Cloud, AI and prioritising your Cyber Resilience
Last week, I gave a presentation at #FSTayside at the wonderful Abertay cyberQuarter .
My presentation focused on the advantages of industrial clusters and how they contribute to regional economic growth, specifically, I discussed how our developing cyber-cluster can enhance resilience for small and medium-sized enterprises (SMEs) within Scotland.
Following the presentation, I had the privilege of being on a panel with Estonian Ambassador H.E. Mr. Viljar Lubi , David Ferbrache OBE , Global Head of Cyber Futures at KPMG and Managing Director of Beyond Blue and Head of Cyber Security at NHS National Services Scotland, Scott Barnett .
During the panel discussion, we received some excellent questions from the audience. Upon reflection, I believe two of the questions warrant a more detailed and considered response than what was possible during the session. Let's examine those questions:
1. How can we encourage businesses to continue investing in cybersecurity during times of economic hardship?
Asked by Ceri Shaw – Chief Delivery Officer at CodeClan.
2. How can we persuade business leaders to prioritise proven and necessary investments like cybersecurity rather than being distracted by the hype around Artificial Intelligence (AI)?
Asked by Iain Davidson MBA MSc CEng – Cyber Risk Manager at DXC Technology
These are important questions; fortunately, there is enough overlap that I can address both in this response.
Let's break down the main topics contained within these questions to provide a reasonable answer.
The need for cyber resilience is increasing at a time when budgets are decreasing.
The challenge of cyber investment is very real. Most SMEs are facing up to the reality their interest rate has far outstripped their growth rate. Businesses, almost without exception are driving an agenda of fiscal conservatism to see them through the great de-leveraging i.e. the bar is closed and it’s time to deal with the debt hangover.
The real-world implication of this is obvious, SME’s have reduced access to investment while increasing interest rates which are designed to cool down the economy and stifle growth. If there’s less growth, there’s fewer opportunities. ?
Making a case for significant investment in cybersecurity is becoming increasingly challenging, however, everyone agrees that investment is necessary. The question for business leaders becomes, what is the most effective investment that will deliver the maximum impact towards improving our cybersecurity posture?
Working for a cloud managed service provider with a diverse range of customers from across a spectrum of academia, government, and industry I have some unique insight into the main challenges these businesses are facing, at least when it comes to technology spend, and I’m happy to share that with you. For the most part, they can be best summed up by the two consistently recurring requests:
1.
We’ve (i.e. the CFO) realised how much we’re spending on the cloud. How do I reduce my public cloud bill so that’s in line with our historic spending profile?
2.
Our initial investments in cyber haven’t delivered the value that was promised. These tools are all up for renewal. ?How can I invest appropriately to ensure the cyber-resilience of my business? Oh, and we have minimal to no budget for this.
So let’s work through these challenges as the response should adequately answer the two questions raised by both Ceri and Iain.?
Let’s start by answering the question from Ceri by first figuring out what we need to invest in and then we’ll identify some strategies to try and pay for it.
?
1.????Comprehend your cyber risk and develop an investment strategy to mitigate those risks.
You need to understand your current cybersecurity exposure and seek guidance from a credible source to develop your cybersecurity strategy.
Here's an important tip before you proceed any further – seeking advice from technology vendors, at least at the outset, is not advisable. I've collaborated with numerous exceptional vendors over the years, but, as with all aspects of life, some are superior to others. Your task is to comprehend the most effective deployment of your capital that yields the maximum impact. Since the fundamental goal of vendors may not align with your own, it is prudent to navigate this situation initially by seeking advice from regional or national independent cyber experts.
An example of such is the Cyber and Fraud Centre Scotland. They collaborate with partners from the regional community, including the Scottish Government, the National Cyber Security Centre (NCSC), IASME, and other industry associates.
These experts will assist you with a wide range of services, including executive education, attaining cyber essential and cyber essential plus certifications, facilitating non-technical workshops developed by the NCSE called Exercise-In-a-box, and most importantly, helping you identify gaps and assist with the definition of your cybersecurity strategy and the associated investment requirements.
2.????Identify opportunities to optimise either your public, private, or multitenant cloud architecture to release your constrained budget.
Optimising cloud resources and effectively managing your cloud economics has become critical for organisations aiming to maximise their budget and achieve financial efficiency.
By incorporating Cloud Economics and FinOps practices, businesses can identify opportunities to optimise both public, private and multitenant cloud architectures with the goal of releasing their constrained budgets to apply to other critical investments such as cybersecurity.
Cloud Economics focuses on understanding the financial aspects of cloud computing, helping organisations make informed decisions about resource allocation, cost optimisation, and return on investment (ROI). By applying cloud economics principles, businesses can gain insights into their cloud spend, identify areas of cost inefficiencies, and develop strategies to optimise their cloud architecture.
One approach to optimising cloud architecture is by conducting a thorough analysis of your cloud usage patterns. By leveraging cloud monitoring and analytics tools, you can gain visibility into resource utilisation, performance metrics, and cost breakdowns. This analysis allows you to identify underutilised resources, overprovisioned instances, or unnecessary services that contribute to unnecessary costs. By right-sizing instances, adjusting resource allocations, and eliminating unused or redundant services, you can significantly reduce cloud expenses while maintaining performance and user experience. By strategically choosing the appropriate pricing model based on workload characteristics, businesses can optimise their cloud spend and release budget constraints.
Although a relatively recent addition to the enterprise, the demand for FinOps is growing rapidly. Incorporating FinOps practices further enhances the optimisation process by bringing together finance, operations, and technology teams to collaborate on cloud cost management, delivering accountability, cost transparency, and effective governance mechanisms for cloud spending. It involves defining budgetary controls, implementing automated budget tracking and alerts, and establishing clear cost allocation methodologies across teams or projects.
领英推荐
Service providers such as Brightsolid can assist with the empowerment of your teams, delivering real-time cost visibility and accountability to support your need to make data-driven decisions that align with your predefined budgetary constraints.
3.????If you're already in the public cloud and you’re still running a traditional infrastructure, accelerate your digital transformation efforts.
Hardly anyone talks about 'lift and shift' anymore, and for good reason. The narrative was to migrate every workload as it is to a single provider, and even though both the customer and the hyperscalers accepted that this architecture was inefficient and, in many cases, astonishingly expensive. It did provide a credible and compelling narrative around a single unified launch pad that would support the transformation of those migrated workloads to a modern, cost-effective, and efficient architectural paradigm.
It was a dreadful approach to public cloud adoption then, and it remains a dreadful approach now. The challenge is the one thing SMEs find harder to obtain than reasonable interest rates is access to the skills and time required to complete complex transformation projects. Transformation is incredibly difficult and although this is not frequently discussed, in many instances it is unsuccessful.
Infrastructure transformation was promised to cut enterprise infrastructure spending by 50-80%, what almost every organisation has been left with is the same virtual workloads running in the same architecture with the adoption of a sticky (but also incredibly valuable) PaaS database service.
This is usually down to a lack of appropriate skills or availability of those skills within the enterprise to deliver the transformation. The desire is always present, the people and time, unfortunately, are not. Gaining access to people with the skills necessary to support your business can be incredibly difficult, however not-for-profit organisations such as CodeClan can provide access to talent who’s proven that they can successfully complete a challenging and intensive digital bootcamp and with the latest up-to-date skills.
Of course, this might not be suitable for every situation. Leveraging 3rd party professional services to assist with transformation is risky but when you consider the increasing recurring costs of cloud platforms, increasingly complex licencing models and unbudgeted excessive bandwidth costs, external assistance supported by a robust cloud economics plan can make a compelling business case. ?Often, the cost of professional services can be recovered within the first year.
4.????Adopt Hybrid Cloud.
Lean into a cloud architecture that delivers all the incredible capabilities of the public cloud with vastly improved economics that work in your favour.
If you find yourself in a situation where you lack the skill or time to realise your transformation strategy, it might be worthwhile to explore alternative solutions that can propel your business forward. One such solution is moving to a cloud architecture that offers the advanced capabilities of the public cloud while providing reliable economics that work in your favour. This is where the concept of a Hybrid Cloud comes into play.
A Hybrid Cloud combines the benefits of both public and private cloud environments, enabling organisations to leverage the strengths of each approach. By adopting a Hybrid Cloud architecture, businesses can tap into the advanced benefits offered by the hyperscalers, scalability, low lead time for deployment globally, and access to the latest innovations in data analytics and AI while also simultaneously benefiting from the economic control, reliability and performance over your virtual machine and container estate through a managed regional cloud platform such as the Brightsolid cloud. For balance, other managed service providers offer similar solutions, such as DXC Technology where Iain works. ?
