sb-au logo
Story image

Why security is critical during cloud migration

25 Feb 2019

Article by Ping Identity APAC regional director Geoff Andrews

The benefits promised by cloud – agility and economy – are key to competitiveness in the digital era but the transition process is often more complex and protracted than anticipated.

Managing cybersecurity in the interim can be complicated, without a robust IT identity platform.

Cloud head first?

Investment in the as-a-service computing model has soared in recent times, with 2018 spending on public cloud services expected to reach $4.6 billion in Australia, according to Gartner.

The same research report from Gartner cites that software-as-a-service comprises the bulk of the spend, at $2.597 billion, while platform-as-a-service and infrastructure-as-a-service accounts for a more modest $253 million and $536 million respectively.

At least one-third of Australian businesses now use commercial cloud computing services.

The majority of those are at the bigger end of town, according to the Australian Bureau of Statistics.

The hard-to-manage hybrid

Wholesale shifts from on-premises to in the cloud are the exception, rather than the rule.

It’s more common for organisations to dip a toe or a foot in the water before going all in.

Customised, business-critical applications are still running in-house in many Australian organisations, via either the data centre or private cloud, alongside SaaS offerings from new and existing suppliers.

Managing cybersecurity is not an easy undertaking when apps and data are stretched across a disparate array of infrastructure and networks.

In many instances, it’s not a short-term challenge either.

Determining the optimum cloud architecture for an enterprise’s unique business requirements in a rapidly changing commercial landscape and then putting it in place can take months and years.

Rising risks

While enterprises grapple with the challenges of digital transformation and the shift to the cloud, threats posed by hackers and cybercriminals continue to heighten.

Early in 2018, CERT Australia noted malicious cyber activity against Australian organisations was continuing to increase in frequency, scale, sophistication and severity.

The reach and diversity of adversaries are also expanding as hackers and cybercriminals continue to explore innovative ways to infiltrate government and private networks.

Meanwhile, beefed up data protection regimes, at home and abroad, have made privacy breaches a potentially pricey business and comprehensive security measures across the enterprise a more vital investment than ever.

February 2018 saw the introduction of new laws requiring Australian businesses with annual turnover in excess of $3 million to notify their customers and the Office of the Information Commissioner within 30 days of a suspected data breach.

Companies which don’t comply, or fail to remediate adequately, may be hit with fines of up to $1.8 million.

Further afield, the EU’s GDPR legislation, in force since May 2018, gives enterprises just three days to report and remediate breaches.

Serious non-compliers can be slapped with fines of up to 20 million euros or four per cent of global turnover, whichever is greater.

Switching safely

A robust hybrid IT identity platform designed to enable enterprise transitions can make the shift to the cloud smoother and safer.

It can be leveraged to connect users with applications, regardless of where identities are stored and applications reside.

With a robust system of protection in place which can straddle both off and on-premises infrastructure, Australian organisations are better positioned to pursue a move to the cloud with confidence, regardless of the route they take.

Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More
Story image
Kaspersky unveils two major update to its Transparency Initiative
The company has announced the opening of a new Transparency Center, as well as the ompletion of a widespread transferal of data storage and processing activities to Switzerland.More
Story image
Claroty and CrowdStrike form partnership to protect industrial control system environements
The integration will deliver visibility into industrial control system (ICS) networks and endpoints, with a one-stop-shop for information technology (IT) and OT asset information directly within The Claroty Platform.More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
CyberArk launches Forescout and Phosphorus integration to aid with IoT security
“Through our integration with Forescout and Phosphorus, CyberArk dramatically improves security and compliance, and alleviates the burden on IT and security teams."More
Story image
Trend Micro integrates with AWS Network Firewall
As a Launch Partner, Trend Micro has integrated managed threat intelligence feeds from its cloud security solution to enable superior protection in line with this new AWS managed firewall service.More