For the past decade, cloud-first strategies have become increasingly popular among Canadian governments. The Federal Government adopted a “cloud-first strategy” to deliver IT services and deployments while Provinces are also aggressively pursuing cloud strategies. Since 2015, the Quebec government in particular has pursued a global modernization strategy that positioned cloud as foundational to their future services and encouraged its agencies to accelerate their adoption. This led to a rapid acceleration in their cloud journey that resulted in many core and arm’s length government agencies leveraging public, hybrid, and private clouds for their key programs.
Ontario isn’t far behind, having refreshed its cloud service catalogues to include a larger variety of providers. Ontario Ministries have access to a limited but growing catalogue of cloud services that will soon include Oracle, Microsoft and Amazon Web Services. Atlantic and Western Canada have more recently begun their cloud journeys though the technology will certainly form the backbone of major future IT projects.
And yet, the threat of cybersecurity attacks importantly remains top of mind for many Canadian leaders as governments continue to transition to the cloud. Some agencies still wonder whether moving data off-premises and into private sector data centres is the right move given recent global events.
Questions have been raised whether governments should continue their cloud transition given today’s security threats. Does moving to cloud enhance or diminish the Canadian Public Sector’s exposure to foreign hackers?
Perceptions of Cloud Security in Canada
The Ukraine conflict has demonstrated the importance of effective cybersecurity strategies. Given Canada’s fierce support for Ukraine, the Canadian Public Sector is understandably on edge as being perceived targets for foreign hackers. This played out earlier this year when Global Affairs Canada was the target of a major hack that severely affected operations—a hack that was largely suspected of being Russian related.
Security concerns over third-party hosting is one of the most common misconceptions we encounter within the Canadian Public Sector amongst those organizations just starting their cloud journey. Customers often believe that data stored off premises is more vulnerable to malicious behavior.
However, while this was a common concern when we were first introducing cloud services in Canada, you rarely hear it now amongst those more accustomed to cloud services. This understanding reflects a growing comfort level with cloud security across Canadian Public Sector agencies.
Evolving Threats Require Evermore Robust Cloud Security
Although the war in Ukraine has surely increased the awareness and importance of cybersecurity best practices, the concerns really aren’t new. Threats have always existed. The nature of them just changes. The focus on data sovereignty and security was actually already increasing even before the war. The COVID-19 pandemic for example dramatically expanded remote work and on-line shopping and provided broader attack opportunities for hackers. In fact, in March 2020, there was a 30,000% increase in Covid-19 related attacks and malware.
It was in this atmosphere where public clouds, like Oracle Cloud Infrastructure (OCI) were conceived and designed. Today’s clouds are built with security-first principles that combine built-in security, plus add-on services, to provide essential security offerings for business-critical workloads.
The Public Clouds and their security features are also continuously evolving to respond to threats. New generations of clouds like Oracle’s second-generation cloud (called Gen 2) further reduced risks from constant cyberthreats with a variety features including “least privilege access,” and autonomous technology based on machine learning and artificial intelligence. Automation reduces human error, identifies threats and quickly deploys patches and cybersecurity best practices agencywide. These technology advances help isolate threats and lock down the Cloud more effectively compared to earlier iterations of public clouds that were developed in an era where automation techniques were still relatively immature.
Like an arms race, public clouds have been evolving in parallel with global security threats. Cybersecurity experts design and sustain them with the highest security considerations in mind and we are often able to do this at a speed and agility unmatched by inhouse public sector capabilities.
Although some agencies would understandably want to keep their most important data – their “crown jewels” on-premise – a public cloud option should continue to be considered as agencies modernize their applications.
In the public cloud, our cybersecurity experts protect data day and night, so IT pros at these agencies don’t have to.
As a 25+ year technology sales and management veteran, Randy’s full career
has been spent assisting customers break through the silos and barriers that
have been separating them from their clients, growth, information, and
data. Randy is currently assisting the Federal Government modernize their Oracle footprints through Oracle Cloud Infrastructure.