Combining the right services
The conversations around the cloud now focus on maturity, and with that comes responsibilities that organisations might not be aware of
When you think about it, how the talk about cloud services has changed in recent years has been substantial.
Once, it was about moving to the cloud as part of your digital transformation strategy. Now it’s about figuring out the right combination of services, from public and private right up to Kubernetes, containerisation and more.
Yet this talk is the issue of compliance, which is gaining more prominence thanks to new legislation like the EU Data Act, which clarifies who can create value from data and under what conditions.
As regulators and legislators become more attuned to these services, it’s a good time for organisations to increase their knowledge and awareness of their responsibilities, which now concern the entire business.
“We’re now talking about compliance because we’re not just asking what the performance needs, user needs and developer needs; it’s how do you meet compliance requirements,” Conor Scolard, technical director for Ekco, said.
“Previously, you might have had an on-premise system which brought PCI, ISO or similar security certification. Now when you move to a public cloud, the shared responsibility model that they give customers falls too short of what they need.”
That shared responsibility model can create a significant gap in which a managed cloud provider like Ekco shows its strengths. Understanding where an organisation is and the challenges faced is crucial, especially as other parties are now taking an interest in compliance.
Scolard mentioned they’re seeing increased demand from insurance providers and third-party risk assessments. With the number of ransomware incidents Scolard has dealt with in the last two years, it’s a sign that organisations need to be prepared for multiple reasons.
“In the past, the controls required would have been high level,” Scolard said. “For example, if you said you had an IT security policy, that would be enough.”
“Now insurance companies are asking companies questions like if they’ve multi-factor authentication enabled on all systems, and some companies are falling short. They’re getting more tech-savvy and are asking detailed questions.”
An example of that detail came from one of Ekco’s clients who received 163 technical questions, which Scolard described as “wonderfully technical”.
Questions like if a company has an SOC, an instant response plan and the type of controls they have are signs that strong compliance is becoming the bare minimum, instead of going above and beyond.
“We help with that as well as with understanding what the compliance needs are and making sure that we have the right architecture holistically as well,” he said.
One of the challenges is the rate of change in tech, making long-term plans almost impossible. It means that you must plan with flexibility in mind.
The main reason for this is a development in cloud two or three years later could require you to modify your setup significantly. That’s why knowing what you want and need now and preparing accordingly will set you up in the long run.
“It’s all about making sure you have the right architecture in place, understanding what you want to get out of it, what financial limits there are and being able to educate them,” he said. “Something might be out of your scope today, but if you have the right architecture and you grow over the years, it should be easy to add on.”
Another element mentioned earlier is the fear of ransomware and other attacks. It means that the security models that come with the different cloud providers and services, not to mention the fragmentation of services which has its pros and cons, have changed substantially as well.
The major growth areas with cloud services, Scolard said, involve adopting tools like Microsoft Office 365 to work remotely, the continued management of legacy hardware where a switch isn’t easy or financially feasible and the higher adoption of SaaS applications and services.
“It’s about getting broader with existing toolkits and services that they already bought into and getting that more mature adoption of those tools,” he said. “That’s the first place we’re going to see grow.”
