Only 46 per cent of Australian and New Zealand (ANZ) organisations have a cloud security strategy in place according to Datacom’s latest annual Cloud Report.
The report, which was based on surveys of 700 ANZ organisations, also found that just 20 per cent of organisations have the budget to invest in security and only 43 per cent can withstand a sustained ransomware event.
Datacom’s head of strategy Mark Hile told CRN Australia that while security is the top IT priority of organisations over the next 12 months, many are lacking qualified cyber professionals.
“Zero-trust has been a buzzword for years now, but we're three, four or five years down the track and still, we haven't implemented a lot of this technology,” he said.
“It’s complexity, its cost, it's hard to do, and specifically for Australia…I think it was 28 per cent of organisations had implemented the Essential Eight.”
“It's very difficult to recruit the right cyber professionals and it's hard to solve these problems.”
Hile said he expects managed security service providers to fill the skill gap.
“I think you'll see a much deeper array of partnerships, whether it’s managed security partners, whether it's people that traditionally competed, will partner to solve problems,” he said.
“I think there's certainly a much stronger managed security partner focus and really trying to spend the limited budget we have on the most important things that are going to mitigate risk.”
Hile said organisations are also lacking the means to recover from potential cyber incidents.
“Probably one of the most terrifying stats in [the Cloud Report] with regard to security, it was one in three organisations had immutable offline backups.”
“It's one thing to be breached; it's another thing not to be able to get your data back, because you just don't have it backed up correctly.”
“Some of this stuff is not actually hard to solve and yet it still hasn't been done for budgetary or other reasons."
Data management challenges
The report found that only a quarter of organisations consider themselves highly mature when managing data.
Hile said many are lacking data literacy skills.
“There is a lack of data literacy skills, and understanding the different types [of data] and how to collect it and manage it and clean it, and all of those factors are just so important,” he said.
“Data skills are also unique in the market. To try and drive the right approaches and the expertise needed to drive value out of out of data, there's a lack of resources to do that.”
“…it all comes back to trying to get the right skills, the right quality of data and a complete end-to-end picture of data, and that's a bit of a work in progress, I think.”
Lack of AI guardrails and policies
Hile said organisations are lacking the data security and governance policies to safely deploy AI.
“We've done a bunch of AI research as well, and overarchingly leaders support AI, but they're just not quite sure how to implement it,” he said.
“[The] number one [challenge] without a doubt is the data security classification and readiness.”
“They don't have AI governance policies…they don't have the guardrails around AI to understand what is acceptable and what isn't, what data can [be used] and what models.”
“You cannot put a learning model just into an organisation and let it loose, or the results most likely, unless it's a very, very mature organisation, will be catastrophic.”
“There has been a lower adoption of oversight and governance, which I think is leaving businesses…not really in a position to adequately manage the cyber risks and also the opportunities.”
Emergence of hybrid teams
Hile noted that organisations are increasingly seeking to tackle data and cloud challenges via hybrid teams that bring together internal expertise and partners.
“What we're seeing is a hybrid solution to security,” he said.
“It's not [that] you outsource all your security to a partner, it's we've got this skill internally, we don't have these skills, so let's build a hybrid security team [with an IT partner] that can work together essentially as one agile team to solve whatever problems there are.”
“It's similar with cloud. There's deep knowledge in organisations, but equally, they don't have the visibility of the market that [partners] will see or what's happening with automation or some other things.”
Hile explained how Datacom forms hybrid teams to help organisations with their challenges.
“So, one of our customers might come to us and have a certain cloud or security requirement, and they often will have some people in their organisation to deliver that, but they don't have all the skills, and often nor can they afford to buy expertise in all of the disciplines they need to solve it.”
“That's where we as a partner can come in, and we can with our customers build a hybrid team to work together as essentially one agile team to solve some of [their] problems."
“There will be customers that want to outsource everything, there'll be some that don't want to outsource, but we are seeing more and more hybrid teams to get the deep knowledge of the customer teams plus the partner’s teams, which is a pretty happy medium for some of the challenges that we've got at the moment.”
“[Partners can] bring [customers] together to constructively create a team that can be the best of both organisations, or even multiple organisations to solve those specific problems.”
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
.jpg&h=237&w=349&c=1&s=1)
