SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Australia trailing behind APAC in cloud migration and security
Wed, 3rd Oct 2018
FYI, this story is more than a year old

Despite many Asia Pacific countries being renowned for their forward-thinking operations in mature IT markets, they are still trailing behind in their ability to implement security management.

A new report from Ovum and Juniper Networks shows that organisations in Australia, Japan and Korea actually rank lower than countries in emerging IT markets when it comes to centralising security management and cloud adoption.

Complacency could be an underlying cause of the sluggishness – in Australia, IT managers report fewer security alerts than other Asia Pacific countries. 68% say they receive fewer than 50 threat alerts per day, while 43% of APAC respondents say they receive more than 50 per day.

Adding to the frustration is the fact that 78% of managers say less than 10% of alerts they receive are legitimate and require further action.

“The findings of this report should come as a serious wake up call for Australian businesses that have become, or risk growing, complacent in their approach to security,” comments Juniper Networks senior systems engineering manager James Sillence.

“Despite being viewed as one of the most technologically mature in APAC, the reality is that most Australian enterprises today are hamstrung by the same technologies that once helped advance the nation's IT economy. For Australian businesses to maintain their leadership, complexity and silos must be brought out of the enterprise security equation, and be replaced with a ‘single pane of glass' approach to data management.

Despite security alerts a siloed approach to security still persists. The survey found that many organisations in Asia Pacific aren't centralising security management – more than half of organisations with more than 1000 branches or more say they manage more than 100 tools. However, 83% of respondents use fewer than 50 tools.

The survey also hinted that Australia has been less enthusiastic about the transition to cloud that it would like to think.

Juniper looked at how many Asia Pacific organisations have migrated to IaaS or PaaS platforms and found that larger companies are more likely to have migrated (74%), compared with smaller companies (between 11-50% of respondents).

In Australia, 64% of IT managers report low-to-no migration of workloads to the cloud. 34% say that between 10-50% of their workloads have been moved.

Juniper Networks says this trend is more representative of the entrenched legacy infrastructure prevalent among Australian enterprises than strict opposition by organisations to the cloud.

As uptake of cloud-based services improves, security managers will need to extend security functions to the cloud – particularly as off-premise security policy management isn't yet well established in Australia.

The report found that 48% of Australian IT managers use on-premise security, while 38% use security offered by IaaS and PaaS providers.

The report makes the following recommendations:

Enterprise decision-makers must take steps to consolidate visibility and control of their security infrastructure

Security decision-makers across all verticals should invest in centralized management capabilities, enabling them to control the disparate security tools in their infrastructure and address the challenge of prioritizing the volumes of daily alerts they receive.

Only by bringing together into a "single pane of glass" and correctly handling the data from their security silos will companies be able to gain an enterprise-wide view of threats and manage their cyber-risk appropriately.

More companies should investigate a separate management layer for security 

Too many companies rely on separate dashboards for each of their security tools, and SIEM platforms only go part of the way in addressing the centralization requirement. Ovum believes that more companies across all verticals should investigate the deployment of a separate management layer, into which all tools should all be able to report, and from which adjustments to their security posture should be rolled out quickly across their infrastructure.

Investment must be made now in security for IaaS and PaaS cloud environments 

Ovum also recommends that enterprise look to invest in capabilities and/or services that allow them to manage security for their operating systems, middleware, and runtime environment, the data and applications customers are using in IaaS environments, and the data and applications they run in PaaS services.  Importantly, enterprise security leaders must review their policies as they relate to their off-premises or virtualised IT resources.

Simplify – and enforce consistency in – security management 

Complexity – in terms of both the number of products in use and the pressures to cloudify security resources – underpins many APAC enterprises' security environments.

To mitigate the risks this creates for security management, platforms that streamline and automate operational environments and help contain the proliferation of disparate security tools are recommended.

The Too Much of a Good Thing? Enterprise Cybersecurity Adoption Trends across Asia-Pacificreport polled 350 IT professionals in 11 countries.