Announcing July's Cloud Security Champion!
techUK are delighted to announce John Godwin, Director of Compliance & IA at UKCloud as July's Cloud Security Champion. Read his interview below where John discusses...
Congratulations to John Godwin, Director of Compliance & IA at UKCloud who is techUK's Cloud Security Champion for the month of July.
The purpose of techUK’s Cloud Security Champion campaign is to celebrate the work of UK cloud security specialists in helping build a culture of trust and confidence in cloud computing and showcase how they are supporting organisations to adopt, deploy and use cloud services securely. This is also an opportunity to learn from those working in cloud security about the current threat landscape and examples of the strides being made in enhancing security.
A new techUK 'Cloud Security Champion’ will be chosen every month, so if you would like to nominate a friend or colleague to be the next Champion please drop us a line.
Read the full interview below:
What is your current role and responsibilities?
I’m Director of Compliance and Information Assurance at UKCloud. I’m responsible for all matters relating to information security and data protection, ensuring that UKCloud operates in a secure, assured manner which meets the accreditation, certification and contractual requirements of our UK public sector customers.
Whilst every day is different, my role encompasses supporting the UKCloud community in many areas. This includes the delivery of risk management activities, implementing security controls and assessing how UKCloud needs to adapt to changing requirements (including new customer-specific requirements), addressing recently discovered technical vulnerabilities or changes to UKCloud’s technology stack. I also support customers and partners with the achievement of their own GRC objectives, helping them to understand and integrate with UKCloud’s own position.
What do you most enjoy about your work?
There are always new challenges to be confronted, understood and addressed. Working within UKCloud, I am surrounded by experienced and enthusiastic colleagues in a multitude of disciplines: it’s always great to see that combining our skills continues to deliver positive results for the UK public sector’s digital transformation agenda.
Why is cloud important to UK’s economic growth and what does the future hold for adoption and maturity of cloud in the UK?
The COVID-19 pandemic has highlighted that cloud, done well, can deliver a range of benefits from lower consumption costs, embracing innovation from the latest technologies, and providing greater collaboration and associated efficiency from being better connected. With an emerging “new normal” challenging the traditional workplace, cloud is very much at the fore of developing future working practices.
How have you supported the organisations secure adoption and implementation of cloud services over the years?
UKCloud was established to be a secure, trusted provider of cloud services, so we have always strived to achieve the most robust of security. In the early days of cloud, that included regular consultations with the National Cyber Security Centre and ensuring that technical validations provided independent assurance of cloud security. Enhancing its existing ISO27001 information security certification, UKCloud was the first UK organisation to additionally achieve ISO27017 certification for its robust management of cloud security.
Would you agree that the conversation about cloud security has shifted and cloud users increasingly recognise the security benefits of cloud services?
Those who have seen me speak at techUK events and elsewhere will be aware that I believe this remains a joined-up responsibility. Cloud service providers need to willingly provide comprehensive information about the security, operation and locations of their cloud services. On the other side, potential cloud service customers need to obtain and assess this information from possible suppliers, and thoroughly assess it against their own security requirements and risk appetite.
What are the key security concerns affecting greater cloud adoption and how can these issues be addressed?
Some organisations remain resistant to cloud because they do not understand how to use cloud services securely, or because they have fears of “losing control” of the physical infrastructure or application source code to a third-party. Much of this can be addressed by having a clear understanding of the respective responsibilities of the cloud provider and the customer, and ensuring regular interactions (service reporting and reviews) to provide the visibility, assurance and evidence that a secure cloud service is being delivered.
What steps should organisations take to adapt their cloud security posture to the rapidly changing online environment?
A willingness to compare cloud hosting and SaaS offerings against traditional procurement options will demonstrate that there are clear benefits from cost reductions, increased scalability and enhanced resilience. As customers in many sectors move from physical to online interactions, they will appreciate that the scale and flexibility of a well-managed cloud service will provide a better customer experience and increased protection for their valuable and sensitive data.
What would you suggest is the one thing all companies should do to improve their cloud security?
Pre-cloud, IT services were almost exclusively the responsibility of the IT Department, and as such security could be managed, monitored and assessed in-house. The use of cloud services takes that outside of the organisation’s boundaries and requires the coordination of a team to ensure security elements are being maintained. That includes, as a minimum, commercial representation, compliance expertise, data protection specialists and service monitoring analysts.
What advice would you give to someone considering a career in cloud security?
As the cloud industry expands at an unprecedented rate, we remain challenged to locate suitably qualified and experienced professionals to ensure this expansion is both secure and sustainable. There are many vacancies available but remember to research and progress through credible training programmes to make yourself a closer match to the interviewer’s perfect candidate.
If you would like to learn more about techUK's Cloud Security Champion please reach out to laura.foster@techUK.org
Latest News from
What has 2021 meant for digital social care?06/12/2021 10:25:00
Earlier this year, techUK set out our ambition to provide an environment in which members and stakeholders could come together to achieve a collaborative approach to social care. Since we published this mission statement, we have seen social care, and in particular the potential of digital transformation in this sector, move further up the political and public agenda, receiving welcome legislative attention.
Consultation: Implementing due diligence on forest risk commodities03/12/2021 15:20:00
New DEFRA consultation on forest product due diligence has been launched (3 December 2021 – 11 March 2022)
techUK sets out recommendations to help guide CISOs as organisations continue their digital transformation02/12/2021 16:25:00
techUK launches the second report in its Cyber People Series.
Regional leadership is key to a successful Digital Strategy02/12/2021 11:25:00
Guest blog by Helen Milner OBE, Group CEO, Good Things Foundation.
techUK joins Global Industry Statement in support of the moratorium on customs duties01/12/2021 11:25:00
techUK joins a Global Industry Statement in support of the moratorium on customs duties on electronic transmissions.
techUK, UKIBC and NASSCOM develop joint position paper to drive growth in digital trade29/11/2021 16:25:00
UKIBC, NASSCOM, and techUK have come together to develop a joint position paper on a policy agenda for both governments to consider in relation to cross-border data transfers between the UK and India.
Defence Secretary’s HoC Statement on Army Restructuring29/11/2021 13:33:00
HoC Oral Statement: Army Restructuring: Future Soldier (26 November 2021).
NCSC & KMPG UK launch results of second cyber Diversity and Inclusion Survey29/11/2021 11:25:00
Key findings from the 2021 help identify where progress has been made in the sector and where there’s more work to be done.
PSTI Bill reforms the Electronic Communications Code for telecoms infrastructure deployment26/11/2021 16:25:00
Reforms to the Electronic Communications Code are set to become law as DCMS introduces the Product Security and Telecommunications Infrastructure (PSTI) Bill, which government suggests will further accelerate the rollout of mobile and fixed infrastructure.