In the Clouds of ANZ’s Changing Innovation Horizon

By David Holmes, Security Evangelist, F5 Networks

Technological innovation has improved efficiency in work operations across ANZ and is the focus of business development in the region, particularly in Australia as part of its National Innovation and Science Agenda. An Innovation Strategy survey was recently instigated by the Government of NSW, asking for suggestions on data’s role in fueling innovation, research and growth. Nationally, the Productivity Commission is conducting a 12-month study into the use of open data. Data has been the foundation of Australia’s digital movement, being shared and distributed by the use of cloud computing.

Australia is particularly focusing on discovering new ways to leverage cloud, and New Zealand is evolving a new efficiency model for government security services. Let’s take a look at two main aspects – Australia’s multi-cloud approach and New Zealand’s new Telecom-as-a-service.

Australia is evolving multi-cloud

For the last five years, Australia has increasingly been embracing the benefits of the cloud. According to the Cloud Readiness Index 2016, Australia is the fourth most nation in adopting cloud computing.Financial services industries are usually the last to utilise Cloud in most regions, but Australia has demonstrated unprecedented flexibility with its cloud-first policies. There has been an aggressive pursuit of multi-cloud strategy as well. Multi-cloud employs multiple public clouds; AWS, Google, and Azure are among the three largest. It has advantages over a simple cloud-first policy, but security isn’t one of them.

There are two main benefits of adopting multi-cloud architecture. Adaptive utility cost is the first. Different cloud providers charge different rates, and these can vary day to day, or even hour to hour. An agile architecture may take advantage of these price differences by shifting compute and storage loads to the current cheapest compute and storage providers.

Second, multi-cloud prevents a single point of failure; just because cloud is provided by a trusted vendor does not automatically prevent it from operational error. For example, Microsoft’s Azure public cloud suffered a global failure when one of its SSL certificates expired unnoticed. Customers using only Azure during the outage would have been left high and dry. But those with a multi-cloud strategy, in theory, would see their business processes increase production in the other two public clouds to compensate.

If an application was to use multiple components, each of which could be used in a different public cloud at any time there is a failsafe. The components may shift from public cloud to public cloud to take advantage of utility pricing or to avoid outage.

The difficulty here lies in securing the application components when they’re shifting from cloud to cloud. Any traffic traversing from one public cloud to another is by definition crossing the Internet and should therefore not be trusted. Each component must treat each of the others as untrusted.

The nascent cloud access security broker (CASB) industry is trying to take on this problem by wrapping each component in its own tunnel and providing layer 2 tunnels to each. This is an interesting approach, but the fact that the CASB provider has to build a virtual cloud among the public cloud reintroduces the single point of failure: the CASB provider itself.

Multi-cloud security is a difficult problem to solve- one that the Australians are fully engaged in ahead of the global curve.

New Zealand’s new Telecom-as-a-Service (TaaS)

Managed service providers and resellers in New Zealand are banding together to form a TaaS consortium. TaaS is a new concept in selling both kit and maintenance specifically to sovereign government agencies. With TaaS, the buyer chooses the components (and vendors) of a technical solution, but rents them instead of owning them. The managed service provider also runs the management and operations of the solution.

The driver for TaaS is a change in the way the New Zealand government is allocating funds: capital expenditure is almost impossible to get approved, where operating expenses get approved quite easily. Therefore, government agencies are moving toward the TaaS model, where they don’t own the kit or manage the services but still get to choose the solutions. The consortium is preparing to launch the TaaS model in Australia as well.

Mutual developments

The island nations of Australia and New Zealand could be evolutionary crucibles for new technologies. If TaaS succeeds in New Zealand and migrates to Australia, it might prove to be capable enough for worldwide adoption. Ironing out the wrinkles in the multi-cloud fabric may take longer than the development of TaaS. If Australia figures out how to smooth multi-cloud, it's easy to see the entire developed world moving toward it for the betterment of services everywhere. The state of technology is constantly evolving, and within it holds the promise of greater things; the future built upon established processes. ANZ’s direction is specialised and the possibility of depth within its field could elevate its innovation upon a global stage.

Join the CSO newsletter!

Error: Please check your email address.

Tags F5 NetworksinfosecANZcloud securityIT SecurityIT managementcloud computingcyber security

More about AWSCustomersGoogleMicrosoftProductivity Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Holmes

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place