Considerations for security transformation without stifling innovation: Part 2
- 08 June, 2019 08:30
Bloomberg’s 2019 annual innovation index, which analyses countries around the world in respect to education, manufacturing, research and development, Australia is lagging in terms of innovation. The index recently rated South Korea as the most innovative nation, with Germany a close second. Australia meanwhile fell short, ranking only 19th in the world.
What is preventing Australian organisations from reaching their full technological potential?
New Rackspace research reveals that cybersecurity is a top risk to businesses, from their brand to their operations and financials. These concerns are compounded by a lack of confidence in organisational capabilities, with 50 per cent of Australian IT professionals not confident they have access to the staff or partners with the skills to manage inherent cybersecurity risks. Even more alarming is that nearly half of all local enterprises surveyed for PwC’s 2018 Global Economic Crime and Fraud Survey: Australian Report experienced a cyberattack between 2016 and 2018.
Digital transformation is no longer a nice-to-have but a business imperative, which for most means moving to the cloud. As cyberattacks become increasingly sophisticated, security is now a critical component of all cloud strategies and all variations of cloud architecture. Enter security transformation.
Navigating the road to innovation
Not surprisingly, the top three digital ambitions of Australian organisations are: improving staff productivity, enhancing business resilience, and increasing organisational agility. As organisations adopt cloud migration strategies to take advantage of cloud economics, they potentially expose their data to risks in this process. Cloud technologies allow employees to access distributed services and organisational data in new and beneficial ways; they are always-on and globally accessible. This requires a new approach to the implementation and operation of security controls and assurance practices – without these changes, organisations may unintentionally expose their data to new threats. According to Rackspace research, allowing staff and third parties access to data offsite poses the greatest threat to Australian organisations. Loss of data also ranks highly as a cybersecurity fear, with 86% of Australian IT professionals concerned about its potential effects on their business.
The path to cloud and innovation is riddled with considerable threats to security. As traditional security parameters continue to expand, and as networks become increasingly porous and complex, businesses must now learn to protect their data and workloads beyond the traditional ‘four walls’ of their organisation. Further, in order to manage this complexity, the use of automation of security controls and assurance practices is necessary.
This is where ‘Security-as-a-service’ can be invaluable in driving smarter cloud decisions, and ensuring an organisation is not at risk simply because it has chosen a cloud strategy that isn’t flexible or doesn’t suit its evolving and critical workloads. Organisations can turn to multi-cloud and multiple vendors to not only spread their workloads across multiple platforms, but also to leverage security expertise and professional services to develop (and automate) security controls. The benefits of multi-cloud and hybrid cloud environments are manifold, with 63 per cent of Australian IT decision-makers using cloud to generate operational efficiencies across their business.
Automation in security
Even with stringent security measures in place, cybercriminals persist, acting faster, smarter and more frequently. Cyber criminals make use of automation in order to find and exploit vulnerabilities. Australian organisations must fight fire with fire and start by transforming the way security is delivered and governed with automation. A good start is through the automating of security controls during service provisioning and through validation that these controls are operating effectively on a continuous basis. This practice is often completed with the help of a partner, while IT teams continue to develop in-house skills.
Cybersecurity concerns needn’t be an excuse for Australian organisations to deprioritise digital transformation or succumb to the legacy-style thinking of “if it ain’t broke, don’t fix it.” If hiring skilled personnel and cybersecurity talent is proving a challenge, Security-as-a-service for operations and professional services for security DevSecOps engineering may be the next best thing for futureproofing an organisation. Security transformation practices such as Security-as-a-service and DevSecOps not only offers the most effective and up-to-date security strategies available, but also ongoing support as the business itself (and the regulatory environment it is in) shifts and scales.
Although innovation and cybersecurity should be considered top priorities for all Australian IT decision-makers, one doesn’t have to come at the expense of the other with the right expertise behind you.