In recent years, tens of millions of Australians have been impacted by a series of large-scale cybersecurity incidents. To counter this ongoing challenge, the Australian government has set a goal of being a world leader in cybersecurity by 2030 through the release of the 2023-2030 Australian Cyber Security Strategy. As a global leader in cybersecurity, AWS welcomes the opportunity to engage with Government and industry on these critical issues to ensure a prosperous future for businesses and individuals in an increasingly digital world.
Cloud technology is already playing a key role in Australia’s digital transformation. Embracing the security features offered with cloud is key to helping businesses of all sizes grow and innovate at scale, while navigating an ever-evolving cybersecurity landscape with confidence.
Prospecting for Patterns
As a cybersecurity professional who started my career over 20 years ago, I have witnessed first-hand how much the cybersecurity industry’s capabilities have evolved.
Technology of all types produce high volumes of data that cybersecurity analysts must sift through looking for signs that something is wrong. In previous decades, cybersecurity was primarily a struggle between the limited number of humans looking for signs of suspicious activity, and the clues hidden in increasingly vast amounts of information.
Critical information that needed to be analysed to truly understand a cyber incident was hard to get. Relevant information was stored in different systems, in different on-premises data centers, sometimes in different locations, and it was time consuming and expensive to centralise the data for analysis.
This meant that cybersecurity professionals spent the first critical few hours after an incident trying to gather the right information from multiple sources. We would see an incident emerge and cascade, then be under pressure to consolidate relevant data to figure out exactly what happened and how to fix it. This delay between detection and response meant we were reacting to events well after they happened.
Tackling Unknown Unknowns
In the early years of my career, there was low awareness about the critical importance of good cybersecurity practices, which made my job as cybersecurity professional more challenging. Software developers have always wanted to move fast, but this often meant that security was not always top of mind when creating new applications. And the system administrators who kept these applications running did not always take security in consideration during day-to-day operations.
The combination of new software with subtle cybersecurity issues hidden in the code, and old software that was not kept up-to-date, made it easier for bad actors to gain unauthorised access to systems.
Being a cybersecurity professional before cloud meant grappling with an overwhelming amount of data, with limited visibility about the environment, and trying to protect software and systems that were not designed with security from the ground up.
Enabling Panoramic Perspectives
The introduction of cloud technology improved cybersecurity for the world. The cloud automatically puts in place some of the most effective cybersecurity fundamentals that did not exist in previous generations of technology.
For example, cloud enables an unprecedented degree of visibility for customers over their environment, giving them round-the-clock visibility and thorough record-keeping as part of the package.
In older, on-premise data centers, the simple act of unplugging a network cable wouldn’t result in a record of that activity. Discovering whether a computer is turned off or on would require a manual query, and human intervention to find out how and why this happened. A computer couldn’t record that a human had unplugged it.
In a hyperscale cloud environment like AWS, if a customer issues a command to disconnect a virtual network cable, it is recorded. Not only that, but the identity of the person taking that action is confirmed, and will only be carried out if that person is authorised to complete the action. Extend the same analogy to tasks like transferring files, or installing new applications, and the security benefit of the visibility in the cloud becomes clear.
At AWS, each of the building blocks we use to construct our infrastructure—our APIs—are secured, encrypted, and authenticated because we focus on building our cloud securely from its first design. How we secure it is then validated by the most rigorous checks from external auditors and by security-conscious government agencies. This level of security means that companies large and small have access to the same visibility over their environments—and the same world-leading cybersecurity and resilience to build robust and proactive defenses against bad actors.
Not all Clouds are built the same
Cloud has completely changed our cybersecurity defense capabilities; however, I have seen first-hand that not all clouds are built the same. Our key differentiator, and one that we share with our customers and partners, is building a cybersecurity culture from the ground up.
Over many years we have developed, and nurtured, a culture of cybersecurity leading to cloud infrastructure that is secure by design. It’s something that requires constant focus, investment, and innovation, and has been a pivotal part of us earning trust with our customers. It has also enabled us to democratise access to cybersecurity for customers of all sizes – meaning startups, small and medium businesses, and public sector organisations can benefit from the same enterprise-level security that is otherwise costly to build on its own.
Embedding cybersecurity into the culture of the organisation, promoting strong digital hygiene practices, and building a strong foundation with cybersecurity at its core, is the best way to ensure an organisation adjusts and thrives in an increasingly digital world. Security needs to be everyone’s responsibility.
Building cybersecurity into our foundations, into our technology and our practices and our culture, will ensure that society can innovate at the pace of technology – safely and securely.
Next, look inside our new AWS Builder Studio, showcasing the art of what’s possible.
