* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Accelerating Cloud Adopti...

# Accelerating Cloud Adoption Across the Scottish Public Sector

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F03%2Fcloud-adoption-across-the-scottish-public-sector%2F)  
[](https://twitter.com/share?text=Accelerating+Cloud+Adoption+Across+the+Scottish+Public+Sector&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F03%2Fcloud-adoption-across-the-scottish-public-sector%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F03%2Fcloud-adoption-across-the-scottish-public-sector%2F&title=Accelerating+Cloud+Adoption+Across+the+Scottish+Public+Sector&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2024/03/cloud-adoption-across-the-scottish-public-sector/&ts=markdown)  
\[\](mailto:?subject=Accelerating Cloud Adoption Across the Scottish Public Sector)  
Link copied  
By [Phil Taylor](https://www.paloaltonetworks.com/blog/author/phil-taylor/?ts=markdown "Posts by Phil Taylor") and [Carla Baker](https://www.paloaltonetworks.com/blog/author/carla-baker/?ts=markdown "Posts by Carla Baker")  
Mar 01, 2024  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[cloud](https://www.paloaltonetworks.com/blog/tag/cloud/?ts=markdown)  
[Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown)

The cloud is here to stay. It's no longer a buzzword or the new tech kid on the block. Cloud technologies are used by organisations and individuals alike, providing scalable on-demand computing on a global scale. As a result, governments across the world are deploying cloud services at scale, and the capabilities are at the heart of most digital transformation journeys. In the UK, the Government published the Cloud First Policy nearly 11 years ago. Since then, we have seen the publication of the [National Cyber Security Centre (NCSC) Cloud Security Principles](https://www.ncsc.gov.uk/collection/cloud/the-cloud-security-principles) and the 5 Cloud Essential Characteristics by National Institute for Standards \& Technology (NIST). More recently, the Scottish Government developed the [Scottish Cloud Platform](https://cloud.campaign.gov.scot/) to provide the Scottish public-sector-simplified access to cloud technologies.

## Why Are We Using the Cloud? What Are the Challenges?

The ultimate aim of the cloud platform is to accelerate the adoption of cloud technology. However, many organisations are reticent about deploying cloud due to the perceived difficulties in migrating services or applications to the cloud. And, they are not convinced of the advantages that cloud presents.

Cloud solutions provide many benefits; they can be regionally based, infinitely scalable and consequently can be descaled when cost pressures require a reduction in spending. Within the public sector, many of the challenges with cloud adoption relate to the cost of entry, the ability to train or hire staff with the relevant cloud skills, and ensuring that the cloud services deliver value for money. Furthermore, organisations are faced with the challenge of managing large legacy applications, which run at the heart of many public services. They need to be rebuilt using cloud-native services to maximise the benefits and savings introduced with cloud computing.

## The Scottish Cloud Platform Service

To help lower the cost of entry, the Scottish Government developed a Cloud Platform Service (CPS) to give the Scottish Public Sector simplified access to cloud technologies (initially Azure and AWS). The aim is to accelerate the adoption of cloud computing, enabling public sector entities to speed up development, access discounts and prevent duplication of effort. This would effectively provide a one-stop-shop to access cloud platforms. Most notably, a central contract with the Cloud Service Providers should deliver cost savings and reduce the admin overheads for identity management and procurement within an environment that is approved by the Scottish Government.

## Cybersecurity --- A Shared Responsibility

However, while becoming a member of the Scottish Cloud Platform will bring several benefits, organisations will still be responsible for their risk and security management.

Being part of the cloud platform club does not mean that security will be addressed, or that the cloud service provider will be undertaking all the necessary security on behalf of the user. The well-known shared responsibility model holds true -- the customer is responsible for security ***in*** the cloud, and the Cloud Service Provider is responsible for the security ***of***the cloud. The challenges around data confidentiality, availability and integrity remain in the jurisdiction of the organisation deploying the cloud platform. Organisations need to consider these challenges when rebuilding legacy applications. Failure to do so is one of the main reasons why cloud migration projects fail or just don't deliver the outcomes that were expected. This cybersecurity responsibility is not only shared with the CSP, but building secure applications from the start needs to be a common objective of the development, cloud engineering and cybersecurity teams. This requires a cultural and organisational shift toward DevSecOps, which goes well beyond tooling.

Furthermore, given that the most common vulnerabilities in the cloud relate to misconfigurations or a misunderstanding of the cloud security controls, it is essential that organisations understand their security responsibilities and how to secure their cloud environments. An organisation's failure to understand their shared responsibility will have a significant impact on their cloud deployment and overall security posture.

## The Palo Alto Networks Approach

Understanding the shared responsibility model is the first step. Organisations also need to understand what cyber solutions they need for their particular use case. If they are building applications in Azure and AWS, they need to understand how to secure these throughout their entire lifecycle -- from the coding phase, building, deploying and finally running the application. Failure to plan for this will create friction between the different teams involved. It will introduce delays and impact the successful delivery of these applications.

On the contrary, problems will be addressed earlier in the development cycle and reduce the cost and mean time to resolution if developers and cloud infrastructure teams are co-owners of the security of the application and infrastructure being built. This issue becomes even more complex when the development of these applications is outsourced to a third party. It is imperative to set SLAs around security risks in the applications delivered and have a defined method to measure if these objectives are being met.

Prisma Cloud from Palo Alto Networks will allow organisations moving their workloads to the Scottish Cloud Platform Service or building new cloud-native applications to have full visibility. It will also help to set guardrails and automate the resolution of security issues at all stages of the development lifecycle and once the application is live and running.

It is clear that cloud provides a range of benefits to the public sector and the development of the Scottish Cloud Platform is a welcome step in helping organisations to deploy cloud technologies. However, it is crucial to maintain a steely eyed focus on security, given the myriad of cyber risks and threat actors targeting governments. A CSP will not do this for organisations, and a lack of focus will put data, applications and services at risk. Contact Palo Alto Networks [public sector team](https://www.paloaltonetworks.com/industry/public-sector#public-sector-contact-form) to make sure your organisation's data and services are secure, no matter what cloud platform you choose to deploy, and across multiple platforms from a single source of visibility, control and protection.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Partnering with Government to Strengthen Cyber Resilience in Poland](https://www2.paloaltonetworks.com/blog/2024/01/strengthen-cyber-resilience-in-poland/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Providing Optimal Cloud Security Outcomes Through StateRAMP](https://www2.paloaltonetworks.com/blog/2024/03/cloud-security-outcomes-through-stateramp/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

[#### Palo Alto Networks Advises U.S. Government on AI and Cybersecurity](https://www2.paloaltonetworks.com/blog/2023/11/palo-alto-networks-advises-u-s-government-on-ai-and-cybersecurity/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Education](https://www.paloaltonetworks.com/blog/category/education/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### CISA K-12 Report Blog](https://www2.paloaltonetworks.com/blog/2023/02/cisa-k-12-report-blog/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Implementing Cloud-Native Security](https://www2.paloaltonetworks.com/blog/2023/01/strategies-to-augment-cloud-native-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Palo Alto Networks Conformance to the NCSC Cloud Security Principles](https://www2.paloaltonetworks.com/blog/2023/01/conformance-to-the-ncsc-cloud-security-principles/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language