Brought to you by Blue Chip

IT security

How security can be embedded within private and hybrid cloud

Security and the cloud are two parts of technology that haven't traditionally been the best of friends. While it's essential for industry to grasp the innovation and speed that cloud offers, it's also vital in this age of ever-increasing compliance and a world even more aware of data privacy pitfalls, to ensure your digital assets are highly secure. Blue Chip has developed exciting new cloud services yet has a solid reputation in data security. How does CISO Tim Stringer manage to uphold the high standards of data security against the tidal wave of cloud innovation?

Tim Stringer

Chief Information Security Officer at Blue Chip

How can businesses establish hybrid and private cloud security with confidence. Our CISO, Tim Stringer, talks about the hurdles of integrating tough security with the cloud...

Will Spalding: You're watching Techerati 2019, you're watching it on, of course, Disruptive Live and I am fortunate to say that we've actually got our last guest of today. We've had a fantastic time, we've had some very relevant conversations I believe about all things ranging within tech, haven't we?

Bill Mew: It's been a great show, there's been an enormous footfall, all sorts of advertisers, all sorts of people present with a whole range of different stands, focused on security, blockchain, IoT, data centres, you name it, the cloud and everything! And we've also been very very lucky to have a whole range of experts come and talk to us. Unfortunately we're down to our last guest on the last day.

Will Spalding: We are indeed.

Bill Mew: So, our last guest, but definitely not least, I'd like to introduce you to Tim Stringer from Blue Chip, who are really focused on cloud and helping a number of clients with their migration and direction. You're the CISO I believe for Blue Chip, tell us a little bit about yourself and what you guys have been up to at the show and what your focus is.

Tim Stringer: Okay, thank you. So, from a CISO perspective, security is not always synonymous with cloud, but the ability to make sure we work with customers and try to transition their environments into hybrid/public clouds while not forgetting about security. A long time ago, security was the 'no' - the slow chain - the people that would always block things and stop things and make things not, what everything cloud is about, you know, speed and agility. We were the adversaries of that, whereas now it's embedded and our aim is to actually work seamlessly.

Will Spalding: A lot of our guests who have come on today, and yesterday as well, have mentioned about this public cloud, okay. It depends obviously which company has come on really, with their own agenda, but a lot of businesses I think here, have agreed that, really this hybrid multi-cloud model is something that is the way forward. Is that something that you're an advocate of, really, at Blue Chip as well?

Tim Stringer: From our perspective that's something that we're championing. We see the value in the traditional private cloud, we see the value in the public, but the ability to seamlessly pull that together and give that service and security offering around that, is something that we're really pushing for.

Bill Mew: Well obviously in the early days of cloud, there are people who were enormously fearful from a security perspective, and that was one of the main inhibitors towards cloud. Obviously, there's been a great deal of learning since then and as actually things have moved on enormously, and there's that large realisation in many different corners that actually, things can be more secure in the cloud, because, possibly you don't have the latest secure technology in on-premise, you may not have the best skills available to you in your own private data centre. Obviously, experts such as yourself are going to provide a far greater level of expertise, what are the sort of services you're providing to your clients to put their minds at ease, to help them with that transition and to make sure they're secure?

Tim Stringer: I think some of the emerging technologies that we're dealing with, put people's minds at ease and give the assurance that, you know, if you were to say, public cloud, the security option is potentially a tickbox and there is a big demarcation between any of the public cloud providers and what they're responsible and actually, people putting their workloads, putting their data, their real crown jewels, in another person's environment and another person's systems, there maybe, a little bit of a gap there.

[tannoy announcement]

Will Spalding: Okay, we're just going to wait for that to stop actually, it's just going to cut off what you were saying!

Bill Mew: I'm not sure you can compete with that!

Tim Stringer: No! Ha ha ha...

Will Spalding: I hope you've had a successful show too, actually, but we'll keep talking.

Tim Stringer: That's alright, yeah.

Will Spalding: So, in terms of, obviously, you look after the security. That is your bread and butter.What is some of the threats that you're finding with Blue Chip, for these SMEs, that potentially you're helping out, for your partners as well, that you think, 'yeah, this is something that we really need to tell people about' and really say 'these are your actual threats that are going to happen'?

