Beyond Cloud Video Interview with Phil Bindley from The Bunker

IntelligentHQ.com in partnership with Groupe INSEEC London presents: A Beyond Cloud Interview with Phil Bindley from The Bunker.

The Beyond Cloud Series of video discovery discussions examines the viewpoints of some of the top minds in the UK cloud computing space as they share their views on the trends, issues and realities of the industry – and the industries which it impacts.

News of cyber-attacks aimed at the enterprise on the increase, and fresh revelations from Edward Snowden revealing how spy agencies in the US and UK allegedly compel technology firms to help them bypass encryption, should serve as a stark wake-up call for companies to get security right, especially when moving to the cloud. All organisations, regardless of size and business model, using the Cloud and cloud providers should be aware of the dangers that exist. The situation gets even more complicated when you consider most Firms are starting to deploy multiple cloud services to handle a myriad of ever-increasing business operations.

In a Find the Edge article, IT security expert Adrian Spink explains the importance of conducting a full assessment of a cloud provider’s security procedures before outsourcing. In the article he discusses the lessons to be learnt from recent high profile security breaches.

Spink said: “What’s intriguing about the recent Syrian activists’ attack is how it exposes a basic security loophole that might not have appeared obvious to the firms affected.
“In this case it appears that their hosting company was targeted because one of its reseller usernames and passwords had fallen into the wrong hands.
“But it’s not just web sites that are hosted in the cloud. More and more organisations are trusting critical data and services to outsourced hosts. The more organisations that are involved in providing your cloud services, the less direct control you have over preventing a security breach.”

Spink explains that while outsourcing to cloud providers can offer many advantages, its important to be proactive, and to independently assess the threat to a company’s data.

He makes the valid point: “The fact is that you can’t undo a breach once it’s happened. Attitudes need to change at the institutional level as well, according to the recently released Security of Cloud Computing Users Study, since only half of those surveyed said that they actually examine the cloud security features of the services they use. It gets better, the report states “over 50% of those surveyed are completely confident in the security of their cloud services”.

Phil Bindley, CTO at The Bunker, in a blog post titled IT Security Standards and the dangers of the “Trophy Hunter” articulates the point best:

All standards to my mind, whether IT Security related or otherwise should be the result of the beliefs and therefore the culture of an organisation. If behaviour is defined by society then standards are a recognition that we are behaving in a certain way, be it to protect or to preserve.

Organisations struggling with cloud security, but are serious about changing company cultural attitudes need to consider the following:

  1. Stay abreast AND ask clear and direct questions about security policies. Take ownership.
  2. Research the actual location of the cloud server.
  3. Strengthen Username and password security
  4. Enhance cloud security by using ‘best of breed’ industry standard encryption and authentication protocols, such as IPsec.

About

A Certified Information Systems Security Professional (CISSP), Phil has worked across a broad range of technologies, industries and clients, both within the UK and internationally.  He is closely involved in the strategic deployment of ultra secure bespoke cloud solutions and is equally fluent communicating in the language of the boardroom or with the most technical of teams.

His past senior level experience spans roles in the UK and Germany across Telecoms, Managed Security and Managed Services, always with a keen focus on ensuring that his clients’ technical infrastructure and processes are properly aligned with the wider business objectives.  His CV includes spells at NTL, Nortel Networks, Vistorm (now part of HP) and most recently Bluechip, where he was responsible for consolidating the company’s infrastructure and identifying new revenue streams.

Phil has helped build multiple successful managed services businesses and now sits on The Bunker’s Executive Leadership Team where he is responsible for leading The Bunker’s technical development through its future growth and evolution.  He is a passionate exponent for basing cloud deployments on sound information security and management principles, seeing this as the foundation for achieving the anticipated business and operational improvements, without introducing new risks or vulnerabilities.

About the Beyond Cloud series

Taking a conversational, interactive approach, we pose four broad but critical questions on the issues impacting businesses today to perspectives including Technologists, Strategists, Users, CEOs, Marketers and other Business and Thought Leaders across the sector. Each session begins with positioning our guest, by means of what Cloud means to their role and their business – either the delivery or use of cloud – including views on the risks and the opportunities. The conversations – each unique but overlapping as a result of the various points of view on offer – then move to the outcomes and promise of this technology and, from there, where and when regulation and standards should (or shouldn’t) come into play. We close with their views on what this cloud thing really means and where it is might take us, going forward.

The nature of our guests and the variety of discussion provides a broad set of insights which in whole or in part promises to deliver some clarity and a framework for understanding of the impact of cloud technology to all audience. We welcome your comments and feedback.

Produced by IntelligentHQ, hosted by Groupe INSEEC London and presented by Daniel Steeves, Beyond Cloud is a “mostly pitch-free” environment: discussions will necessarily include product and company references but, hopefully, used to illustrate rather than to sell.