sb-au logo
Story image

Thales: A/NZ cybersecurity approach more talk than action

22 Sep 2020

Australia and Aotearoa New Zealand are approaching a digital inflection point where more corporate and sensitive data will be stored in the cloud than out of it, according to the 2020 Thales Asia-Pacific Data Threat Report. 

Currently around half (52%) of sensitive data stored in the cloud is encrypted, yet research indicates the pace of technology adoption over the next 12 months, including 21% growth in IoT and 61% increase in mobile payments, will see the volume of data grow quickly. 

Combined with an unexpected influx of work from home migrants, data security practices are going to be pushed to new extremes. 

Vulnerability

With the majority of organisations applying digital transformation to their businesses, complexity at the infrastructure level is on the rise.

Challenges in data security are emanating from a lack of organisational resources to keep transformation initiatives secure. 

The research found, just half (53%) of organisations in A/NZ believe their new technologies and initiatives are being deployed with the appropriate data security in place.

Complexity

Hybrid and multi-cloud infrastructures have become the norm, with Gartner estimating 90% of organisations will be using a combination of cloud models for their IT needs by 2021.

Thales agrees, finding 79% of organisations in A/NZ are using more than one IaaS vendor and 78% have more than one PaaS vendor to manage. 

The result being increased complexity, stretching IT management attention in many directions, and often resulting in multiple non-integrated encryption key management systems.

Sensitivity

Organisations in A/NZ estimate 43% of their data in the cloud is sensitive. 

Despite this significant sensitive data exposure, encryption of it is tokenistic with the practice low. 

With sensitive data defined as regulated data, Thales is surprised to see only half (52%) of respondents encrypting it all in the cloud.

Focus 

“Digital transformation, and the fact we must innovate and transform or die, is exposing us to security vulnerabilities we are not prepared for. The old school approach of statically building and enforcing cybersecurity is at odds with the reality that change is accelerating and being driven by software,” says Thales A/NZ regional director of data security solutions Brian Grant.

 “Organisations must get the basics right while accommodating the breadth and speed of change. Only by embedding data protection into business processes through codification, rather than applying it as an afterthought to infrastructure, can we be successful. 

“While some organisations are talking a good story, with privacy, data protection and compliance often discussed at the board level, predicted spending shows that most have the wrong focus. Our research found that next year data protection will fall below the rate of attention, to an average of only 14% of IT security budgets. This laissez-faire attitude to data protection is leaving organisations across the region vulnerable to attack, with the potential to stifle innovation and business agility for years to come as a consequence of the loss in customer confidence, and impact on the bottom line from digital initiative failures or data breach remediation costs.”