As Australian enterprises embraced cloud to deliver products and services to customers, cybersecurity has at times been an after-thought. And while cloud enables them to operate with minimal disruption, they now need new ways to stay secure and compliant to speed their continued digital transformation, says Telstra Purple Security Capability Lead, Stuart Low.
“Over the past five years, there was this massive ‘Cloud First’ migration, and security architectures now can support how businesses want to transact, grow and serve their customers,” says Low.
But as digital transformation in the cloud unleashes new opportunities, cybersecurity is becoming equally complex. Low says key factors shaping cybersecurity approaches include:
- Collision of information technology (IT) and operational technology (OT) — Once two distinct business functions, IT is embracing physical assets (OT) as they are digitised. This is especially so with ‘Digital Twins’, simulated representations of physical objects or processes that optimise business performance by showing its state at a glance, how it interacts with its environment and even predicting the future.
- Proliferating ‘Internet of Things’ (IoT) — As sensors connect to the network and more workloads multiply in the cloud, managing complexity from snowballing data is a critical business asset to wrangle and protect.
- Ongoing digital transformation — Although cloud has unshackled enterprises to innovate at speed, it creates challenges such as orchestrating interactions between clouds while retaining tight control and visibility.
- Visibility and Monitoring – being able to monitor, analyse and respond to increasing telemetry volumes from many distributed data sources is essential
- Increasing sophistication and capacity of attackers — While criminal gangs tend to land blows on unaware organisations and their users, the rise of state-based malicious actors highlighted by Australia’s security agencies presents a challenge to all enterprises.
Emerging ways to protect your critical digital assets
The duty to secure and protect digital infrastructure has become the responsibility of every enterprise and every Australian, says Low.
“As AustCyber highlighted in Australia’s Digital Trust Report 2020, a month-long digital outage would carve $30 billion (1.5% GDP) from the national economy. The government-funded cybersecurity think tank says digital activity contributes $426 billion a year to the national economy. So, plainly, there is a lot at stake,” he says.
But just as it seems that attempts to secure enterprise IT systems will be swamped by rising threats and complexity, there are now tools and methodologies to cut risk and speed digital transformation.
Low singles out the ‘Zero Trust’ model as a leading element for digital transformation. Also called ‘perimeterless security’, this way to safeguard critical assets assumes all users, apps or devices that access a network are suspect — even if they are on the corporate network or previously verified.
“Businesses no longer ‘trombone’ everything through central policy control points or VPNs — especially for remote employees working from home. Zero Trust liberates a business’s operations so work and access can happen anywhere, at any time and on any device without the legacy compromises and complexity many we were accustomed to.”
Low says other cybersecurity innovations that empower rapid digital business model transformation are:
- Identity and access management and control — As users, apps and devices skip across services and clouds, interrogating and verifying them extracts maximum benefit from digital transformation. If you know who or what something is, you can extend the range of operations available to them securely.
- Automation to liberate scarce resources for higher-value tasks — The explosion of data and devices—even while skills are scarce—breaks how enterprises traditionally defended against threats. As threats track upwards, and existing resources stretch beyond acceptable risk levels, organisations are automating responses to mundane security events so they can focus on strategic threats.
- Spread of DevSecOps — Embedding security visibility and actions into the continuous integration and delivery (CI/CD) workflow boosts software code resilience. By fixing security flaws at the point where they are made and sensitising development, operations, and security staff to how each of them collaboratively improve code security, vulnerabilities are less likely to make it into production where they can do harm.
How Telstra Purple prevents attacks before they happen
Australian enterprises must have ‘resilience-security architectures’ where every link in the supply chain is protected, says Low.
“That means everyone and everything must pull together across architecture, coding and deployment to harden systems against attacks.
“For many of our customers, Telstra Purple is the trusted adviser that straddles domains, and partners with industry, vendors and critical stakeholders to ensure no chink in their armour is exposed.”
Low highlights how Telstra Purple is speeding its customers’ digital transformations, including:
- Migrated access to 300 applications to a Zero Trust architecture in just four weeks. An unintended benefit was lower telecommunications costs because the routing architecture was no longer centralised.
- Automated threat response for a government agency, freeing three full-time cybersecurity staff to work on more satisfying and challenging, higher-value projects. Dangerous phishing emails no longer slip through to unsuspecting users, and retention of cybersecurity talent with in-demand skills is improved.
Low says that Telstra Purple’s 200 cybersecurity-trained staff are “uniquely placed to secure an enterprise’s precious digital assets”.
“We are speeding our customers’ transformation, empowering them to grow revenue and lift customer experience. We have arguably the biggest cybersecurity team of its type in Australia.”
And he points to Telstra Purple’s namesake heritage, the nation’s oldest, and biggest carriage service provider.
“Telstra Purple has unparalleled insights into the threats facing Australian enterprises and the relationships directing strategic responses. As Australia’s biggest sovereign IT and managed services provider, we see into one of the world’s most complex communications networks and elevate our customers’ concerns into the halls of global decision-makers,” Low says.
This unique perspective provides a “holistic view of customer infrastructure” and eases collaboration with other Telstra Purple practices such as in workplace, cloud, 5G mobility and networks, and software development, he says.
“Telstra Purple embeds security in every solution rather than as an afterthought. And Telstra Purple has the depth and breadth of skills to scale for any size of customer to meet its complex digital business transformation challenges to protect every link in the chain.”
Contact Telstra Purple and see how they can help secure your business for a digital future.