On cybersecurity, compliance, and total cost of ownership


David McClure
Contributor

High levels of regulatory compliance, crippling skills shortages and a relentlessly shifting risk landscape are combining to make military-grade cloud, including physical infrastructure, increasingly attractive to commercial and government business environments, according to industry experts.

The global military-grade cybersecurity market was valued at nearly US$25.7 billion in 2021 and is projected to top US$43.6 billion by the end of the next decade.

It is a surge that has been driven by resource availability and aptitude, risk profiles and risk appetites, data-sharing arrangements, and even the changing attitudes and expectations of end consumers and the public to data classification and protection.

Vault Cloud chief executive Rupert Taylor-Price

And it’s not just a matter of perception. Cybersecurity-related insurance claims in the Australian market were up 50 per cent in the second quarter of 2021 compared with the same period last year, leading to an 80 per cent rise in related insurance premiums.

Protecting data and core systems is subject to the same total cost of ownership (TCO) calculations that are applied to all parts of a business.

But as regulatory changes demand more for compliance and customers big and small reassess their comfort with different levels of risk, cyber security-focused infrastructure and services are becoming increasingly standard options for government cloud and private sector critical infrastructure, said Vault Cloud chief executive Rupert Taylor-Price.

The net effect of this scenario is that businesses across government and critical infrastructure are increasingly looking for solutions that have been designed and built to meet the highest level of government cybersecurity certification to help simplify building, protecting, and operating their outcomes to a manageable budget.

By building the foundational cloud infrastructure to the Information Security Manual (ISM) and PSPF standards, an organisation bolsters its cybersecurity capability against shifting circumstances, Mr Taylor-Price said.

The effect of this is not just to reduce risk, but also to relieve the compliance burden and take the pressure off the cyber workforce.

Vault Cloud was designed to match the high standard of secure technology built for the US government and trusted by both the British civil service and French public service.

Vault Government Cloud delivers the highest levels of security to all levels of government, with up to Top Secret controls and meeting the recently announced Digital Transformation Agency’s Certified Strategic accreditation level.

Extensive amendments to the legislation governing cybersecurity obligations over the past year have increased the onus on private and public companies, as well as government entities, to safeguard Australian data.

The recently passed Security Legislation Amendment (Critical Infrastructure) Act 2021 significantly increases compliance requirements by bringing several new sectors within the scope of the legislative framework and introducing new obligations to report cyber security incidents.

The result is an ever-changing, rapidly increasing web of controls and reporting requirements that are presenting more and more challenges for organisations participating in the market. Increasingly, organisations are looking for environments that offer a simplified path to security and regulatory compliance. Mr Taylor Price says this is a major factor contributing to the uptake in offerings like Vault Cloud.

The state of compliance in Australia is one of increasing volume and in many cases complexity, he said. This increased complexity is driving a change in behaviours around reporting and mitigation, in turn generating high spending on compliance activities rather than investing back in the business.

With this rate of change and the cost of both capital and productivity, the value of simplifying a compliant position cannot be understated.

“The inheritance of supply chain compliance is more dynamic than ever before within the technology landscape,” Mr. Taylor-Price said.

“Increased stakeholder expectations, heavy fines associated with environmental regulations and delayed market access due to complex global trade rules are just some of the common challenges organisations navigate.”

To manage these evolving requirements effectively, organisations need the knowledge, access to information, and ability to interpret the impact of existing compliance measures, he said. “But these are time-consuming, specialist activities that take away from the focus on business growth.”

The Hosting Certification Framework, recently announced by the DTA, provides guidance to Australian Government departments and agencies around hosting services that meet enhanced privacy, sovereignty, and security requirements.

Under the Framework, all high-value government data, Whole-of-Government systems, and systems rated at the classification level of PROTECTED should be hosted within certified data centre facilities and by Certified Service Providers by 30 June 2022.

“Not all cloud services are created equal, and people must understand this in relation to managing risk,” Mr. Taylor-Price stated. “The quality of a cloud service – its risk profile – might be perfectly adequate in one context, but simply not up to the task in another.”

Vault Cloud is Australia’s leading Secure Cloud service. Its adherence to the continually changing regulatory baseline means its customers and partners receive the financial and emotional benefits of promised, simplified compliance – giving them time back to focus on growing their businesses.

This story was produced as part of a commercial partnership between InnovationAus.com and Vault Cloud.

Do you know more? Contact James Riley via Email.

Leave a Comment