Australians head toward the cloud

The changing attitudes toward cloud migration in Australia and what that means for CSOs

No matter what type of organisation you work for, it’s hard to escape the cloud computing discussion. Cloud computing offers unparalleled advantages in terms of scalability and cost benefits, and there is no denying that it has changed the very nature of IT and the way use technology in business.

While the conversation is not new – as an industry, we’ve been talking about cloud for years now – we have seen a dramatic shift in attitude over the past 12 months in how people view cloud adoption in their organisation. As a country, we’re really starting to move from a ‘cloud last’ strategy to a ‘cloud first’ strategy.

Previously, the biggest concern for organisations looking toward the cloud, and as an unfortunate result, the largest inhibitor, was security. This concern could encompass everything from data security to privacy to data sovereignty and data jurisdiction; knowing exactly where data is physically located and how it is secured so that it’s not subject to foreign laws.

When Amazon Web Services opened a local data centre in November 2012, Australia gained access to a well regarded global player in cloud technology. The message of high availability and secure cloud offerings was well received and organisations are finding it an easier decision to move from their own physical data centre to the cloud.

Since then it certainly seems like the flood gates have opened. Thousands of Australian organisations have moved to local and global cloud service providers and many more are following suit.

At the same time, there has been a change in the type of customers wanting to go to the cloud. No longer is cloud computing the domain of nimble small businesses, but major Australian organisations are moving their production applications into the cloud.

With this comes the associated change in expectations about the security of the cloud, whether that be public, private or hybrid cloud environments. While security and perceived constraints need no longer be an inhibitor for organisations moving to the cloud, it is still vitally important and very much the enabling technology that makes cloud services secure and controllable. Organisations are finding comfort in a shared security responsibility model.

So what does this mean for Australian CSOs?

The hacking activity that was once centred on fame (or infamy!) is now about commerce, and organisations are being directly targeted. When your organisation is thinking about giving up some level of control, you really need to trust that the cloud environment will be at least as secure as your physical data centre, if not more secure.

It is a matter of looking at who holds the responsibility for delivering and providing operational management of security aspects in your cloud environment. Cloud offerings can address and manage the security context in line with the rest of your environment.

The best idea is to think of your server security holistically. Whether that is a physical server, a virtual server or a cloud instance, you should have the confidence that the same controls are in place.

Investigate an end to end security service capability that includes the physical, virtual, and cloud environments from a security context. Operational effectiveness and efficiencies come from those holistic solutions.

When building cloud infrastructure, it is important to consider the overall architecture and infrastructure requirements, and include security as a core component of that infrastructure. In the end what you want is secure applications and data on top of a very secure infrastructure platform.

Trust is an enormous factor when moving to the cloud, so working with known players on all levels of your cloud environment offers confidence not only to you and the IT department, but to the wider business and management team whose commitment can sometimes be tentative when it comes to security.

Data encryption is becoming increasingly important as data is being pushed from the controlled internal infrastructure to infrastructure where location, security, and privacy are based largely on contracts. Use data encryption in the cloud context, with localised key management.

As shadow IT begins to gain prevalence, many organisations may face a security challenge similar to that of BYO devices. CSOs must work with their IT departments to understand why users are accessing technology outside the secure boundaries of IT and then provide a way for users to get the resources they need quickly and easily, decreasing the temptation to circumvent existing secure infrastructure and applications. An effective cloud management platform can provide users with access to the public cloud for appropriate workloads while maintaining visibility, management and control over public cloud services.

Cloud security is really about technology integration. Take advantage of autoscaling and make sure that you can make that move to the cloud confidently. Developing the right security infrastructure makes it possible for businesses to securely move to the cloud and reap the benefits that cloud computing brings.

Sanjay Mehta is the managing director of Trend Micro in Australia and New Zealand. See:

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud security

More about Amazon Web ServicesTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sanjay Mehta

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place