- Predrag TASEVSKI
Dear audience, ladies and gentlemen. First I would like to thank to the organizers for second time invitation of Economic Forum, in a such beautiful mountain view and spa centers.
Second, I would like to give you a short introduction of myself. I’m repressing today a NGO as a co-founder of Internet Governance Forum from North Macedonia. I have worked in cybersecurity for more than 12 years in several different industries, startups and international organizations, such as: DiploFoundation, OSCE, OECD, NATO and so on. A part from working experience, also I have graduated master studies in Cyber Security from Estonia, and post-master studies in Security in Computer Systems and Communications from France. Needlessly to say, today I work in cloud security and I’m based in Berlin, Germany.
I’m here to discuss a topic that recent years it has brought an attention. The constant development of new technologies is accelerating, and the range of digital solutions is continuing to grow. The risk associated with ICT has become increasingly clear in recent years due to a number of incidents. Thus the advent of cloud services, mobile and ICT - based products always brings in a new vulnerabilities. Over the coming years, the digital transformation of both public and private sectors will continue. The development of new technologies will accelerate, and the range of digital solutions will continue to grow.
For this reason, my speech today will be organized as follows:
- What is digital transformation and why is becoming more popular.
- What are the Challenges and threats in Cloud Computing.
- Which EU member states have addressed a digital transformation and/or cloud computing into their National Cyber Security Strategies.
- What are the best practices and recommendation.
- And finally I will conclude.
But before I start, I would like to share with you what do we mean by digital transformation. We have heard this terminology couple of time here at other panels at 29th Economic Forum.
And it is a usage of new, fast and often changing digital technology to solve problems by utilizing cloud computing. But then you might ask yourself why switching from already existing infrastructure to something into “cloud”? There are several reasons for this and bear with me I would only highlight the most important once. That is reducing costs, on-demand self-services, flexibility, rapid elasticity and scalability. And now I might lost you with my nerd language. Let me put it into a simple words:
- Resources are available from anywhere over the network.
- Computing resources available on-demand and self-service, by requesting only as you needed basis.
- You pay only for what you use or reserve.
- You can scale cloud resources - up and down.
To be able to use all above reasons to switch into cloud, you need to know what kind of cloud computing models you need. And there are several: Private, Community, Public and Hybrid Cloud. I would come back to this models later on a speech.
Due to the popularity of - digital transformation, that is cloud computing, several organizations that I have worked had migrated their infrastructure into “cloud”, in industries as financial, transport, health, national, tourism, and digital identities providers. And always before the migration starts is the question are we cloud ready. Among ISMS and Data Protection, GDPR and many requirements, there are few other important things to care about security in cloud. Those things are: set of policies, controls, procedures and technologies that work together to protect cloud based systems, and of course data and infrastructure.
But then few of you might say, hey is in that ISMS, standards, frameworks, regulations and requirements for? You might answer YES, but unfortunately NOT.
I would share with you a real example. In one of the financial industry where I was working they have implemented all the security and policy standards, frameworks and requirements. However, when the process of migrating into cloud started we have noticed that their existing security controls, policies and procedures are not cloud ready. The controls have been written 10 or maybe 15 years ago, and indeed they have protected the financial company from attacks and threats within on-prem infrastructure. However, after kick off the digital transformation plan we come to conclusion that if we migrate to cloud computing, half or even more than a half of the controls are no longer applicable. Therefore, we had to review and adjust the controls to meet the security requirements and cloud readiness. And frankly speaking, this might sound very simple task on one hand, but on the other hand it is not.
As development of new technologies is accelerating, the services are growing as well. Subsequently, future developments in cyber security are hard to predict. However, clear vision of the challenges which is influenced by digital transformation are: Everything is connected to the Internet - IoT Amount of data in digital form is only increasing Shared responsibilities, between state, private companies and cloud service providers The increased complexity and dependence on ICT-based products and services require a higher lever of expertise
In past two year few EU countries have updated their National Cyber Security Strategies. This updates are not only to bring better and more secure cyber space in the state but also to adjust to a new technology trends. That said, first country that has taken into account digital transformation and cloud computing is Dutch National Cyber Security Strategy updated in April 2018. Followed by Danish Cyber and Information Security Strategy also last year in May. And lastly this year in April Spanish National Cyber Security Strategy. Due to the time limitations I would not be able to go through each one of them into details.
Furthermore, I would share few recommendations taken from mentioned National Cyber Security Strategies and from my experience. That are:
- Strengthened cyber and information security efforts in the business community.
- Special attention should be paid to protecting technological inherence and industrial and intellectual property.
- Make the most of digital transformation opportunities, by using hybrid cloud model - combined with public and private cloud.
Last but not least I would like to summarize. Public authorities and businesses have a fundamental responsibility to ensure that security continue the development and digital transformation of the government and private sector towards the required level of security. The goal should be to strengthen trust in the Internet, digital transformation and development of new technologies, helping to build a secure ecosystem that boosts progress of cyber resilience, capacities and cyber security culture in the direction to single digital market. Therefore, if some states are in the process of drafting new version of National Cyber Security Strategies, within join efforts please make sure that you integrate and initiate cloud readiness and digital transformation goals in the strategy.