Cloud security tops the list of spending priorities for CISOs in the public sector.
That’s according to Paul McKay, senior analyst, security & risk at Forrester, who says that in a year of “very large jumps in security priorities”, cloud is due to garner the budget allocation.
“There has been a huge shift in spending priorities from the public sector around both securing the cloud and delivering security in the cloud,” McKay told attendees at the recent Think Cybersecurity for Government virtual event.
“We see in the private sector a much higher focus on moving to the cloud whereas in the public sector, historically, there’s been a little bit more hesitancy around that. But we have seen that change this year as people have sought to move more into the cloud within the constraints that we have public sector.”
McKay said we’re going to see continued migration of public sector agencies and departments from traditional on premises-based infrastructure, “which has shown itself to not really be up to the job of enabling a remote workforce within the civil service.”
“We’re going to move much more into the cloud and we’re going to have to do that in a very careful and measured way, in line with HMG security requirements. We do need to enable the flexibility, but we also need to make sure we don’t compromise on some of the security requirements.”
McKay was delivering his cybersecurity predictions for 2021, which also included public sector organisations cutting technologies that provide no value.
“We’re going to see a bit of a purge or a Bonfire of the Vanities, taking out some of those overlapping security technologies. We see a lot of talk in the market around consolidating around platform vendors like IBM, Microsoft, etc. Even within that we see many examples of where security leaders in the public sector and other industries have put things in place that aren’t really delivering value. And in a tight spending environment we need to be really considering whether we rip those out and we focus the spending on more valuable activity.”
Securing custom development
The analyst also suggested that next year the public sector will still struggle to secure application security capability.
“We’ve seen a huge amount of custom development being performed in the UK this year, whether it’s building new services to enable the NHS test and trace system or new digital apps and offerings and more rapid dissemination of information on some of the public health restrictions we’re all living under currently. These are all things that require folks to not forget that throwing up digital presences still needs to be secured. So, we still see a very large focus on that.
“And in common with the private sector, while some application development has been curtailed or put on hold, we still see an awful lot of investment in digital channels, in particular for dissemination of information and access to services. And I think that we’re going to continue to see that over the coming years as we still continue to push up the hill of enabling citizens within the UK to enable services to be achieved through digital means rather than traditional paper mechanisms.”
McKay said there is still a struggle with improving identity and access management controls, with areas where “you could argue for a bit more belts and braces”.
“It’s clear to me that there is definitely some room for improvement in some of these foundational capabilities within the UK public sector and that will continue to be the case, moving into next year.
“To say 2021 will be busy is a bit of an understatement.”