SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Why security is critical during cloud migration
Mon, 25th Feb 2019
FYI, this story is more than a year old

The benefits promised by cloud – agility and economy – are key to competitiveness in the digital era but the transition process is often more complex and protracted than anticipated.

Managing cybersecurity in the interim can be complicated, without a robust IT identity platform.

Cloud head first?

Investment in the as-a-service computing model has soared in recent times, with 2018 spending on public cloud services expected to reach $4.6 billion in Australia, according to Gartner.

The same research report from Gartner cites that software-as-a-service comprises the bulk of the spend, at $2.597 billion, while platform-as-a-service and infrastructure-as-a-service accounts for a more modest $253 million and $536 million respectively.

At least one-third of Australian businesses now use commercial cloud computing services.

The majority of those are at the bigger end of town, according to the Australian Bureau of Statistics.

The hard-to-manage hybrid

Wholesale shifts from on-premises to in the cloud are the exception, rather than the rule.

It's more common for organisations to dip a toe or a foot in the water before going all in.

Customised, business-critical applications are still running in-house in many Australian organisations, via either the data center or private cloud, alongside SaaS offerings from new and existing suppliers.

Managing cybersecurity is not an easy undertaking when apps and data are stretched across a disparate array of infrastructure and networks.

In many instances, it's not a short-term challenge either.

Determining the optimum cloud architecture for an enterprise's unique business requirements in a rapidly changing commercial landscape and then putting it in place can take months and years.

Rising risks

While enterprises grapple with the challenges of digital transformation and the shift to the cloud, threats posed by hackers and cybercriminals continue to heighten.

Early in 2018, CERT Australia noted malicious cyber activity against Australian organisations was continuing to increase in frequency, scale, sophistication and severity.

The reach and diversity of adversaries are also expanding as hackers and cybercriminals continue to explore innovative ways to infiltrate government and private networks.

Meanwhile, beefed up data protection regimes, at home and abroad, have made privacy breaches a potentially pricey business and comprehensive security measures across the enterprise a more vital investment than ever.

February 2018 saw the introduction of new laws requiring Australian businesses with annual turnover in excess of $3 million to notify their customers and the Office of the Information Commissioner within 30 days of a suspected data breach.

Companies which don't comply, or fail to remediate adequately, may be hit with fines of up to $1.8 million.

Further afield, the EU's GDPR legislation, in force since May 2018, gives enterprises just three days to report and remediate breaches.

Serious non-compliers can be slapped with fines of up to 20 million euros or four per cent of global turnover, whichever is greater.

Switching safely

A robust hybrid IT identity platform designed to enable enterprise transitions can make the shift to the cloud smoother and safer.

It can be leveraged to connect users with applications, regardless of where identities are stored and applications reside.

With a robust system of protection in place which can straddle both off and on-premises infrastructure, Australian organisations are better positioned to pursue a move to the cloud with confidence, regardless of the route they take.