Leading solutions for the public sector
Cloud has gone mainstream and, as one of the crucibles of the new digital economy, innovative cloud services, platforms and infrastructure are helping to deliver high levels of scalability, flexibility and resilience. Cloud solutions are helping to unlock leading capabilities for government bodies pursuing workforce productivity gains, enhanced efficiency, and new ways to meet rapidly evolving consumer expectations.
Many organizations, governments included, are still in the early stages of their migration to cloud Infrastructure as a Service (IaaS), grappling with issues that include stubborn legacy architecture, data privacy compliance and the role of cloud providers versus the organization. Others may be more advanced in their adoption of increasingly popular Platform as a Service (PaaS).
Meanwhile, almost every organization today relies on some form of cloud Software as a Service (SaaS) for standard office productivity tools, online training, enterprise-wide HR management platforms and more.
Keeping sensitive government data secure
As governments migrate to various cloud services, security professionals have anxiously witnessed the increasingly sophisticated efforts of cyber criminals to exploit cloud technology that inherently broadens and complicates enterprise security challenges. Governments have been understandably cautious, if not reluctant, to simply shift all their data to the cloud — as some of their data is highly sensitive and protects national interests. Governments should first understand exactly what data they hold, and what data is appropriate for the cloud. Some data may be too sensitive and should never leave on-premise data centers. But, aside from this — key questions remain.
Do you have a shadow IT issue? If so, your shadow cloud problem may likely be more extensive. Has your IT development team missed a few security controls on a product/service that’s due to go live in a week? Your cloud DevOps team may likely be planning to launch dozens of new products/services to the public at the same time, and each needs to be managed appropriately. Challenges of this nature can often arise from a false sense of security regarding your cloud services.
Major cloud service providers offer a robust suite of security controls and cyber defenses that are designed to outperform typical network and application controls. But unless those controls are configured correctly and tuned to an organization’s threat landscape and security processes, they may not be effective. And unless security governance adapts to the culture and mindset shift that comes with cloud adoption and agile DevOps, the security team can risk rapidly losing control of its estate. Adopting a false sense of security in the cloud can be costly.
The excerpt was taken from the KPMG Thought Leadership publication entitled Securing the cloud – the next chapter in public services.