In light of the current situation in Ukraine, the Australian Cyber Security Centre (ACSC) is urging all Australian organisations to adopt an enhanced cybersecurity position.
What happened to standards development — where vendors would collaborate to provide a base level of interoperability between products so end users could pick and choose the best products for them? It seems to be a thing of the past, leading to unavoidable lock-in. Let’s look at some recent examples and the issues they present.
Getting started with SASE Secure Access Service Edge (SASE), pronounced ‘Sassy’, is a cybersecurity concept originally described by Gartner in its August 2019 report ‘The Future of Network Security in the Cloud’. Gartner’s 2021 Strategic Roadmap for SASE Convergence report recommends security and risk management leaders develop a roadmap for adoption of SASE.
Now that the dust has settled on the 2021–22 federal Budget, here is a brief overview on what is in it for the tech sector. While there were many positives in the federal Budget 2021, I will gladly support the more cautious and collective shrugging of the shoulders by the technology sector. The technology industry received $1.2bn funding support — from this around $500m goes to two federal government projects. That leaves $700m for everything else. Considering how much everything costs in the tech sector, it is a relatively small funding pie.
I was recently invited to participate in a panel discussion for CISO A/NZ, which including touching on the subject of this article. Wearing my hat as the Vice President of the Information Technology Professionals Association (ITPA), I joined other seasoned experts to provide input on how to best address strengthening culture around IT and cybersecurity. With the ever-increasing cyber footprint, as well as new technology evolving at pace, we need to ensure professionals in our industry maintain a high level of standards and implement best practices.
Before I get on my soapbox and discuss the problem of old technology versus security in today’s world, I’d like to share a bit of history of my experiences on internet, security and internet security. Like a lot of technology enthusiasts around my age, I started my life on the internet with dial-up and Windows 98SE. (Others would have used Windows 95–ME.) I’ve seen the transitions from dial-up to DSL to speeds that we used to only dream of. I was around when Microsoft ‘enforced’ (I’ll use the term loosely here) the use of the built-in firewall for Windows XP with Service Pack 2. I saw the attacks coming through for Wannacry, ILOVEYOU, Mydoom.
What a year. COVID-19 has left barely any aspect of our lives untouched, but in IT the change and acceleration it has wrought led to the pandemic being called ‘CIO of the year’ back in April. And it deserves that title, having shown businesses the value and necessity of investment in IT for working from home and without physical contact. Most of these technologies have been around for a while, and often employees were asking to use them but being refused by recalcitrant IT departments. Let’s go through some of them.
It’s been a very busy year for the IT industry in Australia, with a number of significant developments during the past 12 months.
Imagine a world where both nation-states and criminals are able to compromise e-commerce traffic, steal banking details and access your private information at will, and yet at the same time that the criminals themselves and their activities are completely protected because, well, they’re criminals, and they don’t follow the same laws that compromise the privacy of law-abiding citizens. This is the utopia that many governments, law enforcement agencies and now even Interpol want us to live in.
With the current trend towards moving data and services into the cloud, what happens to the old infrastructure that once housed this data? Even with your own personal data set-up, how do you minimise or eliminate the risk that once you have disposed of your equipment, its content has already been securely erased, destroyed or made non-recoverable?