Main
Log in

Infrastructure

Conclusion: Telecommunications services and the supporting infrastructure have historically been complex, costly and difficult to change. The modern technology landscape now allows for greater flexibility in the design of networks, and the telecommunications services of voice, video and data they deliver.

The use of software defined networking (SDN), Cloud-based standard operating environments (SOE) with unified communications (UC) and Cloud-based call centre solutions are now mature, secure and commonplace in the market.

These changes with the significantly reduced cost of physical connectivity (lines and links), which are now viewed as a commodity, enable the telecommunications landscape to be agile to each organisation’s business needs and delivered at greatly reduced costs.

Conclusion: The Agency Head/CEO is responsible to accredit the ICT system for use at the PROTECTED level. The accreditation process is specific to the services being delivered for the organisation. The Australian Signals Directorate (ASD) certification process is a generic process that assesses the Cloud Service Provider’s (CSP) level of security only.

The Agency Head/CEO remains responsible as the Accreditation Authority (AA) to accredit the security readiness for the services to be delivered for their organisation. In practice the CIO/CISO will lead the accreditation process on behalf of the CEO.

ASD’s role as the Certifying Authority (CA) for PROTECTED Cloud services provides the agency/organisation using the CSP with independent assurance that the services offered meet government Information Security Registered Assessors Program (IRAP) requirements and vulnerability assessment requirements at the PROTECTED level. The certification process provides a consistent approach to the cyber risk assessment of the CSP’s environment only. The PROTECTED Cloud certification does not cover security assessment related to the design and maintenance of the customers’ services and/or software to be run on the PROTECTED Cloud platform.

The adoption of a PROTECTED Cloud solution will still require a regular review of the security posture. ASD will conduct regular reviews of their processes as the certifying authority (CA), and the Agency Head/CEO will be required to regularly review the accreditation of the service as a whole.

Conclusion: What to monitor and how you respond to the data is often poorly documented and not fully understood until after a failure occurs. In this world of “no surprises”, effective monitoring is a key success factor. If an organisation’s ICT monitoring strategy is to be successful it must be structured around the organisation’s business outcomes. The monitoring strategy framework is achieved through the alignment of the organisation’s critical-business functions, the ICT high-level design, the ICT architecture and the priorities set out in the organisation’s disaster recovery plan (DRP) as the primary influencing factors.
Key to an effective DRP is a clear understanding of the system architecture and design, with sound knowledge of the risks and weaknesses it brings in support of critical business functions. When the ICT monitoring strategy is based on this framework it will deliver a near real-time health status of the organisation’s ICT environment, allow for planning future capacity, and in the investigation of incidents when they occur. An effective monitoring strategy will be business-focused and not monitoring for monitoring’s sake.

Conclusion: Cloud offerings are now commercially available, allowing CIOs to engage the technology offerings with a high degree of trust that the service is secure and responsive at reduced cost to in-house solutions.

CEOs have an obligation to ensure their organisation’s IT systems are cost-effective and meet the security accreditation defined by government (or their Board). PROTECTED Cloud services can reduce cost of operations and meet many of the CEO’s obligations for accreditation (and review) of services, and therefore better manage risk, to meet government and best practice commercial security requirements.

All PROTECTED Cloud data centres certified by ASD are physically located in Australia. Depending on your needs, they all meet Australian Government data sovereignty requirements and offer low latency and in-country technical support teams to assist clients. Provision of PROTECTED Cloud services allows the CIO to restructure IT, moving to a more agile and potentially lower cost option to provide the appropriate security approach.

Conclusion: BYOD strategies need to be updated regularly to keep pace with the evolving nature of not just the devices themselves but also the increasing challenges and complexity to stay secure; all this needs to occur while offering increasingly flexible services to a 24/7 mobile workforce operating on-premises and offline. It is valuable to engage key stakeholders within the organisation’s leadership team, employee champions and also industry peers to ensure the BYOD strategies are as relevant and acceptable as initially reported in an earlier IBRS article in 20081 when personal electronic devices (PED) were being introduced into corporate networks.

Conclusion: Managing large IT environments and provisioning IT services within an organisation is complex and complexity will always exist. However, not all complexity is “bad”. “Good” complexity is the complexity required to simplify, to reduce costs, create value, improve security and improve overall operations and results.

Focus needs to always be maintained on reducing “bad” complexity. “Bad” complexity is the complexity that makes it difficult to do things, difficult to secure, difficult to manage, difficult to innovate, or difficult to adapt to changes in the organisation. “Bad” complexity comes with high costs, including hidden costs in lost employee productivity and morale, potentially loss of new business opportunities, or higher staffing costs due to the limited availability of the skills needed.

Organisations need to maintain a mindset of constantly managing initiatives to drive towards simplification in their IT portfolio, understanding that achieving this will involve sophisticated and often complex planning and the successful execution of those plans.

Conclusion: Technologists consistently under-estimate the growth of data volumes. The result is tactical actions aimed at increasing capacity achieved by adding storage on-premise using traditional bulk storage solutions or moving technical workloads, such as back-up or disaster recovery, to Cloud-based Storage-as-a-Service offerings. This reflects a decades-old mantra of “disk is cheap, buy more disk”.

When the lack of predictability of data volume growth is combined with the need to capture then distribute data from new sources as well as control the hidden cost of data movement across networks, these tactical responses fail to deliver transformational value to end users.

To deliver effective and efficient data storage solutions, IT infrastructure architects must collaborate with their information and data management colleagues to identify the demographics of data being managed1; they must then select storage solutions that optimise data capture, storage, distribution and access based on these characteristics, not simply by volume.

Conclusion: Preparing the modern business for Cloud requires a common computing and networking infrastructure with new Cloud architectures converging with data centres over a hybrid of both direct Cloud connections and traditional wide area networking.

Organisations must begin by conducting a “triage” of their applications into three networking categories: those in pure public Cloud deployment; a hybrid of public and private (“on-premises”) computing; and those that will never go to Cloud (such as legacy apps, or for regulatory or security requirements).

At Cloud-scale the network becomes a fabric that facilitates software-defined technologies1 (compute virtualisation, SD Storage, SD Networking and SD Security). Software-defined networking (SDN) abstracts network functions so that existing switches, routers and appliances can be made programmable to enhance their functions and reduce costs.

Eventually business IT processing will be delivered by SD Everything as all fundamental IT functions coalesce.

From today, businesses should be placing new emphasis on the “management” of their networking as both “virtual” and physical networks and plan to drastically reduce manual configuration and operation of networked IT as indicated below.

Conclusion: IBRS’ finding is that prominent Cloud marketplaces (CMPs) such as AWS Marketplace1, Microsoft Azure2, Google Cloud Platform3 and IBM Bluemix4 are gaining traction as alternatives to conventional enterprise ICT infrastructure and services sourcing.

Given the state of maturity of these marketplaces, they are currently only useful for quickly and conveniently locating and obtaining ICT infrastructure and microservices for use in low-risk small scale pilots or trials.

As wider take-up is underway with larger applications being adopted through AWS and Azure organisations should begin to prepare for a shift in the viability of enterprise-level solutions.

Our caution is that CMPs will not have profound impacts on enterprise ICT provision until both the IT and Procurement organisations within a business become satisfied that this approach has validity, value and is auditable5 and manageable.

Conclusion: Investment attraction is the main business driver of local government Smart City projects and planning, followed by automation and internal productivity improvement.

Trophy Smart City projects based on entirely new cities are rare, but new towns, city centres, technology parks, recreation precincts and showcase suburbs are common and benefit from the same principles.

Every existing municipal service should be reviewed as a candidate for support and improvement using digital techniques.

Current and emerging technologies can routinely deliver Smart City services such as smart waste management, parking, transport, street lighting and facilitating community formation. Imagination is initially the resource in shortest supply.

The Mayor’s support for Smart City projects and programs is essential (because of their novelty and the political courage required) in any region of the world. Always.

In the News

Busting The Three Big Cloud Myths - WHICH-50 - 11 June 2019

Organisations that are resisting the shift to cloud computing are often basing their decisions on common misconceptions around security, price and integration. That’s a key finding in a recent...
Read More...

ANZ business users calling the shots in ICT decisions

Conducted by Australia’s Intelligent Business Research Services (IBRS) and commissioned by TechnologyOne, the survey of 261 business leaders in ANZ has shown that business functions are having more...
Read More...

Managed security: a big gamble for Aussie IT providers - CRN - 02 August 2018

TechSci Research estimates the Australian managed security services (MSS) market will grow at a CAGR of more than 15 percent from 2018-23 as a result of the increased uptake of cloud computing and...
Read More...

Kids, Education and The Future of Work with Dr Joseph Sweeney - Potential Psychology - 25 July 2018

What is the future of work and how do we prepare our kids for it? Are schools and universities setting kids up for future success? Does technology in the classroom improve outcomes for kids? Should...
Read More...

PageUp starts rebuilding and looks to learn lessons after data breach nightmare - AFR - 27 June 2018

The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected...
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap

Already a subscriber?

Login to read your premium content.

        Forgot your password?
Recently Viewed Articles
Related Articles