SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Keeping data in the cloud will prevent breaches from raining down
Tue, 6th Mar 2018
FYI, this story is more than a year old

Australia is quickly embracing cloud technology across many different industries including business, manufacturing, education, and government. According to the Australian Bureau of Statistics, in just the last year alone, cloud computing services has climbed from a mere 19 percent to nearly 35 percent.

With so many organisations switching to the cloud, it might seem like a great time for other organisations to embrace this technology. Given the increase in cybercrime, hacking and even hardware vulnerabilities, as seen with the Spectre and Meltdown breaches, and the creation of mandatory breach notifications, it is clear that there are security concerns in many aspects of data storage, including cloud technology, which are paramount in the digital age.

In Australia, global cloud service providers as well as local Australian cloud providers provide plenty of competition for the varying industries of Australia to choose from. With competition aplenty, it is important to understand what makes the cloud secure, what are the security risks and how the cloud fits in with digital transformation.

Just as a farmer looks to the clouds for the rains which will either bring vibrant life to his crop or for which the lack thereof will cause his crop to wither and die. So too must business observe and understand the digital cloud, to be able to recognise and act on the signs of rain, storms, or drought ahead.

Digital transformation within Australia  

Over the past few years, the Australian Federal Government has actively launched a push for all government agencies to embrace digital transformation in order to make services simpler, more efficient and cost effective.

It will also allow resources to be quickly deployed to citizens all across Australia. In the quest for further digital transformation, the government has advocated a cloud first policy, meaning that government agencies must preferentially store information on the cloud rather than physically.

The rollout of Govpass is a good example of how the government has embraced digital transformation. Govpass allows citizens to digitally identify themselves to government services online.

Through this platform, there will be a vast amount of personal data that must be stored. As more government services switch to digital, sensitive data such as, biometrics, medical records, tax file numbers, and Medicare information will need to be securely stored by the government. This bold and proactive migration of information in this ‘digital transformation', must be accompanied by assiduous measures to protect this information.

What makes the cloud secure

With the roll out of cloud technology, data is no longer stored on a physical device. Businesses including the government do not need to worry about sensitive information being misplaced by staff, accidently destroyed or physically stolen because the information doesn't live in a physical location nor does the data physically exist.

A further benefit is that cloud services, even at the basic level, requires users to securely login to access information. Additionally, sensitive data stored in the cloud can be encrypted, ensuring only people with access can read the files. These basic security protocols are features that almost all cloud providers offer.

However, some cloud service providers have taken security to another level by achieving the Australian Signals Directorate (ASD) Certification. Companies that meet the ASD “PROTECTED” certification can store classified government information. Today, the cloud providers that meet this requirement are local Australian companies that store all their data onshore and to ensure data sovereignty.

The risks of slacking on security

Security defects and threat actors will continue to be a global issue, and Australia is not spared. As more devices such as smartphones, tablets, and home automation devices connect through the Internet of Things (IoT) and share data with each other, the risk of hackers entering a network through a personal device and gaining access to data increases.

Actual hardware malfunctions are also a risk as seen in the recent flaw with Intel chips that have led to global security breaches through Meltdown and Spectre.

Another security risk cloud users face is foreign legislation. Recently, the U.S. has put forward a bill that would allow law enforcement agencies to request cross-border data from cloud providers that are based in the United States.

Meaning, that if an American company stores data about Australian organisations, they would have to share that data with the US law enforcement. If this legislation goes through as planned it could mean the end of privacy for some organisations in Australia.

A cloudy forecast

Even though technology is continuing to develop and will continue to become a vital aspect of how Australians do business it means that competition within the technology sector will only increase. With more options, organisations will need to use foresight to stay ahead of the technology curve that is rolled out to ensure systems will be beneficial for the long term.

As the Australian Government continues to increase the amount of data that will become digitised by embracing digital transformation, it will be crucial to invest not only in digital storage like cloud services, but the appropriate safety and security of all cloud technology.