By Matthew Tyler, CEO of Blackfoot UK
I hear an awful lot of rubbish spouted about ‘clouds’ mostly relating to risk and security concerns. I also see an entire new industry all vying for the inevitable IT spend.
The main question we hear is, Should I move to the cloud?
This is not the question that you are looking for…
Organisations now require IT as a utility with equal importance to other utilities such as power and water. Put simply why would you want to generate your own power when it can be delivered to me down a pipe? The benefits are virtually endless, you don’t have to mine the coal, burn the coal, you don’t have a supply chain to manage or ensure you have enough coal – the same theory now applies to IT and the cloud.
The question you should be asking is…
Why can’t I move straight to the cloud? I’ve spent more and more each year getting less and less secure… What has all this money achieved?
Put simply why would you want to generate your own power when it can be delivered to me down a pipe?
Over the last 10 years, UK PLC has spent over £30billion on IT Security, which is rising at 10% per year AND the ICO stating that the amount of data breaches has risen 10 fold in the last 5 years.
This question can be answered with both simple psychology terms as well in a more complex way by taking into account changing technology and a consumer revolution.
IT PLC has failed abysmally at translating our unique language so that normal people can understand.
IT PLC has failed abysmally at translating our unique language so that normal people can understand. An example is footfall vs visitors and who would want more hits of no value surely any sane person would want less hits and more users.
The historical answer was to purchase something physical with lights on, which everyone can point at and feel that they have received value for money. The people who have paid for it can look at it can wonder what it does but can see the little lights flicker, hoping that this is the last ‘little box’ they are asked to buy but always knowing that in reality another flickering box will inevitably follow.
The more complex technical answer is that over the last 10 years the OWASP application weakness top 10 has not changed and applications are still as weak as they were then. The difference is that everything is now hyper connected and hacking is far easier using kits such as Black hole ‘point and click’ hacking requiring little to no skill.
Many IT people aren’t application aware, having come from a transport or build background. The networks they built were strong at the edges, secure, fast, controlled. Vast sums were spent on creating the best internal networks to quickly deliver the applications organisations relied on for their daily activities. These systems kept the baddies from the small number of tightly controlled points where data would enter or leave their shiny fast state of the art networks. But with todays mobile technology these once tightly controlled points are being relaxed to cater for this need for mobility in business.
The problem is Moore’s Law versus simple accountancy. Over the last 10 years consumer tech is now cheaper faster, more reliable and easier to use. Consumers are less willing to ‘sweat an asset’ as consumer tech is cool and about having the latest fastest coolest, smallest device and the need to access to applications on the move. People use their devices to do their work on because they are more familiar, convenient, more stable, and of course cooler.
Organisations in a drive for increased efficiency have sweated the ‘infrastructure assets’ as well as opening up the once very closed applications to the general public, CRM systems are now online client engagement portals, email is now accessible anywhere at anytime.
Applications have been widely ignored, 76% of large organisation data theft comes from Web servers, Databases and Mail servers and the time taken from initial attack to data extraction in 72% of cases happens within seconds or minutes.
The answer to the cloud question is: If your application security are not ready to put straight into the cloud then what have you been doing for the last 10 years?
About Blackfoot: Blackfoot is an information security and compliance specialist dedicated to protecting client’s reputation and profits by providing strategic and pragmatic advice to reduce risk, liability and costs.