Security report: Transforming your customers’ businesses - safely
We talk to cyber security experts from Telstra, Ericsson, DXC, and KJR to find out how the adoption of cloud, IoT and other digital technologies are forcing organisations to look in a new way at how they secure their networks.
Businesses in Australia and around the world are adopting new digital technologies to achieve operational efficiency and enable new business models. IDC estimates that at least 61 per cent of Australia’s GDP will be digitised by 2021, and 81 per cent of Australian small and medium businesses will rely on cloud infrastructure, applications and platforms within the next two years.
However, many of those businesses that haven’t begun their digital transformation might cite security concerns as a key barrier. “Security and privacy are indeed cornerstones for networks to become a platform for the networked society” according to Andres Torres from Telstra Wholesale partner Ericsson. Current 4G cellular systems for example, already provide a high level of security and trustworthiness for users and operators. Through evolved security solutions, successive generations of 3GPP mobile networks have stayed trustworthy and remain a highly secure and convenient way to access services and information.
Are businesses more vulnerable as digital technologies such as cloud and the Internet of Things (IoT) continue to scale? And how can they safely take advantage of transformative technology?
New technologies, new vulnerabilities?
With an estimated 18.1 billion connected IoT devices by 2022, the number of ways to attack networks increase. “We expect distributed denial of service (DDoS) attacks to increase owing to IoT devices,” said Vinod Muniyappa, head of Infosys’ security practice. “Threats are now spread across an attack surface with thousands of potential entry points, including those created by smartphones and the IoT.”
Berin Lautenbach, Telstra’s Asia Pacific Chief Information Security Officer, says “the concern is heightened by the fact that the fallout from breaches will be very different to the types of incidents we are used to. Up to now it has been about protecting data, but in an IoT world, the risk is to public safety with things like autonomous cars, alarms or locks.”
When it comes to the use of digital services in the cloud, the security story is possibly more nuanced than many might think, according to our experts.
“Are businesses safer in the cloud? It depends on what service the organisation chooses and how they use it,” Berin said. “IT departments have to protect corporate data that resides outside the company premises and secure a wider range of endpoints. The good cloud infrastructure and application providers have the security capabilities to help businesses achieve this, but it comes down to if and how the organisation uses them.”
For Adam Bird of KJR, the issue is not with the cloud technology itself, but in how people think about risk in the cloud. “There is sometimes a tendency for companies to think they have outsourced security to their SaaS or IaaS provider rather than take responsibility for it themselves.”
“Organisations tend to be focused on protecting a network’s perimeter, but they don’t see the attacks moving around when they are inside,” TM Ching, DXC Technology
How can organisations integrate these technologies securely?
The key, according to TM Ching, Security Chief Technologist, ANZ for DXC is to think about security in a new way. “Organisations tend to be focused on protecting a network’s perimeter, but they don’t see the attacks moving around when they are inside,” TM said. “We want to get customers monitoring in a different way: look at endpoint protection, consider user behaviour analytics solutions to spot suspicious activity across your environment.”
Emerging technologies are as much a part of the answer as the problem. Vinod recommends building a strategy that actually accelerates new IT trends, including BYOD, cloud, mobile, social and IoT in order to build up security capabilities. As part of that strategy, organisations should be reducing network complexity and consolidating fragmented solutions to make monitoring easier.
The growth of machine learning will also help maintain data security.
“Security monitoring and management processes can be automated and deployed in real time with artificial intelligence and machine learning,” Vinod said. “A well-tuned machine-learning model can identify unusual traffic, invoke self-healing procedures to block traffic, shutdown connections on the network, and update firewall policies.”
Partnering with security experts is invaluable. “Gaining access to the right skills is critical” Vinod said. “There are so many SaaS and IaaS platforms out there now, it helps to have a trusted advisor who can guide you to the best for your business and help you manage them correctly”, Berin added.
Overall, Berin says “the good news is that organisations’ mindsets are changing, and the cyber security industry is approaching protection and mitigation in a new way that enables them to use these great innovations securely.”