Following on from last week’s opening “integration” segment, this week’s write-up of the findings of the Cloud Communications Council’s Spring Forum focuses on “security”.
Finding #1: Councils' perceptions of cloud security can be negative
Delegates at the Forum identified a number of issues surrounding cloud security, with council perceptions being one of the most prevalent. A host of “myths and legends” was considered to surround cloud, with negative media portrayal of incidents such as hacking scandals creating distrust. A parallel trend in an increasing number of public calls for enhanced data privacy serves to further bring cloud security into question.
Furthermore, the delegates concurred that the public sector is generally held more accountable than the private sector when it comes to sensitive data, creating additional pressure on local authorities to ensure that all personal information is kept as secure as possible. A general lack of information and knowledge of cloud was felt to be a major problem in convincing the public of security credentials.
Finding #2: Human error is more of a concern than system security
Several attendees in fact noted that the security of information systems, including those such as CRM resources in the cloud, was actually considered to be acceptable amongst their representative councils. However, the risk associated with physical paperwork and human error in entering the data was considered significantly higher.
Time-limited data was especially subject to these dangers, with some council departments having to dispose of particular information within 30 days. For this and other reasons, sharing data between departments also became a security concern, and therefore led to inefficiencies when data could not be effectively and quickly shared.
Finding #3: Legislation and compliance can create barriers to adoption
The council representatives noted that cloud methods of storing and accessing sensitive data were not well adopted amongst local authorities. Changing government legislation was seen as a key reason behind this; one council cited central government mandates against keeping shared data in a cloud-secured server, which runs contrary to the principles of true public cloud.
Moreover, particularly in light of public scrutiny, councils are also extremely cautious when it comes to ensuring that they are compliant to various data regulations. This has ramifications for council efficiency and data sharing, with one council noting that only around 30% of its constituents’ details were actually stored in a CRM system.
Conclusion: The future of council security
Councils agreed that despite any commonly held security concerns, a transition to cloud was ultimately inevitable. As the number of councils becoming more reliant on cloud services accelerates, representatives at the Forum agreed that a “snowball effect” would lead to widespread adoption.
Furthermore delegates agreed that a successful migration to general adoption of cloud services, including for security purposes, would lead to increased engagement with the private sector. In this likely eventuality, security would necessarily derive from the cloud, requiring appropriate levels of security to be available from cloud providers.
Cloud needs to convince media and public opinion of its suitability for secure deployments and data protection. The ability to use integration in the cloud between various systems, and to hence achieve rapid, efficient data sharing through a secure, common model, should not be comprised by lack of security standards or regulatory compliance. Furthermore, the ability of such integration to automate key processes, such as transfer of data from systems through to communications, or from department to department, helps mitigate the risk of human error.
To this end, cloud providers should be able to offer suitable accreditations for quality and data assurance, as well as offer ways to effectively integrate and unify different sources of information. This will enable councils to operate more efficiently, more accurately and more securely.
Underlying Cloud Security
Although concerns remain about data security in the cloud model, the physical security and site resilience of a cloud solution is typically much higher than can be achieved on-premise by an individual council. This is because high resilience and availability are critical to the core business of cloud providers, and these providers are therefore required to invest in more expensive and secure infrastructure, which can then be delivered on a partitioned basis to clients. For those assessing effective operational security, the underlying security that cloud can offer should become a key consideration.