Organisations need to stop viewing cyber security as a road block to innovation and transformation, an industry expert says.
Alex Woerndle, a principal advisor at technology research and advisory company Ecosystm, says agencies need to shake off this outdated attitude.
“Security is absolutely being seen as a road blocker to innovation, and it’s a road block to transformation and it’s a road block to improving a business,” he said at a luncheon hosted by information security firm Zscaler this week.
“In a lot of places, you still see security as an independent function,” he told Government News.
“And that’s a tried and true model in some respects, but it also creates that position that it’s the road blocker within the organisation.”
According to Ecosystm’s global Cybersecurity study, 68 per cent of those surveyed cited digital transformation as the primary driver of continuing focus on security.
The federal government also believes that strengthening cyber security in the country is important.
It released its 2020 strategy at the beginning of September. Titled Australia’s 2020 Cyber Security Strategy, it said that more focus needs to be placed on cyber security to respond to the rise of cyber security incidents.
“The threat environment has changed significantly and we need to adapt our approach to improve the security of business and the community,” the report says.
An integrated approach to cyber security
Mr Woerndle says a more “distributed” model of dealing with cyber security may be the way forward for the country.
This model would have people embedded into an organisation, working with different departments within the business to ensure cyber networks are secure.
“You might have security people reporting to or sitting inside the digital team, inside the infrastructure team, inside the marketing team, and they have a dotted line back to a security function,” he said.
This is different to the traditional approach to cyber security, where it is often treated as an afterthought, only looked at after the procurement and other processes have been completed.
“It has to be embedded within the functions so that you can get earlier engagement,” Mr Woerndle said.
“And maybe once we get more of that happening out there, and that model becomes a bit more proven and accepted, then that perception of security being a road blocker will go away naturally.”
However, he acknowledges the model is not without its own challenges.
“Particularly in a geographically diverse organisation, if you’ve got that sort of distributed model, getting them all seeing from the same (page) is going to be a challenge,” he said.
“They’re working with different departments and they can potentially get influenced by that department, and therefore that consistent approach to ‘what is our risk tolerance?’ may deviate from the standard.”
Moving towards a cloud-based system
A cloud data service can support a distributed model of cyber security, Mr Woerndle says.
“You’re talking less around technical controls and the management of servers and infrastructure and all of that sort of stuff,” he said.
“You’re going more to, one, the maturity of the organisation you’re engaging, and secondly to the security controls that are available in the application that will prevent data leakage and any other sort of raft of security incidences.”
Ecosystm’s research also found that more than 50 per cent of those surveyed cited security as the biggest challenge to cloud adoption.
“That’s part of the reason, I think, why cloud transformation or digital transformation are stalled or take a lot longer to occur,” he said.
“The businesses generally either don’t understand it, or just see it as a problem that is insurmountable at the moment.”
Victorian government moves to cloud
This week, Cenitex, the shared services provider for the Victorian government’s information and communications technology department, adopted the Zscaler cloud platform to secure IT services for the state’s public servants.
Nav Pillai, Director of Digital Transformation at Cenitex, said Zscaler has been a
“As user internet traffic no longer has to be routed through the Cenitex data centre, application performance has improved,” he said in a statement.
“We are seeing significant improvements for our Office 365 users and other internet-based applications.”
One of the categories of cloud computing is Software as a Service (SaaS), where a third-party provider hosts applications over the internet for their customers on a subscription basis.
This week, government cloud specialists Macquarie Government launched a new security operations centre using SaaS to address the evolving threat landscape.
The new service will see the new centre providing full cyber security coverage, including around the clock event monitoring and alert response.
It will operate through a security information and event management system, with Macquarie monitoring workloads and events and ensuring compliance.
Managing Director of Macquarie Government Aidan Tudehope said the centre will rely on professionals who will solely be responsible for managing cyber security.
“Government agencies often struggle to attract strong security talent and they need these scarce resources focused on much more than monitoring,” he said in a statement.
Australia doing well but still room for improvement
Mr Woerndle believes that Australia is doing well compared to other countries, but says there is always room for improvement.
“I think we’ve come ahead leaps and bounds over the last two or three years,” he told Government News.
“You’re always playing catch up, someone will always jump ahead; there’s others that we consider further ahead.”
Richard Stiennon, Author and Chief Research Analyst for IT-Harvest, is based in the UK and also agreed that Australia is doing well.
“From our perspective, watching what’s going on in Australia, there seems to be more coherence … and more centralised response,” he said.
“In the US, they’re still debating who’s responsible for defending the US and cyberspace… (and) the UK, which has similarities to the US.”
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter