As cybercrime surges across the public and private sectors, global tech companies are being challenged to tighten data localisation and data sovereignty capability while supporting the federal government’s vision of making Australia the most cyber-secure nation in the world by 2030.
Achieving this objective requires a profound paradigm shift away from the current culture of self-interest. To do business here, global vendors must prioritise national cyber resilience and economic growth and consider how they can contribute to Australia’s digital future.
While companies like Microsoft often speak about having local data centres, only some of their products and services are hosted within those data centres inside Australia’s borders. This can be confusing for agencies and poses a material risk to data security.
Data localisation is not just about storing data; it’s also about having a fully equipped and isolated infrastructure that protects Australia’s sovereignty. Future-proofing our shores against cyber intrusions requires access to world-class technology while ensuring compliance with current data regulations and privacy laws, and future regulatory changes.
While data localisation focuses on processing data within national borders for regulatory compliance and protection, data sovereignty emphasises a nation’s ownership, access and control over its data.
Regarding responsible data governance, the public and private sectors should work together to establish a robust data ecosystem that ensures integrity and complies with regulations encompassing localisation.
Global tech can thrive under inbound regulation
Global primes must rise to the occasion and embrace inbound regulation that opens up revenue-sharing opportunities and economic development linked to data localisation and sovereign capabilities.
Government initiatives such as the Critical Infrastructure Act set an agenda around cybersecurity as a national priority and provide a framework for best practice. Industry and government standards will continue to evolve as the global threat landscape becomes more complex and breaches more costly. Tech vendors in the Australian market would be wise to respond to this by embedding best practices such as data localisation.
Global technology companies can invest in Australia’s digital future by building secure physical or virtual data centres that meet the highest degree of trust required by the Australian government. Meeting security standards, such as IRAP ‘Protected and above’, and showcasing local Points-of-Presence (PoPs), like the Sydney Amazon Web Services (AWS) PoP or sovereign-owned businesses such as AUCloud, is essential to helping isolate clusters, air gapping locations and ensuring no data escapes Australian shores.
It is imperative to Australia’s strategic priorities that more tech giants follow these accreditations to better support the government in meeting cyber adversarial threats head-on.
The winds of change
Infrastructure and compliance are foundational, but they are not the endgame. The local security industry must undergo a cultural metamorphosis. Vendors must take responsibility for outcomes and support the government and local businesses in building cyber resilience and boosting our security capabilities.
According to the Tech Council of Australia, over 2 per cent of the world’s tech unicorns were founded in Australia despite the nation’s tiny GDP footprint of 1.6 per cent. While global tech companies naturally flock to this leading regional tech hub in APAC, it demands that they respect and improve Australia’s growing data localisation requirements and proactively invest in the nation’s economic interests.
Many vendors have put self-interest and a focus on short-term gains at the expense of long-term security and resilience for far too long.
It is high time the vendor community rises above mere profit motives and recognises its critical role in national security and sovereignty. Vendors must be willing to make genuine investments in local ecosystems and foster a culture that prizes collaboration and shared responsibility. Local supply chains strengthen when global tech vendors partner with local ecosystem partners, support industry development and foster talent within Australia – particularly in the midst of a critical skills crisis.
Global vendors that adhere to data regulations create opportunities for Australian channel companies that are bound by local requirements, through providing access to more world-leading solutions that are accredited for government use. Creating these new revenue streams lays the foundation for local partners to continue to innovate and grow their business, leading to greater industry development, job creation, increased capability and concentrated commercial gain while simultaneously supporting Australia’s security posture.
There must be a nuanced “whole-of-economy approach” to data security, as articulated under the emerging National Data Security Action Plan. There must be more than strong encryption and infrastructure protection to address cybersecurity risks; data localisation is the way forward.
Some have argued that data localisation does not protect data of strategic national importance and also threatens an open and democratised digital economy. This is simply not true. While acknowledging the potential cost of transferring data from an international location to Australian shores, investing in local ecosystems and fostering collaboration can offset these costs and lead to innovation and job creation within Australia.
My message to global players in Australia is clear: Seize the opportunities that data localisation brings and be at the forefront of our nation’s cyber resilience.
Jason Duerden is the A/NZ regional director of Sentinel One
Do you know more? Contact James Riley via Email.
I for one actually support the federal government’s vision of making Australia the most cyber-secure nation in the world by 2030. It’s very achievable! So long as we are clear about the problem to be solved.
In Lockstep’s research and analysis, we see most cybersecurity problems boiling down to faulty data quality. All fraud and digital crime is fundamentally enabled by flawed data escaping the attention of victims. At various levels, e-commerce customers and providers, Internet users, and digital citizens at large need better tools for telling if data is fit for purpose (different strokes for different folks — fitness can relate to accuracy, or originality, or testing, or compliance, or consent …).
Generalising, we need means to tell the *properties* that matter about data to determine itsquality.
Now, truly transformational technologies and infostructure systems are not only accessible to solve the data quality challenge, but they are proven already in consumer retail payments. I’m talking about digital wallets, mobile cryptographic technology, verifiable credentials, and data signing.
Lockstep submitted more detail about this to the public consultation on the Cybersecurity Strategy 2023. I expect our submission will be published soon. Meanwhile, here’s a little extract:
OUR RESPONSES TO SELECTED STRATEGY DISCUSSION PAPER QUESTIONS
Question 1. What ideas would you like to see included in the Strategy to make Australia the most cyber secure nation in the world by 2030?
– Reliable pedigreed data is as important as clean drinking water and stable electricity.
– A cyber secure nation would have nation-wide infostructure to distribute digestible data and quality-related metadata, such as proof of origin, proof of possession, intended use, and terms & conditions for use.
– Governments should continue the transformation to digital wallets in citizen service delivery but must appreciate that wallets and verifiable credentials do not work at scale without underpinning infostructure that makes the meaning of all data machine-readable, clear, and dependable. …
REFERENCE: Lockstep Submission – Australian Cyber Security Strategy 2023-2030 230415