Australian companies are enthusiastic about cloud-computing solutions, but the industry still needs to address security concerns that are preventing many businesses from taking the plunge.

Rapid cloud adoption promises a windfall for value-added resellers (VARs) that are bundling cloud services into coherent business solutions. After all, a full 30 per cent of Australian organisations have already deployed communications tools within private-cloud environments, according to the recent Dimension Data Digital Workplace Report. A further 16 per cent rely on third-party service providers to run those tools in their own environments, while 15 per cent run collaboration applications like Microsoft SharePoint in third-party cloud environments.

This digital transformation promises significant benefits for companies redesigning core processes and leveraging cloud services to build stronger relationships with their customers. Streamlined processes offer a significantly improved customer experience at lower incremental cost, with better overall efficiency and new opportunities to deliver innovative services in the future.

Yet transformation also presents challenges as moving corporate information to the cloud can compromise crucial security controls. Cloud services decentralise functions such as user authentication, data distribution, and enforcement of security policies. Cloud providers, telecommunications companies and VARs must work together to address businesses’ lingering security concerns around moving to the cloud.
 

The rules are changing for Australian businesses

Security issues pose significant worries for companies facing new regulations, including Australia’s Notifiable Data Breach scheme; tighter requirements on the handling of financial data from the transition to PCI DSS 3.2; and the need for many Australian companies to comply with the new European Union General Data Protection Regulation (GDPR).

If cloud security is not addressed early on, companies could leave themselves exposed to compliance requirements. Yet many companies don’t have the right skills to do this properly – leading many to inaction. Although 86 per cent of Australian organisations in one recent McAfee survey said they trust cloud computing more than they did a year ago, 48 per cent of cyber security professionals said they had slowed down cloud adoption because they can’t find enough skilled security staff to make the transition safely.

The lack of cyber security skills has long been recognised, with 78 per cent of respondents to a recent Australian Information Security Association (AISA) study noting a shortage of security skills. 64 per cent said management lacked an understanding of the skills required, while 57 per cent blamed a lack of appropriately skilled people for available positions and 51 per cent said employers were reluctant to recruit and train candidates.

It’s time for a new way of managing the cloud

If employers can’t develop cloud-security skills in-house, they must get them elsewhere. Many are turning to cloud service providers (CSPs), which are complementing core cloud infrastructure with supporting tools from partners that specialise in ensuring that customer data is protected in the cloud and out of it.

Tools for managing user access controls, for example, are critical to managing access to enterprise data but become much harder to control when users have different credentials and accounts on each new cloud service. Cloud access security broker (CASB) services – which Gartner has predicted will be used by 85 per cent of enterprises by 2020, up from 5 per cent now – are emerging to fill the gap and provide seamless transitioning of data and users between on-premises and in-cloud services.

Telecommunications providers and other VARs have significant opportunities to align themselves with CSPs by offering secure connectivity and services including CASB, data encryption, malware protection, intrusion detection, threat-intelligence analysis, user activity monitoring, and more. These are increasingly delivered on an as-a-service basis, which makes them easy to integrate into CSP offerings and presents significant opportunities for new partnerships.

Telstra Wholesale is also delivering enterprise-grade cloud security with direct private connections to cloud providers like Amazon Web Services and Microsoft Azure.

Working together, CSPs and their partners can deliver enterprise-grade cloud services within well-defined and well-controlled environments that minimise risk. CSPs will take care of the back-end infrastructure, services and connectivity while their reseller partners focus on helping customers embrace the cloud to meet their business needs now and into the future.