itb-au logo
Story image

Six steps for effective public-sector cloud adoption in a post-COVID world

01 Oct 2020

Article by Zscaler country manager for A/NZ Budd Ilic.

Throughout Australia and New Zealand, governments and public-sector bodies are facing significant challenges caused by the rapid impact of technology. New work patterns are replacing those that have been in place for years, which, in turn, is changing the way services are delivered.

The pace of this change has increased further in the wake of the COVID-19 pandemic. Most staff are now required to work remotely, and operations have had to be redesigned to make them less office-centric.

One significant shift has been an increase in the use of cloud platforms. The public sector was already coming to understand the performance and cost benefits of using hosted resources. Now COVID-related pressures are increasing shifts from legacy, on-premise systems to cloud-based alternatives.

The importance of effective cybersecurity

Current operating conditions are far from normal, and there’s an understanding it’s possible things will never return to precisely the way they were before the virus appeared. 

Governments need to continue to assess the way they operate so they can be best positioned to deliver services in the new world in which they now have to operate.

They must also ensure that trusted connectivity is in place. Data and applications need to be accessible by those who require them from wherever they happen to be, and this must be done securely.

To achieve this, there are six critical steps Australian and New Zealand government agencies need to take. These steps are: 

Embrace effective management

Governments and agencies at all levels must become leading champions of enterprise security risk management. This role has to include the three areas of cybersecurity, physical security and personnel security.

Private-sector parity

Governments and agencies that have a role in providing essential services should be required to meet the same cybersecurity standards as privately-owned critical infrastructure. This includes having in place increased levels of accountability and oversight.

Decommission legacy systems

As part of the ongoing adoption and broader use of cloud-based services, governments should follow a strategy of decommissioning vulnerable legacy IT infrastructure. This process needs to be well-planned, disciplined, monitored and accountable

Adopt zero trust

To radically improve cybersecurity, governments must embrace the Zero Trust Network Architecture (ZTNA) specified by analyst firm Gartner.  This removes the concept of a network perimeter and ensures all applications and data stores are protected regardless of where they are located. 

All agencies can then use a consistent set of cloud-delivered security services that can be tailored to suit their particular requirements.

Combine forces

Rather than each agency selecting and deploying its own cloud resources, many could come together and take advantage of those who can support multiple agencies as individual tenants. 

The portfolio of services available in this way include secure web gateway services, remote access and zero trust application connectivity, identity management, email and end-point protection.

Governments should make a clear vendor or service selection at all levels of the security stack, while minimising the selection and procurement hurdles.

Observe guidance

In Australia, governments and agencies should ensure they adopt the Australian Cyber Security Centre’s guidance on using the Information Security Registered Assessors Program (IRAP). This process provides a better level of technical audit than ISO27001 and ensures the quality and fit of selected cybersecurity products and services.  

Following these steps will ensure Australia and New Zealand’s public sector will be best placed to deal with the new post-COVID environment that will continue to emerge in coming months. By securely embracing the cloud, they will be much better positioned to deliver the services that business and the public require.

However, achieving this requires more than just investing in technology. There also has to be a shift in mindset. All those involved will need to think and act differently in response to what will be very different operating conditions. A failure to do this could lead to more strategies and more funding not delivering the benefits that are possible.

By taking the time to map out comprehensive strategies and ensure they are aligned with the new ways of working now in place, Australian and New Zealand governments can ensure they’re able to operate efficiently and effectively as the country heads along the road to recovery.