SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers

Video: 10 Minute IT Jams - An update from Rimini Street

Mon, 20th Jun 2022
FYI, this story is more than a year old

Cybersecurity concerns are growing. And, according to Daniel Bernard, Group Vice President and Regional General Manager for Oceania at Rimini Street, Australia's companies and government agencies are feeling the pressure more than ever.

Speaking on the current state of security across industries, Bernard pulled no punches. "Some of the biggest security concerns that they're facing right now – firstly, is patching of software," he said. "They're patching many, many different systems constantly. It's taking a huge amount of their resources."

This relentless effort to keep companies safe from vulnerabilities comes at a time when the risks themselves are becoming more complex and widespread. Bernard referenced the notorious Log4j vulnerability as an example of the difficulties companies face. "Some of the patching for those security problems... didn't come out from vendors like Oracle, SAP, [and] Microsoft for many weeks if not months after," he explained. "That's a real challenge for them. They're not timely."

This lag leaves organisations exposed. "Some of the vulnerabilities in these systems that have been around for 20, 30 years – you know, they're only getting patches for vulnerabilities that have been out for very long periods of time," Bernard said. For industries entrusted with sensitive information such as banks, this delay is a pressing concern. "A lot of customers... are trying to protect customer data, internal systems, financials – you name it, they're trying to protect it," he added.

On top of this, mounting pressure from all levels of government to adhere to stronger security protocols is only increasing the strain. "The Australian government... is asking companies, government agencies, local governments, state governments to be more secure over time, and that's what's keeping them up at night," said Bernard.

But software patching is not the only challenge. A rapidly tightening labour market is making it harder for organisations to secure the skills they need. Bernard pointed to the country's low unemployment rate as a catalyst for a so-called "talent war." "IT resources are absolutely tapped out," he explained. "When CIOs are having to deploy patches, deploy security patches – that swallows up a whole lot of time within these businesses, and that's a huge challenge as well." He believes the demand for talent, combined with the constant scramble to patch vulnerabilities, creates knock-on problems across the sector.

These challenges have triggered a search for alternatives. According to Bernard, Rimini Street offers a different approach. "Rimini Street already offers for their Oracle customer base... advanced database security, which secures the database, and advanced application and middleware security," he said, referring to these solutions as "double AMS." He claimed the technology can "zero-day secure all of that software from zero-day vulnerabilities."

Now, the company is aiming to bring a new security offering to its SAP customers in Australia and New Zealand. "Some of Australia's largest businesses" are already involved in trials, Bernard noted, adding that the solution will "cover all of our SAP applications. New to the market... we hope to bring general availability to that product this quarter."

Rimini Street's model promises to reduce, though not eliminate, the need for traditional patching. Bernard was quick to emphasise that patching in itself is still necessary. "Patching is absolutely still required on these systems, but... if you're receiving the vendor patches from SAP and Oracle, a lot of the time... they take a long time to come out," he said. Traditional patching, he continued, requires large companies to roll out fixes suitable for all customers, meaning there is rarely a rapid or tailored response to a specific vulnerability.

But Bernard is confident that Rimini Street's approach can change the equation. "We have an alternative view. We're disrupting the security market by saying... here's an alternative. We provide shields for SAP customers that will give them zero-day vulnerability coverage," he said. According to Bernard, these shields will not only address current vulnerabilities, but also protect against weaknesses that have existed in systems for decades.

When asked when the new security solution would be widely available to customers, Bernard was optimistic: "Fingers crossed in the next couple of weeks," he said. "As I said, we have a couple of customers that absolutely needed it quickly; we've deployed it, but we're looking to roll it out to all of our customer base over the coming weeks and months. It will be available very, very soon."

For Bernard, the objective is clear – to deliver security that is both timely and robust, freeing up scarce IT resources for more strategic work. Organisations across Australia, grappling with increasingly sophisticated threats and a stretched workforce, are eager for any edge they can find.

Looking ahead, Bernard is upbeat about the contribution his company can make to the national security landscape. "Thank you so much, Richard – good to see you again," he concluded.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X