Story image

Exclusive: Is cloud migration worth the security risk?

Recently IT Brief had the opportunity to get in touch with  Chris Seller, CIO, Airservices Australia to discuss digitisation, the cloud and threats surrounding them.

To start off with can you tell me a bit more about Airservices Australia's partnership with ASG Group?

Airservices Australia needed an infrastructure-as-a-service (IaaS) solution to deal with a renewal of the ageing infrastructure which hosted the organisations key business systems. We need to move our systems of record, ERP and documentation systems out of the head office environment. The technology we were using included over 800 virtual machines, several hundred physical devices and about a petabyte of storage. 

After a comprehensive market review, the IaaS contract was awarded to ASG in early 2018 and included support of all our business system infrastructure, compute, storage and end user (desktop) environments.  To add to the complexity, we had a deadline of mid-2018 driven by our Canberra property consolidation program. 

As part of the tender process, ASG presented an innovative solution in which involved moving our systems out of the office environment and onto a highly secured ASD certified Vault cloud.  It was this solution that won ASG the tender valued at $84 million over a five-year period, which included the cloud migration and several other major projects. 

Working with ASG and Vault really showed us the possibilities and what we could achieve for the company if we really embraced this cloud migration. 

Can you explain the importance of keeping Australian flight data in a secure sovereign cloud?

Airservices Australia is responsible for over 4 million aircraft movements carrying more than 90 million passengers and provides air navigation services across 11% of the world's airspace.  As these numbers grow over the next few years, it’s vitally important to ensure that we invest in highly reliable infrastructure services that will ensure our operations remain safe, secure and efficient, this is the assurance Vault Cloud provides. 

The system that have been migrated so far are the systems that operate our business. These are not the operational air traffic control systems which are highly specialised systems engineered for safety and reliability collocated with our operational centres in Brisbane and Melbourne.  

Vault operates as a sovereign cloud, keeping the data on-shore, and they’re ASD-approved. Not all of the business systems we have transitioned to the cloud require that level of security today, but in the future, it’s very possible they will and this puts us in a very good position to respond to that eventuality. 

What are the risks of cloud transition in a time when the cloud landscape is rife with cyber-attacks?

As the CIO I can’t control the threats, but I can control the position I put the organisation in to have as safe and as secure an environment as possible. There is no doubt in my mind that we, like many organisations, will be a potential target for hackers and criminals.  Vault has built security into the foundation of their system which secures our data well beyond where we were in the past, and probably much better than I could have built myself.

How can these cyber threats be avoided or at the very least minimised? 

Security is something we take very seriously at Airservices. I think good security hygiene starts with education. We are committed to improving our compliance to the ASD Essential Eight and we are also undertaking a major Cyber Security transformation program which will significantly improve our current defences and response capabilities. 

Having our data on Vault Cloud is a key step in upgrading our defences. Vault is incredibly in-depth with its security certification. It took Vault three years to get ASD certified. There were nearly 100 companies that have attempted to get through the ASD certification process and obviously very few have successfully come out the other side.

Can you tell me about the transition to Vault’s cloud and how it affected efficiency within Airservices?

Once the contract was signed, it was like a military operation getting everything migrated.  The agency has now moved around business 135 applications and close to a petabyte of data to the cloud. The effort took about 21,000 man-hours.

While the deal doesn’t give Airservices a huge cost saving, around AU$1-2 million per year compared to building a similar capability in-house, the real advantage comes from the flexibility and agility Airservices now has as a result and that’s how more organisations should think about moving to the cloud.

We have seen some impressive performance improvements for our end users, batch processing and workflows etc.  Provisioning of new environments is now down to hours instead of weeks.  Another advantage we hope to tap into is the growing ecosystem of capabilities that are coming online in Vault from proactive system performance monitoring and automation to advanced data analytics.

25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.