sb-au logo
Story image

Exclusive: Aura on designing a secure IT infrastructure

17 Sep 2018

Despite growing recognition of the importance of cybersecurity to organisations in Australia, more often than not, it’s still regarded as an afterthought in the implementation of new solutions.

For most of boards, it’s difficult to justify the expense on security until after it’s too late and its already suffered the consequences of a cyber attack.

SecurityBrief spoke to Aura Information Security Australia country manager Michael Warnock about what it means to implement secure IT systems from the ground up.

What are the most common challenges CSOs face when building security into their IT systems?

A security by design approach enables CSOs to proactively identify the security risks in their business early on enabling them to remediate vulnerabilities when it is most time and cost effective.  

After all, if companies don’t have the visibility of the information security risk they are introducing, then the organisation is potentially leaving more valuable information assets wide open for cybercriminals.

The most common challenge continues to be to articulate the value of implementing versus the risk of not implementing, and secondly evaluating current staff skills and the development needed to be able to ‘code’ securely. 

However, it should be also noted that being secure by design is an ongoing process and not one that is forgotten as soon as a project is complete.  

IT systems aren’t static.  

They are modified and patched once deployed and have an inherent risk that needs to be managed by IT teams as part of any risk and compliance management program.

How can CSOs overcome these challenges?  

Organisations should look to augment their recruitment and look for developers who are trained in DevSecOps.

Working with a partner like Aura which can implement training and development programs for their teams is also worthy of consideration.  

CSOs should also add secure code reviews to a development program which will provide insight into any issues in a development plan early on in the cycle avoiding the challenges where these are normally ‘tested’ very late in the program.

Aura considers a secure by design approach to include the following four-phase process:

  1. Design Phase – potential security risks are identified by software and infrastructure security architects.
  2. Build Phase - our consultants help CSOs check that they are building their systems in a secure way.
  3. Test Phase – conduct of end-to-end penetration tests to ensure any security flaws are remediated and provision for full visibility.
  4. Operate Phase – ongoing analysis, reporting and security optimisation occurs for the duration of the system’s operating life.

How can organisations with fewer resources protect themselves if they realise they’re being attacked?

There is a saying that goes, “you can only protect against what you know is attacking you”.  

When a vulnerability is identified, the need to defend against this is time critical.  

By deploying a shield approach to vulnerability management the physical source code ‘recoding’ allows for a wall to be established faster defending you from the bad guys.

The philosophy Aura promotes is that any prudent security program should have code remediation as an element, so we don’t say don’t fix your code, but use a shield to give you time to get that done correctly.  

Story image
Sophos unearths origin of prominent cryptominer
The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Check Point invests in local cloud capabilities in A/NZ
As public cloud usage in Australia and New Zealand grows, the company says it will continue to invest locally to support businesses.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More