Tim Stringer: I think there are lots of threats out there, and obviously, it depends on the type of business that our customers have and people have out there. Some will be visible, some will be pertinent to them, but visibility. If we talk cloud, the ability to know where your assets are, where things are. Are they controlled? Are they in compliance? Or are there things that have changed, on a minute, hour, daily basis that actually then, affects the whole posture, so that ultimately, could add an additional risk to the business, because from a business perspective, we're not talking tech, that doesn't get the mention of the board. What's actually mentioned, what that looks like as a business impact, which may be financial, if we're talking things like, regulatory - GDPR and elements such as that - but also, the ability to actually, you know, sleep a little easier at night, knowing everything is how it should be.

Bill Mew: And a lot of people I've been speaking to, have said, in terms of moving to the cloud, many of the inhibitions have gone and people have now accepted that actually cloud is broadly acceptable as an enterprise platform. And indeed, many of the low-hanging fruit, the easy-to-move workloads have already been moved to the cloud. What a lot of people are left with is the stuff that's a little bit more challenging and the stuff that possibly isn't going to be easily migrated and it's actually providing a real overview of even management platform in a secure environment for that entire hybrid environment. That's the real challenge now. What are the sort of steps that you're taking with your cloud, to ensure that they can manage their workloads across public and private and keep it secure?

Tim Stringer: From our perspective we're pushing the seamless integration so that from a perspective of whether it's hybrid, private, public, the ability to see across the whole estate and infrastructure, so that, as you say, the easier workloads, the low-hanging fruits moved and gone, but also we are seeing businesses that have moved that and actually, they're on the second generation now, but other bits are moving back. There may be some challenges, there may be some problems around that, but from an ability to offer a joined-up view, and the assurance of, whether it be private, public, hybrid, that the data and information and the assets of the business are absolutely safe.

Will Spalding: Yeah, and what's next for Blue Chip, I suppose? In the next eighteen months, two years, where do you really see the company going in terms of, I suppose, internally as well, but more so as a company, what do you see as the next step that you're going to be offering to your clients?

Tim Stringer: Well, cloud's a big thing, as I say it's a very high-level, nice tagline. But from the perspective of the bits that underpin that and actually drive that forward and move, the...

[tannoy announcement]

Tim Stringer: ...ha ha ha! I'll repeat it again when it's,

Bill Mew: We're competing!

Will Spalding: We are, aren't we? You carry on, carry on!

Tim Stringer: So from the perspective of how we underpin that strategy, so that actually, as you say, some of the harder workloads, the bit that actually, the big providers may not offer that niche skillset in, that's been our core bundle for the last 30 years. So actually the ability to offer that niche and integrate into what some of the big disruptive people are playing with.

Bill Mew: And also I think we saw in the early days of cloud, there were concerns about security which were overcome, but then...

[tannoy announcement]

Bill Mew: ...we carry on competing!

Will Spalding: They really want us out, don't they?

Bill Mew: They do! But after that, people started to move big workloads, very quickly into the cloud, possibly in a little bit of a rush, there's a lot of virtualised workloads that moved to the cloud without really thinking about should they be re-architected and am I going to be able to host these in the cloud and manage them effectively, and I think some of them have come back.

Tim Stringer: I think that's they key thing, it's the effective management and it was the rush to move them, you know, a few years ago.

Bill Mew: What is the advice that you're giving to your clients, what possibly one might describe as 'pragmatic migration', getting that right, which workloads...

Tim Stringer: It's a business balance isn't it at the end of the day. It's cost versus risk, a lot from a cyber perspective and governance comes down to cost versus risk and as you say, the people at the early adoption phase were more cost-focused and transitioned a lot of workloads, but potentially they're seeing now maybe some additional risks around that and naturally there may be some options to re-architect that. Building, enhanced services, embed the security in, so that actually they still get the benefits of the cloud offering, but de-risk them on their board report.

Will Spalding: Unfortunately, Tim, we're going to have to start to wrap things up there a little bit actually, but thank you ever so much.

Bill Mew: Enormous apologies to you, for the competition!

Tim Stringer: I like a bit of competition! Ha ha ha!

Bill Mew: We've done amazingly well! Ha ha ha!

Will Spalding: We all did very well, actually, but no, thank you very much for coming on, thanks for joining

Tim Stringer: Brilliant, thank you.