Story image

Exclusive: Is cloud migration worth the security risk?

Recently IT Brief had the opportunity to get in touch with  Chris Seller, CIO, Airservices Australia to discuss digitisation, the cloud and threats surrounding them.

To start off with can you tell me a bit more about Airservices Australia's partnership with ASG Group?

Airservices Australia needed an infrastructure-as-a-service (IaaS) solution to deal with a renewal of the ageing infrastructure which hosted the organisations key business systems. We need to move our systems of record, ERP and documentation systems out of the head office environment. The technology we were using included over 800 virtual machines, several hundred physical devices and about a petabyte of storage. 

After a comprehensive market review, the IaaS contract was awarded to ASG in early 2018 and included support of all our business system infrastructure, compute, storage and end user (desktop) environments.  To add to the complexity, we had a deadline of mid-2018 driven by our Canberra property consolidation program. 

As part of the tender process, ASG presented an innovative solution in which involved moving our systems out of the office environment and onto a highly secured ASD certified Vault cloud.  It was this solution that won ASG the tender valued at $84 million over a five-year period, which included the cloud migration and several other major projects. 

Working with ASG and Vault really showed us the possibilities and what we could achieve for the company if we really embraced this cloud migration. 

Can you explain the importance of keeping Australian flight data in a secure sovereign cloud?

Airservices Australia is responsible for over 4 million aircraft movements carrying more than 90 million passengers and provides air navigation services across 11% of the world's airspace.  As these numbers grow over the next few years, it’s vitally important to ensure that we invest in highly reliable infrastructure services that will ensure our operations remain safe, secure and efficient, this is the assurance Vault Cloud provides. 

The system that have been migrated so far are the systems that operate our business. These are not the operational air traffic control systems which are highly specialised systems engineered for safety and reliability collocated with our operational centres in Brisbane and Melbourne.  

Vault operates as a sovereign cloud, keeping the data on-shore, and they’re ASD-approved. Not all of the business systems we have transitioned to the cloud require that level of security today, but in the future, it’s very possible they will and this puts us in a very good position to respond to that eventuality. 

What are the risks of cloud transition in a time when the cloud landscape is rife with cyber-attacks?

As the CIO I can’t control the threats, but I can control the position I put the organisation in to have as safe and as secure an environment as possible. There is no doubt in my mind that we, like many organisations, will be a potential target for hackers and criminals.  Vault has built security into the foundation of their system which secures our data well beyond where we were in the past, and probably much better than I could have built myself.

How can these cyber threats be avoided or at the very least minimised? 

Security is something we take very seriously at Airservices. I think good security hygiene starts with education. We are committed to improving our compliance to the ASD Essential Eight and we are also undertaking a major Cyber Security transformation program which will significantly improve our current defences and response capabilities. 

Having our data on Vault Cloud is a key step in upgrading our defences. Vault is incredibly in-depth with its security certification. It took Vault three years to get ASD certified. There were nearly 100 companies that have attempted to get through the ASD certification process and obviously very few have successfully come out the other side.

Can you tell me about the transition to Vault’s cloud and how it affected efficiency within Airservices?

Once the contract was signed, it was like a military operation getting everything migrated.  The agency has now moved around business 135 applications and close to a petabyte of data to the cloud. The effort took about 21,000 man-hours.

While the deal doesn’t give Airservices a huge cost saving, around AU$1-2 million per year compared to building a similar capability in-house, the real advantage comes from the flexibility and agility Airservices now has as a result and that’s how more organisations should think about moving to the cloud.

We have seen some impressive performance improvements for our end users, batch processing and workflows etc.  Provisioning of new environments is now down to hours instead of weeks.  Another advantage we hope to tap into is the growing ecosystem of capabilities that are coming online in Vault from proactive system performance monitoring and automation to advanced data analytics.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.