The rain has once again begun to fall in Seattle and that can only mean two things: it will not stop for eight months, and it is October – the month when countries around the world take time to raise awareness of importance of cybersecurity. This initiative is critically important, and it is encouraging to see not only more and more governments, but also industry participants and civil society organizations, take up the call.
However, we need to go a step further by focusing not only on cybersecurity, but embracing cyber resilience. We need to be ready to not only defend ourselves, but know how to respond and recover when the inevitable does happen. And as our reliance on technology grows, we need to understand the potential impact of not just cyber threats on our networks and systems, but consider the array of natural and man-made disasters that can occur, ranging from earthquakes and hurricanes to terrorist attacks.
Cloud computing can support cyber resilience, and in particular one aspect of it – digital continuity. This is largely due to its unique attributes, from geographic distribution, to its scalability and cutting edge security. Yet very few organizations have formal policies that encourage its use for this purpose.
This is why today, we are releasing a new white paper, “Advancing Cyber Resilience with Cloud Computing,” which sets out a set of recommendations that help organizations do just that. It is based on our own experience and conversations with customers and covers both technical and policy obstacles that have to be overcome. These include:
- Adopt a posture of cyber resilience and digital continuity. Establish a cross-organizational approach specific to cloud that specifies desired outcomes, identifies critical systems and threats, and is executed with the roles and resources allocated to them.
- Determine which data and services will be migrated to the cloud. Ensure data residency requirements are properly addressed, lifting storage restrictions and creating exceptions for the most critical data.
- Establish a prioritized list of government services for cloud migration. Prioritize the investment of broadband, which is a prerequisite to the successful use of cloud services.
- Implement pilot projects. Test established technical and policy requirements for use of cloud computing in the public sector.
- Update public policy, as needed, to enable the use of cloud computing for cyber resilience. Modernize procurement rules and requirements to adjust for Information and Communications Technology (ICT) purchasing of non-traditional security of ongoing services.
- Develop the technical process of migrating data and services to the cloud. Encourage transparency between all parties involved to maintain public trust.
- Rely on established best practices for proof of efficacy of security practices in place. Utilize international standards, which have been tried and tested, and can be deployed immediately.
- Conduct regular reviews of the policies and processes in place. Ensure a level of flexibility in auditing of cloud vendors, taking into account the need to adjust existing models of security assessments.
As organizations and governments look ahead to how best manage future crises, cyber resilience must be a top priority, not just when it comes to a crisis directly affecting a particular entity, but also when dealing with the ripple effects of our globally interdependent cyber infrastructure and systems. While the road to cloud adoption may initially be difficult for some organizations, requiring changes in technical capabilities and policy frameworks, the effort will have powerful positive outcomes.
It has the potential to not just make our society more secure, but to create opportunities to build comprehensive long-term strategies that set societies on a path toward digital transformation. These, in turn, will create wider opportunities for both the public and private sectors, by promoting a culture of innovation, generating new avenues for investment, and contributing to vibrant and economically competitive nations.