Cloud computing and AI are revolutionising the public sector, mirroring their transformative impact on businesses and consumers. Areas like public health, education and research are innovating with these technologies on a grand scale to increase their impact, reach and efficiency. By the end of the decade, public sector cloud computing sales are expected to rise to $2 trillion.
Tremendous opportunity is not the only catalyst for cloud adoption, however. Another key driver is the rapidly evolving security landscape. New AI-powered threat vectors are continuously emerging, and geopolitical tensions heighten the risk of attacks on public infrastructure. All kinds of institutions face increasing risks, and as recently as January, Eindhoven University of Technology made the news when its network was taken down by a ransomware attack. The ever-increasing reliance on vital technologies means the stakes are extremely high. ‘WannaCry’ is estimated to have cost the UK National Health Service close to £100m, and that only accounts for the financial impact of the incident. A prolonged breakdown in critical services, or the theft of highly sensitive information, has serious consequences, including lasting reputational damage.
The public cloud offers sanctuary in this threat climate. Alongside business leaders, public sector decision makers are increasingly aware that ahead of other security measures, migrating to the cloud enables fundamental protection. While the potential of vastly improved AI, data management and collaboration capabilities are reason enough to embark on the cloud journey, the need for better security and compliance is accelerating adoption. With a higher cyber-security baseline, public sector experts and researchers can innovate and reach new frontiers with confidence.
To reap all the benefits of cloud adoption, including better security, public sector bodies are partnering with private enterprises like Microsoft, Amazon and Google, as well as businesses that specialise in the deployment of their services. All three ‘hyperscale’ cloud providers compete to ensure their platforms are the most resilient for their clients, and this digital arms race gives the public sector access to powerful security capabilities.
Organisations using the public cloud subscribe to an active service rather than making a one-off investment in hardware, and this means best-in-breed security capabilities are always available. These include next-generation firewalls, intrusion detection systems, multifactor authentication and comprehensive threat intelligence. This is especially important at a time when, according to Darktrace, 74% of organisations are reporting attacks using AI.
Modernising in the cloud means responsibility for resisting these rapidly evolving threats is shared with hyperscalers and cloud solutions experts from the private sector. When deployed to fit the needs of an organisation, these capabiltiies provide unparalleled security that is manageable and cost effective.
While prevention, detection and remediation solutions are essential to combat emerging threats, there is another fundamental reason why the public cloud offers superior protection to legacy IT. That is that data can be managed, manipulated and shared within a single highly secure environment.
Traditional IT infrastructure, which many organisations and departments still rely on, often requires data to be moved from one place to another for use by different applications and users. There are inherently more points of failure and a great surface area for cybercriminals to exploit. In the cloud, data is cocooned in a safe environment, with applications and users operating in the same space where data strongly encrypted at rest and in transit.
Even though these platforms provide robust security protections, ultimate responsibility for security still lies with the data owner. Additional security controls need to be put in place and enforced to ensure a “security first” resilient environment. It is also the data owner’s responsibility to ensure that users that have access to critical information are aware of how best to resist common user-based attacks such as phishing emails. Nevertheless, the public cloud provides the platform and tooling upon which organisations can build the controls and culture required for resilience.
Securing data from criminal threats is only part of the data protection equation for any organisation. They also need to remain compliant with data protection laws, such as GDPR and DORA, which continue to evolve in response to AI and cybercrime. Keeping up with these requirements and handling data in a compliant way can create management and operational overheads that drain public service and research budgets. These considerations make public cloud adoption more attractive still for public bodies.
Cloud platforms are built with functionality to make compliance simpler and more cost effective. For example, GDPR's storage limitation principle requires personal data to be kept only as long as needed. Public cloud providers offer automated data lifecycle management tools that helps meet these requirements. These tools automatically delete data after a set time, so manual overheads and risk of human error is reduced.
NIS2 a European Union-wide legislation designed to bolster cybersecurity across member states brings new stipulations on risk management, incident reporting, security measures and supply chain security. Fines and sanctions imposed by regulators are hefty and are detrimental to any organisation failing to comply. Security by design is the best approach to protect against data breaches and ensure compliance into the future. Public sector organisations are currently within the grace period to meet NIS2 standards and zero-trust and other advanced capabilities brought by cloud platforms are providing the bedrock for compliance.
Over the past few decades, digital technology has transformed society beyond recognition and this revolution is only accelerating. As opportunities – and risks – emerge at an ever faster rate, it has become essential that all organisations have access to the capabilities and expertise to keep up. Partnership and close collaboration between governments, the third sector and the private sector is therefore more important than ever.
Many public bodies are large and diverse, with departments at different stages of their modernisation journey. Hybrid and multi-cloud scenarios are therefore common, where different cloud environments and on-premises infrastructure need to work in harmony. Organisations therefore require strong governance and data management expertise to ensure they capture the full security advantages of the cloud. Multi-cloud specialists therefore play a vital role in the public sector technology marketplace, providing security across the full gambit of cloud providers and on premises deployments.
Research, a prominent area of the public sector, is a highly collaborative and international effort, with scientists needing to share and work with data across institutions and borders. Common technology standards are therefore essential, especially when education and research is the second most targeted sector by state-backed cyber-attacks. In Europe, GÉANT’s OCRE framework provides a pre-approved list of cloud providers and services that have already been vetted and meet certain standards. This simplifies procurement and enables accelerated adoption of powerful cloud capabilities for 25,000 education and research bodies across the continent.
With these partnerships in place, public organisations can modernise, collaborate and innovate with confidence, knowing that they are backed by private sector expertise that is best equipped to provide cutting-edge capability, security and compliance.
SoftwareOne provides specialised guidance across industries. Count on us for procurement, licensing, custom app services, and deep cloud migration expertise.
SoftwareOne provides specialised guidance across industries. Count on us for procurement, licensing, custom app services, and deep cloud migration expertise.
