they think or are able to tolerate,” continues Todorov.
To manage the risk of huge data losses, the report suggests that businesses look to Public Cloud partners, allowing access to expertise on how to best safeguard their Public Cloud environments without the need to wait six months to get it.