In an as-a-Service environment, cybersecurity risks can be hard to avoid. Robust strategies need to be in place.
Concerns about the privacy and security of an organisation’s data often go hand in hand with a decision to outsource software, or adopt an as-a-Service solution. But organisations should not be tentative about leveraging partnerships or engaging in a wider ecosystem.
Companies now using an as-a-Service model for one or more functions are reaping the benefits of partnering with as-a-Service providers. They provide more sophisticated, more intelligent and often more cost-efficient services. Agility also comes from the ability of as-a-Service models to provide flexibility for companies to scale transactional volume up or down as a business needs change. An as-a-Service model means this scale can be achieved rapidly.
Cybercrime is on the rise
Of course, all organisations today are at risk of cyberattack. Cybercrime has been on the rise in Australia and New Zealand, and this is likely to continue. Between July 2015 and June 2016, Australia’s Computer Emergency Response Team (CERT Australia) responded to 14,804 cybersecurity incidents affecting Australian businesses. The expansion of the Internet of Things (IoT), the proliferation of connected devices and the growth of cloud computing all mean that an organisation’s ‘attack surfaces’ are growing.
In December last year, the South Australian Government announced it was considering moving its end-user-computing to an as-a-Service model. Essentially, this meant its desktops, laptops, tablets and software would be outsourced from a third party, and the department would not own the solutions outright. This provoked criticism from the Public Service Association, who warned that outsourcing ownership of government computers could put sensitive information of citizens at risk.
Mitigating the risk of cyberattack
Concerns like these should not be ignored, but they should certainly not mean organisations discount outsourcing their IT needs. They risk missing out on the numerous benefits that as-a-Service models provide. To protect themselves, organisations need to ensure that they have a robust operating model and strategies in place to mitigate the risk of cyberattack.
Achieving best-practice operational effectiveness can deliver a wide array of security-related benefits. These range from fewer successful incursions to faster response times and quicker recoveries when attackers do hit. For most, the main operational problem comes down to people and skills – both in the business at large and among security professionals.
In a high-turnover environment, firms often expose themselves by having only one person responsible for a security area, such as malware reverse engineering or incident response. If that person leaves, all the knowledge goes with them. An as-a-Service model can help alleviate this pain point.
By following specific steps to improve security operations and establishing a clear operational model, organisations can protect their data, their customers and their future effectively, in partnership with an as-a-Service provider.
The models used by organisations with effective cyber defence operations share a number of attributes. They:
- Start with a clear big-picture strategy of how security efforts support business performance. Include detailed, proven processes and roadmaps customised to the organisation.
- Establish effective communication channels and relationships with IT, the business and outside service providers.
- Clearly define the roles and responsibilities of the teams that manage the cyber defence capabilities and how they need to work together. And have clear policies for what needs to be done in the event of an incident.
- Understand the structural defences of the organisation – where the data is stored and how it can be accessed.
- Conduct security operations monitoring with a consistent focus on what matters to the business.
- Concentrate on incident response, threat intelligence, technical intelligence and vulnerability management. Proactive organisations also include security analytics and active defence measures.
- Address governance and decision-making issues, staffing and outsourcing requirements and ways to measure success on a comprehensive basis.
There is no doubt that as-a-Service delivers strong benefits to an organisation. But to truly realise the benefits, it’s important these organisations also have strong cybersecurity operating models in place. They must take into consideration external service providers in order to ensure the ongoing safety of company and customer data.
In this day and age, breaches will happen. The question is how prepared your organisation is to address and reduce the impact of these breaches.