The Hybrid Cloud model allows organisations to strategically allocate their resources and workloads based on their specific requirements. It provides the flexibility to seamlessly scale resources up or down, depending on fluctuating demands, thereby optimising costs, and maximising the efficiency of your investment. This approach empowers businesses to focus on their core competencies and strategic objectives while leaving the complexities of cloud management to expert providers most importantly, this optimised architecture frees up your budget to invest in areas such as cyber resilience.
Lastly, we’ll answer this great question from Iain.?
How do we ensure leadership continues to focus on cybersecurity investment rather than investing in unproven AI initiatives??
Cybersecurity isn't a luxury, it's a necessity.
The increasing reliance on digital technologies and interconnected systems has made organisations more vulnerable to cyber threats than ever before. In only the last week we’ve seen a single breach in a SaaS provider that has affected hundreds of businesses around the globe ranging from the SME to the largest enterprise. As businesses strive to protect their valuable assets and maintain a competitive edge, they must recognise the critical role of cybersecurity in their overall strategy.
Artificial intelligence (AI) has emerged, it is not a necessity in the same way as cybersecurity, but it is a powerful force multiplier.
AI's potential as a general-purpose technology is undeniable, with its applicability extending to every part of an organisation. This transformative technology will bring about profound changes in organisational structure and the workforce, reshaping how businesses function and compete.
One of the most notable impacts of AI on the workforce is its ability to level the playing field. AI will raise the performance of less efficient team members to match that of their best-performing counterparts. Through intelligent automation and machine learning algorithms, AI will augment the capabilities of individuals, empowering them to achieve exceptional results. This levelling effect ensures that organisations can harness the full potential of their entire workforce, challenging the dynamics of the Peter principle and driving efficiency and productivity across the board.
Additionally, AI's influence on the workforce goes beyond performance enhancement. While it may not directly improve the quality of output from the organisation's best-performing members, it significantly amplifies their productivity. By automating repetitive and mundane tasks, AI enables these top performers to increase their rate of production. This combination of AI-assisted optimisation and increased output paves the way for organisations to achieve greater efficiency and effectiveness.
Businesses seeking to optimise their budgets and manage the cost of their human capital may find solace in investing in AI. By leveraging AI as a force multiplier, organisations can achieve both cost savings and greater operational efficiency. With that said, it’s not all about controlling costs, for those businesses who wish to lean into the force multiplier effects of AI channelling its benefits to accelerate growth, AI can serve as a catalyst, enabling businesses to achieve exponential progress and drive innovation.
The notion of executives exploring and investing in AI suggests the idea that they are looking to develop their own Large Language Models (LLMs) based on their unique data or by taking advantage of incredible development platforms such as the recent announcements of Azure Fabric. So how many SMEs will be actively investing in initiatives to take advantage of AI in this way? I suspect, honestly, almost none.
Instead, AI tools will be seamlessly delivered through existing platforms and toolsets, such as Salesforce, ServiceNow, or the ground-breaking Co-pilot from Microsoft.
This integration of AI capabilities infused within familiar workflows like Windows and Microsoft 365 ensures a smoother transition and adoption for businesses. As a result, organisations can readily harness the power of AI without disrupting their existing workflow, maximising efficiency, and productivity. The race to harness this technology for competitive gain is not gaining access to the technology itself – but driving the training necessary throughout your organisation as quickly as possible to capitalise on this innovation before your competition does.
To summarise
Business leaders must recognise that investing in cybersecurity is not optional it is a critical aspect that protects valuable assets and can even provide a competitive edge. By integrating cybersecurity measures into your unique service offering, it can shift from being perceived as a cost centre to being a key differentiator in the market.
Embracing AI? Well, that’s something altogether different but embracing the new suite of AI augmentation delivered by many of your existing providers can deliver radical transformation to your organisation and to your customer experience. The ambition is that this optimisation will free up your best-performing team members to work on other initiatives. Just perhaps one of those initiatives could be engaging with the Cyber and Fraud Centre to help your business navigate the next stage of your cyber resilience journey.
For more information on the organisations mentioned in this article: