• Free Daily Newsletter
  • Get Premium
  • Small Logo
  • About
  • Partner Pages
  • Support & FAQs
  • Log in

The Mandarin

The Mandarin
The Mandarin
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library
Home Features Watch: the opportunities — and threats — online for government

Watch: the opportunities — and threats — online for government

By The Mandarin

Tuesday December 15, 2015

The Mandarin publisher Tom Burton talks to John Ellis — chief security strategist across Asia-Pacific for Akamai, the global leader in content delivery network services — about the opportunities and cybersecurity threats in the digital space for Australian government agencies …

Tom Burton: John, today you talked about the resilient organisation, and the need to tailor your organisation to be resilient for security. What did you mean by that?

John Ellis: I think historically a lot of organisations, when they look at security, they typically look at investing in a lot of security technologies, and processes and controls. It’s very much focused on mitigation. We keep seeing so many examples of data breaches that are happening around the world, security incidents and so forth. There’s also another train of thought that’s been evolving the last couple of years, focusing very much on incident response. Saying look, the breach or the security incident’s inevitable, you need to focus on the incident response strategy. What I’m sort of saying is that there needs to be a blending together. Security incidents are inevitable, but we need to be looking at the right investments. We need to be looking at the right organisational constructs, the processes and also the people to be able to build an organization that can adapt, respond and also withstand a lot of the disruptive events that are happening out there at the moment so they can still keep moving forward to achieve their objective. Whatever that may be.

Tom Burton: When you spoke about aligning, or asked the question of aligning your security investments with the threat environment, what were you leaning at there?

John Ellis: If you ask a lot of people about what you invested in the last year, in terms of security, did that really achieve the objective of what you’re looking to achieve? Did you improve your security posture? A lot of people look at you with blank faces. They don’t really know if the money they’ve been spending is actually improving their security. The treat landscape that we have today is very different than what we had, say, ten years ago. Interestingly enough, also of the issues we were dealing with ten years ago haven’t gone away. Patch management, software still fundamentally has vulnerabilities in it. People need to patch it. You still need to look at your patch management regime. But also, now we have a lot of different threats out there like DDoS attacks and all these web attacks have really been growing in sophistication that people need to start thinking about. Essentially, it’s coming back and saying, what’s important to you? Where are your investments being made? Are they actually delivering value to you? If not, maybe redirecting your investment in areas that are actually going to yield some benefit.

Tom Burton: You talked about the various levels of spending various governments make. You travel around, you get a sense of that. You also acquired some numbers. What are the numbers? Is there a magic percentage they should be spending on security?

John Ellis: That’s a tough question. The numbers that I talked about in the presentation was eight percent is mandated by the Israeli government for the government agencies. Ten percent is the benchmark in Singapore.

Tom Burton: For security?

John Ellis: For security spent. Ten percent of your ICT budget should be spent on security in Singapore. That’s what the government is saying. The numbers vary. Some of the small, medium sized business are spending upwards of 15%. The thing for me is that it’s not so much how much money you’re spending. It’s where you’re spending it to be able to improve the maturity of your organization. If you’re spending all this money in the technology space, but you’re not really improving the maturity of your security capability, then you could be saying that you’re throwing money at the problem. Verses, say, you are spending wisely, you are improving security then you could say look, we’ve got some alignment that’s happening here and we’re able to move forward with a degree of confidence.

Tom Burton: Is that what you meant when you said security really is a business issue not a technology issue?

John Ellis: Absolutely. You talk to a senior business leader and you ask them: Do you understand about business risk, commercial risk, financial risk? The answer to all these questions is yes, yes yes. They have to. If they’re a business leader, they have to understand these things. You ask them, do you understand about cyber risk? Invariably, they’ll turn around to you and say look, I have a CIO, maybe I have a CISO so they understand. That’s not good enough. They also need to understand this is another form of risk in their business and also technology underpins a lot of what organizations are doing now. There’s a lot of organizations essentially being born in the cloud. You look at AirBnB, Uber, but also you look at the existing banks. How many of these banks could be successful without using technology? They couldn’t. Getting them to understand this sink or cyber risk is something that’s important to them. Then we see a flow down from there.

Tom Burton: The movement to digital delivery of services, to me, says this becomes so much more important. And proves it because we’ve had digital delivery for quite a while. But if we move industrially to provide government services though that main channel then this really underlines a need for security.

John Ellis: Absolutely. You don’t want security to be the driving force behind a lot of these things. You want it to be about what’s the enabling qualities, what’s technology, things like that. Around the world, different governments look at it very differently. If you look at the benefits that are to be had, the constituents will want to feel comfortable that the government is doing the right thing by them. In terms of protecting their personal information, the services that they have then come to rely on depend on are available when they need them to be available, things like that. Security’s absolutely critical to being able to win that confidence and the trust. An institution that already struggles with winning the confidence and trust of many people.

Tom Burton: One of the things you said today was in interesting concept of seeing security as an enabler that’ll allow you to go faster. I think you used the analogy of a car. If you’ve got a car that’s well maintained it will go faster. What did you mean by that concept?

John Ellis: If I use the analogy of the car. Are the brakes on the car designed to make the car go faster or slower? The truth is that with the quality of brakes you can go faster because you know that when something’s going to happen you can stop in time. All analogies at some point do break down. But if you look at investment and technology in supporting whatever the mission of the organisation is, whether it’s a government agency a commercial entity, whatever it may be, you also need to also feel that there’s a degree of confidence that the investment you made is protected. If I’m investing here I need to also insure that I’m hedging against some of the risks that may also disrupt my organisation. Security gives you that confidence. If you’re in a position where you can confidently say, yeah we’ve suffered a data breach but we know that data’s encrypted and we know where the keys are to that data. We know who’s accessed those keys. We can say with absolute certainty and confidence that those keys have not been accessed by an external third party, cyber adversary, whatever it may be, you’re in a stronger position. So, you can actually ask those the tough questions when those tough questions actually arise.

About the author
The Mandarin

By The Mandarin

The Mandarin staff journalists.

People: John Ellis Tom Burton

Companies: Akamai

Partners: Akamai

Tags: Akamai Cybercrime cybersafety cybersecurity Digital digital government e-government John Ellis Tom Burton

Login
Please login to comment
0 Comments
Inline Feedbacks
View all comments
The Mandarin Premium

Canberra’s changed

Stay on top for only $5 a week

 

Get Premium Today

Already a subscriber? Login

By The Mandarin

Tuesday December 15, 2015
The Mandarin
Text size: A A A

Upcoming Events

01
Apr
Postgraduate studies in regulation and governance at ANU RegNet
14
Jul
Building Visibility + Influence for Women in the Public Sector – MASTERCLASS
03
Aug
Playing Bigger: Uplevelling Influence + Impact for Public Sector Leaders – ONLINE PROGRAM
15
Aug
CILT International Diploma in Logistics and Transport (Public-Sector)
21
Jun
Humanify HR Consulting – HR Leadership in Practice (HRLP)
View Calendar

Partner Content

Meeting in the middle: How governments and Indigenous communities can work together, differently
Promoted

Meeting in the middle: How governments and Indigenous communities can work together, differently

A royal commission: Wicked problem first responder
Promoted

A royal commission: Wicked problem first responder

Strategic partnering with government? Snowball’s chance

Strategic partnering with government? Snowball’s chance

Latest Jobs


  • Head of Programs

    Cranlana Centre for Ethical Leadership at Monash University

    • VIC CBD
    Closing date 22nd July, 2022
    3 days ago Full Time - Fixed Term
  • General Manager Decision Support Services

    Bureau of Meteorology

    • National
    Closing date 10th July, 2022
    4 days ago Full Time - Ongoing
  • Multiple Directors - Engagement, Partnerships and Communications

    Department of Customer Service

    • NSW CBD, Regional
    Closing date 1st June, 2022
    1 month ago Full Time - Fixed Term
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • VIC CBD
    Closing date 3rd July, 2022
    6 days ago Full Time - Ongoing
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • ACT CBD, Regional
    Closing date 3rd July, 2022
    6 days ago Full Time - Ongoing
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • NSW
    Closing date 3rd July, 2022
    6 days ago Full Time - Ongoing
Search All Jobs

Login

Get Premium now. Not ready? Get the free Daily newsletter.

Forgot password?

Share via email

Access your 3 free Mandarin Premium articles

As part of your free trial you will receive 'The Juice', The Mandarin's daily free newsletter, the 'Premium wrap' every Saturday and marketing emails. You can opt out at any time.
Content
  • Small Logo
  • News
  • Research Series
  • Features
  • Portfolios
  • Jurisdictions
  • New Zealand
  • People & Capability
  • Thought Leadership
  • Editors' Picks
  • Resource Library
  • Site Map
Products & Services
  • Small Logo
  • The Juice Newsletter
  • Partner & Advertising solutions
  • Mandarin Live
  • Public Sector Events Calendar
  • Partner Content
  • Premium
  • Careers
Legal
  • Small Logo
  • Privacy Policy
  • Terms of Usage
  • Code of Conduct
Connect
  • Small Logo
  • About Us
  • Contact Us
  • Support
  • Our Team
Social
Copyright © The Mandarin
Private Media logo CRIKEY SMARTCOMPANY
wpDiscuz