Story image

Australia trailing behind APAC in cloud migration and security

03 Oct 18

Despite many Asia Pacific countries being renowned for their forward-thinking operations in mature IT markets, they are still trailing behind in their ability to implement security management.

A new report from Ovum and Juniper Networks shows that organisations in Australia, Japan and Korea actually rank lower than countries in emerging IT markets when it comes to centralising security management and cloud adoption.

Complacency could be an underlying cause of the sluggishness – in Australia, IT managers report fewer security alerts than other Asia Pacific countries. 68% say they receive fewer than 50 threat alerts per day, while 43% of APAC respondents say they receive more than 50 per day.

Adding to the frustration is the fact that 78% of managers say less than 10% of alerts they receive are legitimate and require further action. 

“The findings of this report should come as a serious wake up call for Australian businesses that have become, or risk growing, complacent in their approach to security,” comments Juniper Networks senior systems engineering manager James Sillence. 

“Despite being viewed as one of the most technologically mature in APAC, the reality is that most Australian enterprises today are hamstrung by the same technologies that once helped advance the nation’s IT economy. For Australian businesses to maintain their leadership, complexity and silos must be brought out of the enterprise security equation, and be replaced with a ‘single pane of glass’ approach to data management.”

Despite security alerts a siloed approach to security still persists. The survey found that many organisations in Asia Pacific aren’t centralising security management – more than half of organisations with more than 1000 branches or more say they manage more than 100 tools. However, 83% of respondents use fewer than 50 tools.

The survey also hinted that Australia has been less enthusiastic about the transition to cloud that it would like to think. 

Juniper looked at how many Asia Pacific organisations have migrated to IaaS or PaaS platforms and found that larger companies are more likely to have migrated (74%), compared with smaller companies (between 11-50% of respondents).

In Australia, 64% of IT managers report low-to-no migration of workloads to the cloud. 34% say that between 10-50% of their workloads have been moved.

Juniper Networks says this trend is more representative of the entrenched legacy infrastructure prevalent among Australian enterprises than strict opposition by organisations to the cloud. 

As uptake of cloud-based services improves, security managers will need to extend security functions to the cloud – particularly as off-premise security policy management isn’t yet well established in Australia.

The report found that 48% of Australian IT managers use on-premise security, while 38% use security offered by IaaS and PaaS providers.

The report makes the following recommendations:

Enterprise decision-makers must take steps to consolidate visibility and control of their security infrastructure 

Security decision-makers across all verticals should invest in centralized management capabilities, enabling them to control the disparate security tools in their infrastructure and address the challenge of prioritizing the volumes of daily alerts they receive. 

Only by bringing together into a "single pane of glass" and correctly handling the data from their security silos will companies be able to gain an enterprise-wide view of threats and manage their cyber-risk appropriately. 

More companies should investigate a separate management layer for security 

Too many companies rely on separate dashboards for each of their security tools, and SIEM platforms only go part of the way in addressing the centralization requirement. Ovum believes that more companies across all verticals should investigate the deployment of a separate management layer, into which all tools should all be able to report, and from which adjustments to their security posture should be rolled out quickly across their infrastructure. 

Investment must be made now in security for IaaS and PaaS cloud environments 

Ovum also recommends that enterprise look to invest in capabilities and/or services that allow them to manage security for their operating systems, middleware, and runtime environment, the data and applications customers are using in IaaS environments, and the data and applications they run in PaaS services. 
Importantly, enterprise security leaders must review their policies as they relate to their off-premises or virtualised IT resources. 

Simplify – and enforce consistency in – security management 

Complexity – in terms of both the number of products in use and the pressures to cloudify security resources – underpins many APAC enterprises' security environments. 

To mitigate the risks this creates for security management, platforms that streamline and automate operational environments and help contain the proliferation of disparate security tools are recommended.

The Too Much of a Good Thing? Enterprise Cybersecurity Adoption Trends across Asia-Pacific report polled 350 IT professionals in 11 countries.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.