Making sense of the Cloud-buzz: what quick wins are available to establish Business and Security value?

Making-sense-of-the-Cloud-buzz-what-quick-wins-are-available-to-establish-Business-and-Security-value
On Thursday 25th April, Exponential-e held a Financial Services and Insurance roundtable event at 'M Restaurant' in Victoria, London. The event brought together leading figures from these two sectors to share their experience of Cloud adoption and the benefits it can provide to businesses.

The conversation was kicked off by guest speaker Steve Deakin, Head of Development and Operations at Lloyds of London, discussing his experiences of Cloud and the client perspective. Next followed Nick Robinson, Systems Engineering Manager at Palo Alto Networks, who provided a view of real world innovations and shared Cloud success stories that he has seen from his clients across EMEA.

Here is a high level summary and description of the quick wins that were discussed:

The Process:

  • Learn -> Hack -> Iterate


Horizon Scanning & DevOps with an AGILE mind-set

  • Microsites and Micro services that are already trialled, tested and robust from an architecture and security perspective - this enables one to rapidly deploy new products and services, websites etc. with security peace of mind.
  • Serverless - just focus on writing codes and you can make changes in microseconds! It is easy to deploy, low cost, gives you more time to focus on UX and is more efficient for developers by ensuring you are keeping code backed up and in a secure environment.
  • Grid Data Analyst - overcome floods and complexity of big data and unlock the power of analytics with the right data in the right place.


Cybersecurity

  • OWASP Top 10 - whilst the threat landscape remains consistent year on year, everyone should make sure they are aligned to the latest as it evolves. Assuming the top 10 remains unchanged or that changes are incremental such as low priority to action, can lead to vulnerabilities. www.owasp.org
  • NCSC - The National Cyber Security Centre is an organisation of the United Kingdom Government that provides advice and support for the public and private sector on how to avoid computer security threats. www.ncsc.go.uk
  • Ethical Hacking - this should be continuously implemented - leverage Pen testers and vulnerability scanning as much as possible in order to follow best practices and processes - Learn -> Hack -> Iterate.
  • Social Engineering was also discussed, not so much as a quick win due to the complexity (get the simple things right first) however, advised to leverage Pen testers to protect your business from bad actors that use social engineering tactics.
  • Multi Factor Authentication – we discussed how this is a very low hanging and important measure to put in place. Leverage MFA to 1) require individuals to provide two or more authentication factors to confirm their identity for online transactions or to gain access to corporate applications, networks and servers and 2) insight and reports on the user's activity. Identity (IAM) and Privilege Access Management (PAM) were also mentioned as a further way to secure your business.
  • Security Information and Event management (SIEM) - leverage SIEMS as a means to log attacks. An IT Service Provider can provide an important layer of service to proactively manage, monitor and report on what the SIEM is seeing on a 24/7 365 basis.


Cloud Patterns


Data Lakes

  • Building out centralised repository for enterprise data, for tasks such as reporting, visualization, analytics and machine learning - leveraging cloud partners to build out big data solutions.


A debate for another day

  • DevOps and Open Source software is and will continue to be the main target for bad actors, they hold the code (the crown jewels). Should such resources have locked or unlocked internet access? On one hand it offers flexibility and agility, on the other it is more locked down and has a stronger argument from a security perspective.


#Azure #AWS #CloudPatterns #Cybersecurity #OWASP #NCSC #DevOps #HorizonScanning #EthicalHacking #Digital Transformation

  571 Hits
571 Hits

Cloud control: the perils of running a multi-cloud environment

Cloud-control-the-perils-of-running-a-multi-cloud-environment
​The key ingredient for any organisation looking to drive digital transformation is Cloud. Actually, scratch that: it is Clouds. But how do you manage multiple Clouds without getting bogged down by digital paperwork?
Continue reading
  690 Hits
690 Hits

The bottom line: the financial & operational benefits of complete Cloud estate visibility

The-bottom-line-the-financial-operational-benefits-of-complete-Cloud-estate-visibility

In our last blog, Jonathan Bridges talked about how Exponential-e’s Cloud Management Platform (CMP) could simplify your Cloud estate by providing a single-pane-of-glass view of different Cloud environments.

Continue reading
  262 Hits
262 Hits

There’s an app for that – but is this what the NHS really needs?

Theres-an-app-for-that-but-is-this-what-the-NHS-really-needs

New health secretary Matt Hancock has been beating the technology drum. As well as announcing that almost £500 million would be made available for technology, he's also asserted that the service needs more apps. However, it’s fair to wonder: is this the right avenue to funnel resources?

Continue reading
  252 Hits
252 Hits

How legal firms can fix their relationship with cloud technology and safeguard their future

How-legal-firms-can-fix-their-relationship-with-cloud-technology-and-safeguard-their-future

The relationship between cloud technology and the Legal sector has been something of a slow burner. Understandably, legal firms have previously been reluctant to adopt cloud technology due to the sensitive data they hold. Through the Cloud, data is able to flow freely to and from recognised enterprise endpoints, but also from mobile devices belonging to employees.

Continue reading
  670 Hits
670 Hits