Story image

Interview: Aura Information Security explores Cybersecurity-as-a-Service

28 Nov 2017

In June, Michael Warnock became Country Manager for Aura Information Security, a subsidiary of mission-critical technology solutions provider, Kordia. Since then, he has been working to build awareness of the processes needed to change how Australian companies approach cybersecurity.

“Our focus is not necessarily led by technology. I think that the market has moved past ‘the latest and greatest widget or piece of software.’ Aura’s focus is on leading with an advisory and assurance framework. The technology piece has to be done right, but too many organisations look at technology as a silver bullet. If your people and processes aren’t right, technology won't deliver the required outcome. We are striving to be the trusted advisory partner in the world of cybersecurity. That means providing outcomes.”

In Australia, Aura is spearheading its cybersecurity offering through its partnership with RedShield — integrating RedShield's innovative “security at your service” driven approach.

Robin Block sat down with Michael to understand how this approach differentiates Aura Information Security in the Australian market, and gain insight into how changes in the industry are providing both challenges and opportunities.     

Do you think the demands for cybersecurity are changing — what are you offering the market and how are you expanding?

Michael: CFOs and CEOs are getting increasingly involved in security decisions — they don’t want their organisation to be the next to feature on the front pages because of a breach. This is particularly relevant with the new mandatory reporting regulations that will come into effect at the end of February. We are building a specific ‘gap-plan’ and ‘get-well-plan’ to enable companies, and also government departments, to prepare for this change.

My role is to grow a team that can fulfil our expansion through direct and indirect channels. One focus will be government. However, there is a massive untapped opportunity in mid-market organisations that are looking for cyber assurance and cyber technology capabilities.

We see cybersecurity as a high growth area, and on the back of significant growth in New Zealand believed the time was right for Aura to enter what we see as an under-serviced market here in Australia.

We are specifically focusing on the mid-market because they need partners. Customers in this space tell us they simply don’t have the ability or resource to attract and retain specialist staff. For this reason, we are offering security as a service — allowing mid-market organisations to build a robust security posture without the challenge of hiring and retaining cybersecurity talent. Our goal is to build a brand around providing a strong framework of advisory and assurance.

Do you think there is a talent shortage in cybersecurity — have you had difficulty building your team?

Michael: Recruitment is always a challenge because you are dealing with an unknown. Globally, there is a shortage of cybersecurity professionals – and that’s certainly the case here in Australia too.

However, I believe that some of that reality is caused by inefficiencies in the allocation of existing resources. Companies tend to duplicate cyber capabilities, and most talent is drawn to high-end organisations. The mid-market often gets left out of that equation. Because of this, the mid-market has become easier prey for cyber-criminals who see it as a much softer target than banks or government.

We are providing a solution to both the mid-market's immediate problem, and a framework to address the entire market’s supply problem by consolidating talented individuals in one place and providing solutions to a large number of organisations.

It is also important to look beyond technically trained professionals at a wider range of talent clustered around analytical thinking. I am a firm believer that people buy from people.

They buy an outcome, but they buy that outcome because they trust the person sitting across from them. My goal is to build a team of sales professionals, work closely with customers to identify problems, and build a framework for expansion. We can use people with technical cyber training to do that, but we are also looking to train tenacious and talented people from a range of backgrounds to assist in our expansion.   

What is in the future for Aura in Australia and cybersecurity?

Michael: In addition to what we’re already offering in the areas of consulting services,  penetration testing and web-application shielding, we will soon unveil into market a particular offering focused on mandatory data breach notification.

We are also bringing to life a Virtual Security Officer (VSO) offering to which organisations can subscribe and bring experience and expertise into their business on an as-needed basis. We will anchor those products and services and be in market by the end of the year.

We want to be able to go work with the market to understand the specific problems afflicting different companies and build a framework that can deliver outcomes from an advisory, policy and procedural point of view. We aim to differentiate ourselves through a focus on the non-technical aspects of cyber, and the provision of that framework as a service.

In the longer term, it is important to increase the number of people in the industry – and to do this we need to foster up-and-coming cybersecurity talent. In New Zealand, we have recently signed a scholarship agreement with a large university and we are looking to set up something similar in Australia in due course.

We want to be the go-to partner for cyber advice — particularly in the Australian mid-market. We have a proud history of doing that in New Zealand already and have been a trusted partner to a wide range of organisations across many industries for more than 10 years.

I believe there is demand for this outcome. Companies have dealt with other providers and still not achieved what they want. They are looking for somebody new — we want to be that partner.

Article by Robin Block.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.