In recent years, Australia has undergone a significant digital transformation. The transition away from legacy IT infrastructure has encouraged organisations to more proactively manage and assess disruptions to their business.
The Australian government is on the cusp of releasing its cybersecurity strategy, a key milestone on its path to becoming, as Minister for Home Affairs and Cyber Security Clare O’Neil said, “the world’s most cybersecure nation by 2030”.
Australian businesses are choosing cloud because it offers significant operational improvements that also create substantial security benefits.
Moving to the cloud offers businesses of all sizes the opportunity to innovate faster, whilst integrating positive security outcomes into their transition. It is vital that businesses are equipped to navigate a dynamic security environment, without diverting attention from their ability to scale, innovate, and unlock productivity gains.
The support we provide our customers at AWS extends far beyond our infrastructure. We work with them to build best-in-class cybersecurity processes so that they can focus on driving innovation and growth in their business while relying on their cloud providers’ robust security measures. But we also understand that security is more than a technical issue.
Currently, the level of cyber safety literacy amongst the general public, and availability of formal skills training, must be bolstered if Australia is to successfully address the IT skills shortage and drive strong digital and economic growth.
To ensure a more secure future, uplifting cyber safety literacy and formalised skills training must be a focus for Australia.
AWS has trained more than 300,000 people across Australia with cloud skills since 2017; with a goal to train more than 29 million people globally with free cloud skills by 2025.
Through the AWS Cloud Training Guilds, we’ve been able to support our customers including NAB, Telstra, and Kmart to upskill their own workforces.
Industry and government have a shared responsibility to provide pathways to both upskill our IT workforce and drive better knowledge and understanding of first-line cyber safety practices among the general population. This will be particularly critical as we get closer to the release of the 2023-2030 Australian Cyber Security Strategy.
At AWS, security is our top priority. We work in partnership with our cloud customers through a shared responsibility model to provide a foundation of security and resiliency via our infrastructure. At the same time, customers retain the flexibility and control to make decisions that support their business outcome, whilst providing the best security outcomes – whether that be their choice of service, security configuration, or the use of encryption.
Our ongoing customer support takes many forms and is tailored for each of our customers depending on their needs. For many customers, we support by making technical recommendations on how they can manage their systems. There are a range of measures customers can take to improve their cloud security, including:
- Strong encryption: AWS has industry-leading encryption services that give customers a range of options to encrypt data in transit and at rest.
- Automation: Customers can automate simple security processes, which increases efficiency and removes chances of human error, meaning staff can focus on strategic work to grow the business.
- Identity: Strong identity protocols are critical to put in place including multi-factor authentication (MFA) and access keys. As of mid-2022, AWS Identity and Access Management serviced half a billion requests per second. We recently announced enhancements to MFA increasing security by default in mid-2024.
- Network Protection: Maximising application availability and response to ensure your customers can access your digital services. In the first quarter of 2023 we stopped over 1.3 million outbound botnet-driven attacks, ensuring customers applications continue to operate.
Often, we will work with customers to help embed a strong culture of security within their organisation, or ensure they have effective processes in place to address any security issue that arises.
We have teams dedicated to supporting our customers when they most need it, including our Customer Incident Response (CIRT), Shield Response Team (SRT) and Trust and Safety teams. The CIRT provides support to customers during an active security event ‘in’ the cloud, including assistance with triage and recovery; root cause analysis, and providing security tips and best practices to help you avoid security events in the future.
Our Shield Response Team support customers undergoing DDoS and other web-based application attacks ensuring they are guided rapidly through implementing mitigations so their business can continue to operate. The Trust and Safety team are there to help when you suspect AWS resources are being used for abusive or illegal purposes, such as spam, intrusion attempts, or malware distribution.
While cybersecurity can seem like an insurmountable challenge, we believe this perception can and must shift, and we’re committed to helping our customers achieve success.
Supporting our customers is our number one focus, and addressing the broader cybersecurity skills gap is crucial. We believe that having a cybersecurity-literate workforce and broader society is important in reducing risks and driving future economic development.
That is why many of our skills-building and training courses are open to the public and are targeted to support diversity, equity, and inclusion initiatives, to ensure diverse communities and skill sets are empowered to upskill in the tech sector.
Through AWS Training and Certification, we offer a wide range of digital courses, self-paced labs, game-based learning, and an AWS Certified Security – Specialty certification to build security skills and knowledge across IT and security teams.
For example, Security Onramp is a free, in person, security health-check workshop for IT professionals where participants are taught how to align with security best practice, including how to create a culture of security within your organisation, and how to build a healthy security posture for your business.
Our Skills Builder program has over 600 courses available to both customers and members of the general public.
We also work with programs including Grok Academy, Tech Girls Movement Foundation, and Cyber Live Challenge, to support underrepresented groups across all education levels to ensure they are captured in efforts to build a pipeline of cyber talent.
Our collaboration with the University of NSW’s (UNSW) CyberSECurity Education Network (SECedu) teaches students both professional and practical cybersecurity skills, helping to build pathways into employment. Students have the opportunity to undertake real-world cloud security challenges and produce solutions using AWS services, while being guided by experienced AWS mentors.
We believe strong collaboration between industry, business, and government is the key to delivering the technology skills Australia needs to foster in a more secure future. Everyone from skilled IT workers to everyday Australians must have access to training to develop the skills and knowledge they need to meet the cybersecurity challenges of the digital economy and protect their online safety.
Building a thriving, resilient, and secure digital ecosystem is one of Australia’s most pressing societal and economic challenges. We can all rise to that challenge.
However, this is not the sole responsibility of government. We believe that larger companies should play their part to improve security across the digital ecosystem, and we welcome opportunities to collaborate across industry, with academia and educators, and with government.
AWS is committed to supporting our customers, large and small, with their security. We understand the complexity our customers are facing, and we’re determined to simplify cybersecurity to make it achievable, accessible, and scalable, ultimately enhancing the confidence of Australian businesses to create a more secure future for themselves now, and in the future.
By Louise Stigwood, Amazon Web Services Director of Enterprise, ANZ