Contributed Article
By Rick Byers, Chief Risk Officer at Freedom Fibre
With regards to the 21st century’s business organisational data security needs, prudence has never been more important – particularly with the prevalence of cloud computing. The big cloud computing services used by UK public and private organisations such as Microsoft Azure, Amazon Web Services (AWS), and Oracle all have one thing in common – they are all US-based tech firms. The globalised nature of the technology sector is a double-edged sword, reflected in the risk of global cyber vulnerabilities – both criminal and political.
For example, the 2017 worldwide cyberattack ‘WannaCry’, a ransomware cryptoworm which affected more than 300,000 computers in 150 nations (causing billions of pounds worth of damage), was accused to have been conducted by North Korea according to the US and UK governments.
Cyber security is an issue of national importance, reflected in the Telecommunications (Security) Act 2021 which requires telecoms companies to onshore critical systems in the UK. This legislation, in tandem with the government recently detailing the scope of its Cyber Security and Resilience Bill, demonstrates the UK’s commitment to cyber security. The bill will mean that more organisations and suppliers will need to meet the government’s cyber security requirements, including data centres and service providers.
Organisations are also exploring whether to have their cloud-based solutions onshore, hosted in the UK. US cloud hosting companies are subject the 2001 Patriot Act, with powers further reinforced by the 2018 CLOUD Act which provides a mechanism for United States law enforcement agencies to request data stored in the United States and overseas.
Another reason for onshoring is that the UK needs to be able to run its critical infrastructure independently in the event of if its internet services are cut off: either due to hacking from an external criminal or state actor or due to undersea internet cables being destroyed, as seen recently with ships linked to Russia being accused of allegedly sabotaging cables in the Baltic Sea. Geopolitical risks are increasingly a factor for UK organisations to consider.
Furthermore, there has been a debate in recent years as to whether businesses should move their content back on-premise onto their own servers for technical security. Local storage can have its advantages; if an organisation manages its own physical servers, the company has full control and total ownership over the security of the data and all resources in use. It also means that the organisation’s in-house IT team can address all potential vulnerabilities.
There are major drawbacks to on-premise storage, however. Whilst perhaps cost-effective in the short term, if something does go wrong, without the vast resources of a cloud storage company it could potentially be difficult to quickly and securely recover data if there is a security breach – potentially at a large financial cost to the organisation. The inherently limited nature of hardware’s scalability should also be highlighted; maintenance and regular updates also require time and investment. The human resource to operate such systems is also in short supply – especially cyber security professionals.
The big issue is that the move to SaaS (Software as a Service) for a large amount of an organisation’s infrastructure means that often organisations don’t have a choice whether their storage is on-premise or hybrid, due to the SaaS provider looking after the application for the organisation. PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) do remedy this somewhat by offering a greater degree of flexibility. With PaaS services (such as AWS), you as an organisation put your application suite on the provider’s platform; with IaaS, your organisation is responsible for your own OS on the platform.
Ultimately, it depends on the size and type of business. Connectivity is also a key factor; it is therefore paramount for organisations to have the best business fibre broadband connection, with reliability being crucial. In an ever-changing world for businesses to navigate, integrating the right balance of cloud computing and on-premise storage is imperative.