Cybersecurity and the cloud with Paul Tacey-Green

Welcome to the part two of our report of December 2019’s Leaders In Tech, Decoding Cybersecurity. This article is a snapshot of the talk by our second speaker of the evening, Paul Tacey-Green. As Head of Cloud at Amito, which runs Reading’s largest data centre, Paul’s had many years’ exposure to the security elements of cloud services and therefore has a unique perspective of cybersecurity in his field. Paul’s talk looked at how views of cloud have changed over the last ten years and the key security questions that tech leaders need to ask before taking the plunge and picking a provider. 
According to Paul, 95% of today’s Fortune 500 businesses are using cloud. And it doesn’t look as if the popularity of cloud is likely to wane anytime soon. He cites a study that claims 66% of UK-based organisations intend to use more cloud services in the next 12 months – but what proportion are giving serious thought to cybersecurity? For Paul, this is an issue that’s more important than ever. However, as cloud use has grown, it seems complacency has as well. 

Back in 2011, when Paul’s Amito business was just getting started, it was a different story. 
“People’s views of cloud were fairly negative,” says Paul. “They were fearful and cynical. People were comfortable with having physical servers, often on premise. So, when we first launched Amito, we were teachers, educating on the benefits and features of cloud.”
Just under a decade later, and the landscape has transformed. Today, Amito serves 350 clients in countries including Australia, the USA, Germany and Russia. It manages over 20,000 virtual machines and has 650 racks of equipment live (just in Reading). In short, organisations have embraced cloud and continue to do so enthusiastically. There are a number of reasons behind this shift, according to Paul, from the development of more robust technology to herd mentality. “However,” says Paul, “I don’t think that the risks have really changed.” His recommendation? To return to the more wary, questioning mindset of 2011. 
“Cloud is still just servers in a data centre. We still need to be considering all the things we did before.” 
 
The cloud and cybersecurity: the questions you need to ask
To help our tech leaders minimise the risks associated with cloud services, Paul laid out the questions they need to ask in order to keep businesses operations and data safe. Below is a summary of the most important points for on-premise, public and private cloud operations. 
On-premise private cloud
If you plan on keeping cloud operations on-site, have you thought about physical security? Are windows and access points secure? And how are staff vetted? Can you trust the people who access your cloud site – including cleaners and third party contractors? 
Public cloud
When it comes to public cloud, Paul’s questions centre more on data and systems: for instance, how does the provider encrypt data over the network, in storage and on backups? And how long is data retained after a VM is deleted? Crucially, will the answers to such questions change in the future? Businesses need to consider all the above before committing to a provider. 
Private cloud
Paul has a host of questions for would-be private cloud providers too: will hardware be continuously upgraded to mitigate legacy security issues in firmware? And is there enough budget allocated for off-site back up and disaster recovery services?   
By getting the full picture from providers, tech leaders can choose the safest option and minimise risks – which could save an organisation from costly cybersecurity breaches. Finally, Paul gave our tech leaders some tips on getting into a more security-focused mindset. We hope you find his insights as useful and interesting as we did. 

Revisit the questions you would have asked back in 2011. Don’t be afraid to interrogate providers on security the way you would have done in the past.

Support the stakeholders. Make sure they feel comfortable about what they’re agreeing to.

Let the business set its own level of acceptable risk. Every business is different and will be striking different balances between security, budget and ease of use.

Become a secure business. There are frameworks out there to help, such as ISO27001 and Cyber Essentials (an entry level accreditation).

Get confident asking questions and getting answers.

We’re very grateful to our fantastic guest speaker for sharing his wealth of experience. Many thanks to Paul Tacey-Green and to everyone who made it to December’s Leaders In Tech | Reading.
Look out for details of the next event on our social media channels.