By 2020, statistics show that four out five Australians will engage with the Government through an online service, and data centre infrastructure will be the enabler.
This trend is reflected in New Zealand, where citizens are becoming more connected, demanding 24/7 access, and have zero patience for downtime and data loss.
Techday spoke to Danny Allan, Veeam product strategy vice president about the ramifications of the government’s necessary digital transformation, and how ransomware would factor into it.
There’s a huge push in governments to enable digital services for a few different reasons. One is because it’s often more cost effective to have the digital services available, and second, it makes the government more efficient. So there’s been a tremendous push to engage directly with end users.
This results in a lot of services being built that citizens which become very dependent on. It becomes a critical part of their digital life. So not only designing those applications to ensure that they’re user-friendly for the citizens is important, but also protecting them, and ensuring that the service is available when needed.
Often as the transition towards the digital services occurs, the legacy ways of interacting that focus on those and the support structures decreases.
So availability of those services become a fundamental requirement for the government to consider when they implement them.
Traditionally, government agencies and organisations would build an application, and then after it was completed, they would say, “Let me add availability to it”. Much like bolting security onto digital services or applications has failed, I would argue that bolting on availability is also a failed approach.
The proper approach is to build availability into the design of the system in three areas: One is in the support structure, second is in the digital high availability of the service, and this is well-known in terms of technologies, things like making sure that your compute is clustered, if that server fails, for example, does the service still exist? Same thing on storage, making sure you don’t have one copy of the data, but multiple copies, so that if a hardware failure takes place, you can recover from that.
The third aspect of it is what I call business availability. This is designing a solution in such a way that even if it’s not an unintended failure, but an accidental, intentional issue that might happen, this is ensuring the data has the protection needed so there’s always-on availability.
There’s no question they need to evolve because there are different tiers of data that exist. So data centres need to evolve to support a tiered structure that's based on policy to deliver these services. The policy will often dictate both the performance and the protection associated with a given service.
I believe so - one of the interesting things about New Zealand is that it tends to be ahead of the global market in terms of cloud adoption and digital transformation. I’m not sure if that is a result of government regulations or perhaps because of the geographical location of it, but in terms of adoption, what we’ve seen is over 50% of IT goes through cloud providers and organisations that very much focus on resilience and dependability.
One of the challenges faced is ensuring disaster recovery and availability is built-in just because of the natural disasters like earthquakes, so there is a pressing need for that, but they do tend to be ahead of the world market, so very strategic for software companies like Veeam.
Ransomware is a people, technology, and process challenge. There’s an education component associated with it for educating users about proper behaviour - so that’s the people component of it.
But what we've witnessed is, even if there’s a lot of user education, it doesn’t always work.
The second line of defence has typically been around process and technology, patching systems and making sure that everything is protected from a process perspective and through technology, making sure that antivirus and firewalls are in place.
So defending against ransomware is a combination of all three but even with the most comprehensive protections and practices we’ve seen in place, it’s still resulted in outbreaks at very large scales, like Petya and WannaCry.
So the final line of defence for an organisation is to ensure that there are three copies of the data so if it impacts one copy of the data, it’s not all the copies, on two different media types, and one which is both offsite and offline, meaning there’s no network connection to it.
I always tell people to start with the assumption that you will be compromised.
If you start with that assumption, what Veeam does is that it ensures that the protection is in place so that you can recover quickly from a ransomware attack.
One of the valuable outcomes from the ransomware attacks is that it does elevate the priority of security and the importance of data for an organisation to the board level.
There’s nothing more important than the data of the citizens of New Zealand and ensuring it has executive-level focus and protection is valuable.
The second thing it’s done is that it’s raised awareness of cryptocurrencies, and that’s also a positive outcome.