itb-au logo
Story image

Ensuring effective public-sector security in an interconnected world

12 Nov 2020

Article by Zscaler country manager for A/NZ Budd Ilic.
 

Just as it has across all sectors of business, increasing interconnectedness is causing sweeping changes to all levels in the public sector.

The digitisation of data and processes is creating both challenges and opportunities for departments and agencies of all sizes. Traditional workflows and practices are being replaced by online communications channels, while delivery of services is increasingly being conducted digitally.

In many areas, the applications and data stores supporting these activities are also shifting. Where once they would have been housed within dedicated data centres, many are now being migrated to cloud platforms. This is seen as a way to keep operational costs down while at the same time providing more efficient access to resources.

As a result, rather than being tied to an office desk, public servants can readily work from any location. For citizens, information and services can be easily accessed via the internet using their chosen device. 

The security challenge

While these changes have delivered significant benefits, they have also presented challenges when it comes to IT security. Where once data and applications could be kept locked in the data centre, now they must be secured regardless of their location. Sensitive files held on a cloud platform must be just as secure as those sitting in government data centres.

This security challenge was highlighted by the Federal Government’s recently released Australia’s Cyber Security Strategy 2020 report. The report outlines the Government’s plan to invest $1.67 billion during the next decade to improve the nation’s security preparedness and combat evolving cyber threats.

The report points out that, while Australia has been fortunate to avoid a catastrophic cybersecurity incident to date, the country remains vulnerable to the types of attacks that have been seen in other parts of the world. Ensuring the elements are in place that can minimise the chances of such an event occurring is vital.

Security in the cloud

Cloud platforms are a particular focus when governments are assessing and upgrading their security infrastructures. This challenge is made more acute by the fact that the Australian Government has a stated strategy for all departments to adopt a ‘cloud first’ policy when it comes to deploying new IT resources.

One approach that is attracting increasing attention is the strategy dubbed ‘zero trust’. This approach shifts the security focus from a government department’s perimeter to individual users, devices, transactions, and data.

Once all the components of a department or agency’s IT infrastructure have been secured, the perimeter becomes meaningless. Users can access cloud services directly and enjoy the same high levels of performance from data centre-based applications and stores.

The importance of IRAP

To help departments and agencies achieve goals such as zero trust, the Australian Signals Directorate (ASD) created the Information Security Registered Assessors Program (IRAP) initiative. 

Endorsed IRAP assessors can provide an independent assessment of components such as cloud services, gateways and information systems. Once accredited, departments and agencies can then deploy these services with confidence.

The IRAP assessment process is undertaken by authorised IT professionals who have met strict criteria around industry knowledge and experience. This ensures they are well-qualified to examine the robustness of security components and determine whether they will provide the level of protection that governments require.

It’s therefore essential that public-sector IT teams ensure they deploy only security tools and services that have completed an IRAP assessment. 

By following this policy, they can be confident that all elements of their infrastructures, including those on cloud platforms, will remain resilient to the constant threat of cyber-attacks.

Link image
You’re invited: The secrets to workplace happiness in the post-pandemic world
It has been a rough year for workplace wellbeing, with disruption and health concerns worrying every employee. Join Poly’s A/NZ Kickstart 2021 on 10 December from 11am AEDT, where special guest Dr Justin Coulson will share secrets to workplace happiness in the post-pandemic world. Register now.More
Link image
Where is your data? You'll find out in 2021
Next year, we will start to realise exactly how much intellectual property was stolen by attackers during the 2020 remote working shift, writes Forcepoint global CTO Nicolas Fischbach.More
Story image
DXC Technology partners with Microsoft to deliver modern workplace solution
The platform will leverage several of Microsoft’s services, including Microsoft 365, Teams, Dynamics 365 and Power Platform.More
Story image
Telstra Purple acquires services provider Epicon
Epicon was an Australian-owned company with more than 100 technical specialists and operations in ACT, VIC, NSW and QLD. More
Link image
The criteria to consider when choosing a cloud communications solution
Cloud-based communications solutions are saturating the market, and there are vast differences between the good and the bad. Here's how to tell the difference.More
Story image
Nutanix brings Matt Maw onboard in new role of A/NZ head of tech strategy
The appointment and new role follows the expansion of the Nutanix A/NZ business in the fourth quarter of 2020, where it experienced 18% team growth, 13% customer acquisition growth, and a 14% rise in new partners.More