Are you racing towards a cloud-first computing model but unsure of whether your organisation should also be embracing cloud security or stick with the “safer” and more familiar on-premises option?
You and much of the rest of business Australia. Collective migration to the cloud is the country’s technology trend du jour and looks set to remain so for the foreseeable future.
Research leader Gartner predicted that spending on public cloud services would reach $4.6 billion in 2018; an 18.5 per cent increase over the previous year’s figure. It doesn’t stop there – by 2020, the spend is likely to hit $6.6 billion, while 2021 will see organisations dropping $7.7 billion on as-a-service everything.
But while it’s now easy enough to create a case for switching to cloud solutions on an ad hoc or whole-of-enterprise basis, making changes to longstanding cybersecurity systems and practices can feel like a more dangerous undertaking.
Their concern is understandable. In 2019, cyber-crime is no mere academic concern. It’s a real and rising risk and the stakes have never been higher. The majority of Australian businesses haven’t just read it; they know it firsthand. Almost 50 per cent of them experienced a cyber-attack between 2017 and 2018, according to PwC’s 2018 Global Economic Crime and Fraud Survey: Australian Report. It’s more than a mere inconvenience when systems are knocked out of action or data is compromised; such an incident can cost companies dearly, in both financial and reputational terms. So much so that senior executives have flagged cyber-crime as the most disruptive economic crime of the day and the biggest threat to growth prospects, according to the survey.
The security skyscraper
So how do Australian enterprises protect themselves from such threats? In a rather piecemeal fashion, unfortunately. In many Australian enterprises, the cyber-security stack represents a skyscraper constructed in stages, with a different architect and builder for every floor. It’s a reflection of the reactionary nature of this subset of the software industry. As new threats emerge, vendors race to develop products to defend against them and customers, in turn, bolt these products onto their existing structures.
The result? After several decades of enterprise computing activity, many Australian organisations of size are in possession of a portfolio of disparate, often standalone, security products, from legacy firewalls and antivirus applications through to advanced intrusion detection tools. These arrays can be costly and complex to own and run—and far from foolproof.
They’re also not fit for purpose in today’s increasingly distributed corporate computing environments which see mobile and Internet of Things devices broadening the attack surface exponentially.
The case for change
Decommissioning the old framework and making the switch to a cloud-based security infrastructure can be a means of achieving heightened protection for a lower cost. Always up to date and available, a cloud security infrastructure can provide robust protection for users regardless of when or how they log onto the corporate network.
That’s a compelling proposition for decision-makers in the C-suite but, curiously, many of their counterparts in the ICT shop have curbed their enthusiasm to date.
There are a couple of reasons why this may be the case.
Firstly, even those who make a living working with technology—the ultimate virtual product—can derive a certain level of comfort from the “touch and feel” nature of physical, on-premises solutions.
“Suck it and see” is the best way to overcome this conditioned preference. Running a cloud security service concurrently with existing security applications makes it possible to compare the two. Odds are, doing so will result in the inescapable conclusion that the former does the job faster, cheaper, and more simply.
Concern that they’ll do themselves out of a job can also see some ICT professionals loathe to dispatch the security detail to the cloud. That fear too is likely to be unfounded. Cloud security still needs to be managed, albeit remotely, security policies still need writing and revising, and employees still need ongoing training to ensure they’re not the weakest link in the high-tech protection chain.
Towards a smarter, safer future
The jury is no longer out…corporate Australia continues to embrace cloud computing with alacrity and organisations that don’t join the stampede will increasingly find themselves at a disadvantage to competitors that are enjoying the flexibility and economy the as-a-service model promises—and delivers. The case for cloud security is every bit as compelling, and 2019 is likely to see a growing cohort of local enterprises decide it’s high time to take a leap of faith.