All organisations, especially those in heavily regulated industries, are facing increasing pressure to comply with different frameworks, such as the Notifiable Data Breaches Scheme (NDB) and General Data Protection Regulation (GDRP). These compliance measures are designed to address an increasing set of privacy and cybersecurity threats.
Commercial cloud computing platforms are making this easier, by provide their clients with a complete set of computing, security, governance and compliance services that are supported by externally certified processes and procedures. These services are making it easier for organisations to transition to the cloud. For example, Amazon Web Services (AWS) has invested in obtaining several widely-used accreditations, such as ISO 27001.
Investments made by these types of vendors also make it simpler for these highly regulated organisations to create a ‘playground’ from which they can experiment and discover new solutions to bring to market.
Below are a few lessons from large cloud migration programs to incorporate a successful cybersecurity standpoint;
Establish an experienced digital transformation team
Given the complexity of digital transformations, establishing an internal digital transformation team, run by highly qualified experts with hands-on delivery experience, is critical.
An internal digital transformation team establishes the infrastructure to help kick-start the shift to modernising the organisation it represents. The composition of the digital team is important – it must include technologists, business subject matter experts and security professionals to ensure that compliance and security requirements can be met.
Ensuring that these professionals have a robust knowledge of cybersecurity issues, including endpoint and incident response, will ensure that cybersecurity factors will be considered in the strategy and execution phase.
Governance, strategy and shared services
A key part to ensuring the economic benefits of adopting cloud platforms is using a Shared Services-based Consumption Model. For example, in the case of public sector agencies, the design of a Shared Services-based governance and cloud adoption framework allows for greater security and lowers of the overall cost of operations by consolidating assets, resources, business processes and services that are (or should be) common across different agencies.
In Australia, this is represented by the Digital Transformation Agency (DTA), who seek to improve its citizens’ experience of federal government services across a range of platforms. One such platform is myGov, owned by the DTA, which allows millions of users to transact with government across services such as health and aged care, all in one place with a single login.
This also enables security to be scaled and replicated across multiple shared systems, and share intel on environmental vulnerabilities which ultimately increases the shared cybersecurity posture.
Digital innovation labs and accelerators
One initiative growing in popularity among organisations is establishing a digital innovation lab or accelerator. This initiative gives an organisation the license to reduce red tape and allow experimentation and innovation to take place, with the aim of discovering new products to bring to market. And in order for rapid prototyping to occur, organisations rely on easy, self-service tools that deliver quick outcomes. Critical to the success of innovation labs and accelerators are well-established templates, design guard-rails and documented best practices.
One such example is CSIRO's Data61, the digital innovation arm of Australia's national science agency, which offers research capabilities, IP and collaboration programs to support Australia’s digital and data-driven potential. Or NAB Labs, NAB’s innovation hub that plays a key role in exploring and creating new and leading experiences for their customers.
When creating new products for market, organisations may find it useful to use a tool such as a cloud readiness tool, and also cybersecurity assessments. Some assessments may include red teaming or cybersecurity perimeter testing to ensure vulnerabilities are patched before product release.
To learn more about Cloud Security Strategy and 2019 Guide, download here: