As organisations pursue cloud-first agendas, and cyber hackers become more sophisticated, the security market in Australia continues to accelerate at a rapid rate.
Advancing upwards, to the skies, businesses now seek greater protection for cloud deployments, with information and assets a mission- critical commodity.
But while the industry is well- versed in the rising levels of cloud and security investments across the country, clarity is required from a channel perspective.
Because cloud, much like security, remains hyped and widely misunderstood, creating market confusion as a consequence.
“Security is now a board-level conversation,” Symantec managing director of Pacific Ian McAdam observed. “Security features on every monthly agenda and with cloud now part of the business vernacular, this added layer on top is driving behavioural change.”
Through elevating risk up through the company, along the corridors of power and into the boardroom, executives are now entering the security game, prompted by cloud but driven by concern.
“Boards are asking questions today that they didn’t ask 12 months ago,” McAdam said. “Because board members are on multiple boards, they are all comparing notes about what is best practice in a cloud security context. It’s not about competing, rather comparing.
“The fact is that if boards don’t pursue this agenda, they risk exposing both themselves and their business.”
In taking a boardroom view of the world, many businesses still lack established organisational knowledge of how to implement strategic security plans, a task complicated further by increased cloud adoption.
With Australia no longer on the sidelines — instead a serious player in a market where security breaches at large corporations dominate the headlines — the ambiguity that surrounds cloud computing can make securing a business a daunting prospective.
“Cloud doesn’t make securing a business more difficult, it just makes it different,” Insentra co-founder and CEO Ronnie Altit said. “The conversations I’m having with partners and their end-users are based on ‘we don’t know what we don’t know’ because once businesses move to the cloud, it almost becomes nebulous.”
While most businesses across the country are now familiar with cloud, or at least the idea of cloud, misconceptions and misunderstandings about what the technology can offer are pervasive.
Likewise, the challenge exists not just in the security of the cloud itself, but in policies and technologies for security and control of the technology.
“There’s a huge need to continually educate the customer around what issues are emerging and the challenges ahead,” Aquion general manager of sales Audrey Lyon added. “There’s lots of new technology in the market because there’s a lot more problems to deal with.
“But IT budgets haven’t followed the demand because there’s always a lag at the end-user side.”
In working with organisations across the entire business spectrum in Australia, Content Security is a leading information security consulting firm, working with over 800 customers nationwide.
According to founder and managing director Louis Abdilla the wants and needs of the customer vary by size, scale and sector, creating complexity around establishing viable go-to- market strategies.
“As a small or medium-sized business, cloud provides a stable environment because businesses don’t have IT professionals on tap,” he explained.
“But at the larger end of town, enterprise is becoming more worried about security in the cloud. It stems from a fear of losing their reputation should a breach occur because as experience shows, brands struggle to bounce back once the trust is broken.”
As an emerging security focused start-up in the channel, InfoTrust is a specialised partner providing consultancy, professional services and ongoing support, delivering a range of best of breed technologies including cloud services.
Since starting out in 2014, CEO, Dane Meah, has witnessed sizeable change in end-user appetite for cloud security services, with requirements fluctuating as the market shifts.
“Organisations are now expecting IT to enable the business and deliver outcomes as opposed to manage technology,” Meah said. “Today, businesses are driven by outcomes and your ability as a channel partner to deliver that outcome.”
But in response to changing market conditions, the ability of a channel partner to deliver an outcome will now be impacted by the recent introduction of long-awaited mandatory data breach notification laws in Australia, following its recent passing in Parliament in February 2017.
Specifically, Australian businesses with an annual turnover of $3 million or more will have to disclose information breaches that involve individuals’ personal information, putting into motion new laws that will see local organisations that are subject to regulation by the Privacy Act required to notify the Australian Information Commissioner and affected individuals of an eligible serious data breach.
“This has been a long time coming for the Australian market and will change the game from a security perspective,” Symantec manager of cyber security strategy APAC Nick Savvides said. “It’s placed the entire security conversation at the front of mind for large businesses across Australia.”
In instances where it is not certain that a breach has occurred, the new laws give organisations up to 30 days to investigate whether a breach notification is needed.
According to the Bill’s explanatory memorandum, an eligible data breach will occur in situations where unauthorised access to, or unauthorised disclosure of, information would be likely to result in serious harm to any of the individuals to whom the information relates.
“There’s now a growing need for self-assessment in a security sense alongside identifying maturity levels for customers,” Intalock Technologies account executive David Bowens added. “Businesses now want to know how their competitors and industry peers are sizing up from a security perspective so there’s growing opportunities around providing a benchmark for the industry.
“As a partner if you can provide a score ranking for a business, it helps drive security projects that align alongside IT strategies. Our role is to demonstrate how a business can move from 1.5 to 3.5 out of five by following our advice and guidance.”
Despite the introduction of new local laws, in a cloud sense, ambiguity remains about what the technology actually delivers to an organisation and compounded by a variety of real and imagined concerns about the security and control implications of different cloud models.
Crossing the chasm
Today, resellers remain challenged by cloud transitions from a security standpoint, with partners unsure how to monetise the market, whether through managed services, consulting or specialist plays.
“From a business perspective, the industry is still driven by large CAPEX projects but the market is changing and a transition is underway,” Symantec channel director A/NZ Joe McPhillips added. “The channel is moving towards a subscription-based, monthly priced economic model that vendors, distributors and partners must consider.
“That represents a very different way to run your business as a reseller and during the next few years, we expect a significant move towards a subscription model in the cloud.”
Consequently, McPhillips acknowledged that the conversation topics currently dominating the channel agenda will change, evolving into the business implications to consider when transforming business models in the cloud.
For many security focused resellers, cloud has arrived. Yet for the traditional players, the financial implications of crossing the chasm remain too difficult to negotiate.
“So many integrators have hit the wall in Australia because they’ve tried to make the transition and have failed,” Altit observed. “Many partners in the industry struggle to create services themselves, they can’t build a help desk or provide support.
“And for those operating with managed services today, because they are transitioning to being on the drip, they are struggling to invest in additional services to bolster their capabilities.”
Highlighting a sober point amidst an industry drunk on hype and buzzwords, the harsh reality remains that cloud continues to impact how solution providers run business operations, impacting staff, compensation plans, go-to-market strategies and delivery methods.
With large meaty upfront deals drying up through the rise of cloud, security experts must differentiate to deliver new levels of customer value, or risk losing long-standing end-user relationships as a result.
“Partners that do not adapt or develop into delivering security through cloud and managed services will suffer,” Savvides cautioned. “There’s definitely a new set of skills to be applied and that’s what the customer is looking for.