5 minute read
Cloud Computing
Contributed by Daisy Radford of the Information & Communications Technology Committee
Cloud computing has been around for years, but fully deploying it within government and critical national infrastructure is no small feat. Based on 'Fast Moving Clouds Ahead', 10th November 2020, a blog by Chris Poole.
Advertisement
Cloud computing – a term and approach which brings us closer to the future every day. Even those of us who may not understand it will doubtless use it at some point – think Spotify, Microsoft 365, or Netflix (the standard app rotation on a given circuit breaker day!)
With Singapore’s 5G plans making exciting progress cloud computing is an element that will bring the awesome benefits of 5G to life for individuals, companies, and governments.
There are many government organisations that have been taking full advantage of cloud computing for years. But while any large organisation is hungry for cloud computing numerous benefits – reduced IT costs and empowered mobile workforces – governments understandably require higher levels of assurance, just consider sectors like Defence and National Security. How can they and other highly secure organisations reap the dividends cloud computing has to offer?
The challenge is not an easy one. Government organisations possess large amounts of data across multiple complex environments. Public officers have to deliver services and missions while maintaining top levels of security assurances. At BAE Systems we support many high security organisations with this challenge, a mix of technology and process implementation means achieving that risk and accessibility balance is possible, even for the most classified of organisations.
The spot light on cloud computing security has certainly intensified this year. COVID-19 suddenly meant it went from a nice to have to a necessity. Although these transitions have been at break neck speed the outcomes have been very successful due to the combination of implementing technological solutions and shifting the approach to risk management.
Cross-domain as an enabler Any solution has got to balance security and usability – what’s the point of having the most secure system if it’s not usable? The success of team collaboration is often the success of an organisation therefore emails, calls, messaging, or collaboration platforms are now seen as a fundamental tool to enabling organisation progress.
Employees expect their work IT to be as good, or better, than their home laptops or phones – quick, easy to use and stress-free. The recognition for security is of course there but the hope is CISO’s can deploy technologies to keep things secure while keeping collaboration running smoothly.
Many government and high security organisation have unclassified and classified environments. The use of widely available cloud technologies are easier to implement on an unclassified environments but having complete segregation between the two creates inefficiencies, frustrations and is not necessary. Cross-domain enables import or export of data between environments, developing applications in public cloud, searches running across environments, or seamless collaboration across environments.
Cross- domain technology isn’t new but it has rapidly been elevated as an enabler to maintaining current productivity output levels rather than solely as a growth and enhancing initiative.
Threat based cloud security As everyone, everywhere, has directly learnt this year, change is the only constant. Recognition of this is required to maintain a relevant security policy.
We’ve seen huge number of organisations going from a no video conferencing policy to having to use it daily. These U-turns have been achieved within a matter of weeks, something that we would have guessed would take months, if not years, before 2020!
With cloud computing things move fast and sticking to a “risk adverse” model will impact an organisation’s effectiveness and more worryingly it is likely to have an adverse impact on risk exposure. The most vulnerable element to security is an organisation’s employees and unfortunately it happens far too often where frustrated employees circumnavigate IT controls in order to get their work completed more efficiently on personal devises.
Therefore when it comes to cloud security understanding the business context and the dynamic threats landscape is vital. From this a threat assessment and threat model can be played into the security policies allowing organisations to evolve in step with advancement of cloud technology.
What’s next? 5G will be a catalyst in cloud computing, large cloud investments on going in the US (such as the JEDI programme) will also support the developed and trust around cloud computing solutions. Edge computing (think cut-down cloud capability in the field) is another likely development and likely to be driven initially by Defence organisations with their need for capability that quickly and simply interoperates with the main enterprise. It’s clear that processes, behaviours, and technologies will mature and cloud computing will increase. Government and high security organisations will need to adopt cloud technologies otherwise they’ll struggle to maintain an empowered workforce. It’s not easy but if 2020 has taught us anything it is that rapid and decisive change is possible even in the most highly secure organisation.
ABOUT THE COMMITTEE
The ICT committee’s mission is to inspire, educate and engage Chamber members and non-members on the transformative capabilities of Information Technology to their business. The goal of the committee is to add value to the Chamber and its members through activities that demonstrate the value of ICT solutions to their business; educate them on future ICT trends that will impact their business; offer member networking opportunities to better enable business across the region; share knowledge and insights, and attract new members to the Chamber. Visit britcham.org.sg/committees/ict for more information.
