An Allied Market Research (AMR) forecast has shown that the global cloud services market will rake in $555 billion in revenues this year.
This indicates a 17.5% overall growth rate for the cloud computing industry from the previous year. There’s no doubt that the COVID-19 pandemic has accelerated cloud adoption around the globe and, with it, organisations’ cybersecurity risks have also been ramped up.
The Cloud and Cyber Security Expo 2021, hosted this week in London, gave attendees the chance to discuss the latest trends, challenges and opportunities that cloud computing and cybersecurity have to offer.
Among the topics that really got people talking were the return to office environments post-pandemic, the need for enhanced security at the software development stage, and the idea of balancing risk v reward.
Impact of the pandemic
Kicking of a keynote session, Neil Sinclair, national cyber lead, Police Digital Security Centre, said: “For most, if not all of us, this is our first live event for some 18 to 19 months, which considering that we’ve been going back to football, cricket, rugby, music concerts and what have you, does make me wonder what Sage actually thinks of the IT sector.
“Obviously, we’ve had 17 months of incredible change and that’s hopefully brought the tech industry very much into everybody’s focus. We’ve now all realised that we have our IT with us from the moment we wake up in the morning till the moment we go to bed at night. We think about how we interact with it, how we’re interacting with it in our homes, as opposed to in the workplace. A lot of businesses are going back to work in a real sense for the first time today. The people coming into their space now will hopefully have different attitudes. They’ll interact in different ways.
“So all those sorts of things have changed and become more part of our consciousness. And people will be looking for fixes.”
Heading back to work
Sinclair noted: “From an enterprise point of view, how easy or difficult is it going to be now with us going back to work and talking to people who’ve been doing it at home? People who have been hopefully thinking about having admin accounts, about what it means to have restrictions on various aspects of their interaction with the cyber world, knowing that they can’t share passwords, why they should change passwords, ubiquitous multi factor authentication. Two factor authentication, 18 months ago, the NCSC said it was probably going to be the panacea for all evil. And now we realise that it helps but it’s not the end all. There’s much more that we need to be thinking about.
“Beyond that, perimeter security has really changed over the last 18 months. What does that now mean and how do we implement it? And, of course, the movement of so many businesses to the cloud, and the problems that’s possibly caused, as well as resolved for not only enterprise, but even for small businesses.
“Fortunately, we have seen a massive drop in the number of photos that appear on the web from leaks and what have you. So maybe people are doing something different. But when we get back into the business space, how is that going to manifest itself in how our people work, how they understand the strictures that we put on them.”
Security at the development stage
Amitabh Singh, Field CTO EMEA, Palo Alto Networks, commented: “The challenge has been that you have a set of developers who are developing and then they ask ‘why should we actually be focused on security, because that’s another team that should be focusing in that. So why should that be my problem?’
“I think it seems now and with a with the inception of cloud native applications development, it’s important that we do have ingrained templates that are available. And there are two subsets that are available, which can actually take a risk and actually check the issues when you are doing coding, which can solve some of the problems we’ve been seeing so far.
“And it’s an important shift left philosophy that the whole Software Development Life Cycle (SDLC) has to think about no. That’s a concept that at least I personally believe in.
“Why don’t we actually start using those ingrained tool sets that are there, then start checking those applications as when they are being built, as and when they are being deployed. That they are tested before deployment actually happens, and use those standards because we know that cloud applications are no longer those 20-30 lines of code that have been there. There are millions of lines of code and those development doings are not just phased in one single location. They’re working across multiple regions. And now it’s even more that they’re working across continents. So having your standardised templates that actually automatically check before code has been actually deployed, is I think the way to go forward.”
Risk vs. reward
Abhishek Vyas, InfoSec Risk Manager: Cloud/DevSecOps, Admiral Group, said: “While we’re talking about risk, I think the question actually is, what’s the reward? Is it worth taking this risk for the reward at hand? So for me, it’s about having almost a cost benefit analysis view of that risk itself, and its position in the business risk taxonomy. Because I think while we want to reduce the risk, we’re also there to help get the reward. So it’s about having that balanced view.”
TechEx Global, hosted on September 6-7 at the Business Design Centre, London, is an enterprise technology exhibition and conference consisting of four co-located events covering IoT, AI & Big Data, Cyber Security & Cloud and Blockchain.
