Story image

Why security is critical during cloud migration

25 Feb 2019

Article by Ping Identity APAC regional director Geoff Andrews

The benefits promised by cloud – agility and economy – are key to competitiveness in the digital era but the transition process is often more complex and protracted than anticipated.

Managing cybersecurity in the interim can be complicated, without a robust IT identity platform.

Cloud head first?

Investment in the as-a-service computing model has soared in recent times, with 2018 spending on public cloud services expected to reach $4.6 billion in Australia, according to Gartner.

The same research report from Gartner cites that software-as-a-service comprises the bulk of the spend, at $2.597 billion, while platform-as-a-service and infrastructure-as-a-service accounts for a more modest $253 million and $536 million respectively.

At least one-third of Australian businesses now use commercial cloud computing services.

The majority of those are at the bigger end of town, according to the Australian Bureau of Statistics.

The hard-to-manage hybrid

Wholesale shifts from on-premises to in the cloud are the exception, rather than the rule.

It’s more common for organisations to dip a toe or a foot in the water before going all in.

Customised, business-critical applications are still running in-house in many Australian organisations, via either the data centre or private cloud, alongside SaaS offerings from new and existing suppliers.

Managing cybersecurity is not an easy undertaking when apps and data are stretched across a disparate array of infrastructure and networks.

In many instances, it’s not a short-term challenge either.

Determining the optimum cloud architecture for an enterprise’s unique business requirements in a rapidly changing commercial landscape and then putting it in place can take months and years.

Rising risks

While enterprises grapple with the challenges of digital transformation and the shift to the cloud, threats posed by hackers and cybercriminals continue to heighten.

Early in 2018, CERT Australia noted malicious cyber activity against Australian organisations was continuing to increase in frequency, scale, sophistication and severity.

The reach and diversity of adversaries are also expanding as hackers and cybercriminals continue to explore innovative ways to infiltrate government and private networks.

Meanwhile, beefed up data protection regimes, at home and abroad, have made privacy breaches a potentially pricey business and comprehensive security measures across the enterprise a more vital investment than ever.

February 2018 saw the introduction of new laws requiring Australian businesses with annual turnover in excess of $3 million to notify their customers and the Office of the Information Commissioner within 30 days of a suspected data breach.

Companies which don’t comply, or fail to remediate adequately, may be hit with fines of up to $1.8 million.

Further afield, the EU’s GDPR legislation, in force since May 2018, gives enterprises just three days to report and remediate breaches.

Serious non-compliers can be slapped with fines of up to 20 million euros or four per cent of global turnover, whichever is greater.

Switching safely

A robust hybrid IT identity platform designed to enable enterprise transitions can make the shift to the cloud smoother and safer.

It can be leveraged to connect users with applications, regardless of where identities are stored and applications reside.

With a robust system of protection in place which can straddle both off and on-premises infrastructure, Australian organisations are better positioned to pursue a move to the cloud with confidence, regardless of the route they take.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."