Strategic Resources May 2024 Corporate Presentation
4B - Is the cloud safe - Ed Zedlewski
1. Is the cloud secure?
Ed Zedlewski, CIO, Eduserv
www.eduserv.org.uk
2. Cloud defined…
Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network access
to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and
released with minimal management effort or service
provider interaction.
[National Institute of Standards and Technology]
www.eduserv.org.uk
3. Cloud defined…
On-demand self-service SaaS
Broad network access PaaS
Resource pooling Private Cloud
Rapid elasticity Community Cloud
Measured service Public Cloud
consumption Hybrid Cloud
IaaS
www.eduserv.org.uk
4. Cloud defined…
I want to buy only the computing I need, when I need it
www.eduserv.org.uk
5. What is Cloud Security?
I want my information and my services
protected from the bad guys and from accidents
www.eduserv.org.uk
7. Cloud scepticism
• 37% of businesses cite security concerns
• 13% (and rapidly rising) complexity of IT systems
integration
• 13% resistance to change
www.eduserv.org.uk
8. … yet growth in cloud services is
rising faster than ever
• 71% of local government organisations are using
cloud computing
• 37% of local government are currently using
cloud applications
• UK adults accessing the internet through a mobile
device doubled between 2010 and 2012: source:
Ofcom
9. Who is looking after your
service at 03:00 hours?
www.eduserv.org.uk
13. How do you access your cloud service
• 8bn people
• 12bn MID
• 2bn houses
• 2bn TV’s
• 1.5bn bicycles
• 1bn cars
www.eduserv.org.uk
14. How secure is your own IT shop?
• You will be subject to the same security challenges
• Do you have all the necessary skills
• Are you prepared to pay the cost of providing
service elasticity
www.eduserv.org.uk
15. Increase in cyber-attacks
(twice the level seen in 2010)
On average 54 significant attacks by an unauthorised
outsider were made on each large organisation in the
last year
www.eduserv.org.uk
16. Security breaches by staff
Computer fraud; data loss; regulatory breaches; lack of
education about security
• 19% of organisations suffered staff IT fraud
• 20% of small businesses lost confidential data
www.eduserv.org.uk
17. Security Investment?
67% of large organisations expect more security
breaches next year
50% of large organisations expect to spend more on
security next year
The challenge is getting value from the investment
www.eduserv.org.uk
18. MYTH: An in-house (xxx) server is more
secure than a hosted solution
TRUTH: for a business without dedicated, in-
house IT Professionals to monitor the security of
its network, in-house server solutions have less
physical security, digital security and backup
security than hosted solutions
19. MYTH: An in-house solution offers
more control than a Cloud solution
• Maybe, but is this good or bad?
• Who is counting the cost of change?
• Heavy customisation increases cost and
reduces reliability
• Application servers are very
complex, requiring high levels of skill 24x7
• Often cloud services abstract complexity
20. So what’s the difference?
• Robust authentication & authorisation
• Applications need to be architected for cloud
deployment
- Never trust user input
- Encode all output
• Consider data encryption
• Effective service and contract management
21. Professionally built cloud services
• Offer flexible levels of performance & security
• Security designed in (not bolted on)
• High availability designed in
• Are monitored 7x24x365
• Expertly managed
- Delivering appropriate CIA
www.eduserv.org.uk
22. Questions?
Ed Zedlewski, CIO, Eduserv
Ed.Zedlewski@eduserv.org.uk
01225 470431
Or visit the Eduserv stand
www.eduserv.org.uk