noun_Email_707352 Breadcrumb arrow noun_917542_cc noun_Globe_1168332 Map point Play Untitled Retweet

Public sector – what to do with the cloud? Ideas and tips

Yet another hot summer (and an extended one), yet another massive breach.

Peter Österdahl / September 17, 2019

Yet another hot summer (and an extended one), yet another massive breach. Predicting Security Breaches is like predicting the effects of climate change; both will only get worse until we actually start doing something about it.

During the summer, I have been reflecting on the first half of the year, and what insights it could give for the second half. Some of the expectations and requirements from our customers will most likely be within secure cloud transformation services and/or migrations. But I also believe the need for Cloud Security Assessment or Cloud Security Reviews will be needed for a lot of the business who were early adopters.  The current speed of cloud migration and adoption is immense.  

Businesses are one thing; but how does the public sector stand in relation to the cloud? As discussed in my previous post,  there seems to be some hesitance for using cloud in the public sector.  

It is gratifying to see that things are happening on this front. In Finland, The Ministry of Finance has drafted a decision on policies which ”...specify how data owned by a public sector organisation canbe processed in cloud services.” (…) ”The aim of the policies is to support decision-making in the central governmentcounties and municipalities as they plan and procure new ICT services.” 

In Sweden, the situation is somewhat different. As reported in February, based on a six-month review by Sweden’s National Purchasing Center, “The Swedish government has said it will not set up a cloud framework for the procurement of public sector contracts, claiming it would receive “zero tenders”. (…) “It found that suppliers in the Swedish market would not be able to meet its technical or legal requirements.” 

In a way, the hesitance of the public sector – reflected as differing policies in even neighboring countries - is completely natural. Considering that for example only recently there was news from overseas that the FBI has arrested a person in what seems to be quite a breach of customer data from the bank Capital One. The data of 100 million customers compromised from data stored in the cloud. 100 million customers equal the population of Germany and Sweden combined. 

While any breach is of course disturbing and painful for the parties involved, the public sector (as it should) is even more wary of citizen data or other society sensitive data falling into the wrong hands.  

However, the cloud is here, and much needed. No one organization can possess the resources to maintain AND develop an ICT environment which encompasses all that it is required to do in this day and age. 

What, then, is the best way forward? 

There are some things which come naturally as first steps when considering the cloud. Below these tips listed: 

  • Asset managementStart by reviewing your assets. If you are not aware of what you have, how can you protect yourself?  
  • Security assessment. Treat the cloud as any other on premise environment. Things are moving fast,so also get a second opinion in order to be risk aware. 
  • Get rid of the blind spots Ensure the relevant policies are in place; and follow up and make sure they are followed. 
  • Ensure visibilityMake sure that your Security Operations have the same kind of visibility of the cloud as they do elsewhere in your systems. 

 

Tieto Security Services can help you with the necessary controls and mechanisms to make your cloud transformation journey secure!  Already out there? Contact us to get assistance from one of our consultants -  ensure you are on the safe side and on the right track. 

Security in Hybrid Cloud

Peter Österdahl
Business Developer, Tieto Security Services

Peter has a long track record of helping businesses increase their security posture. With a curious mindset and a geek's mentality towards technology, Peter helps customers navigate through the enormous security landscape to achieve the best possible outcome. This curiosity led to a deep dive into GDPR and the many challenges our customers and their consumers face, to better understand and advise on how security can play a supportive role in order to obtain compliance. Peter has a background from companies such as F-Secure, Atea as well as Nordic startups.

Share on Facebook Tweet Share on LinkedIn