Story image

Interview: Aura Information Security explores Cybersecurity-as-a-Service

28 Nov 2017

In June, Michael Warnock became Country Manager for Aura Information Security, a subsidiary of mission-critical technology solutions provider, Kordia. Since then, he has been working to build awareness of the processes needed to change how Australian companies approach cybersecurity.

“Our focus is not necessarily led by technology. I think that the market has moved past ‘the latest and greatest widget or piece of software.’ Aura’s focus is on leading with an advisory and assurance framework. The technology piece has to be done right, but too many organisations look at technology as a silver bullet. If your people and processes aren’t right, technology won't deliver the required outcome. We are striving to be the trusted advisory partner in the world of cybersecurity. That means providing outcomes.”

In Australia, Aura is spearheading its cybersecurity offering through its partnership with RedShield — integrating RedShield's innovative “security at your service” driven approach.

Robin Block sat down with Michael to understand how this approach differentiates Aura Information Security in the Australian market, and gain insight into how changes in the industry are providing both challenges and opportunities.     

Do you think the demands for cybersecurity are changing — what are you offering the market and how are you expanding?

Michael: CFOs and CEOs are getting increasingly involved in security decisions — they don’t want their organisation to be the next to feature on the front pages because of a breach. This is particularly relevant with the new mandatory reporting regulations that will come into effect at the end of February. We are building a specific ‘gap-plan’ and ‘get-well-plan’ to enable companies, and also government departments, to prepare for this change.

My role is to grow a team that can fulfil our expansion through direct and indirect channels. One focus will be government. However, there is a massive untapped opportunity in mid-market organisations that are looking for cyber assurance and cyber technology capabilities.

We see cybersecurity as a high growth area, and on the back of significant growth in New Zealand believed the time was right for Aura to enter what we see as an under-serviced market here in Australia.

We are specifically focusing on the mid-market because they need partners. Customers in this space tell us they simply don’t have the ability or resource to attract and retain specialist staff. For this reason, we are offering security as a service — allowing mid-market organisations to build a robust security posture without the challenge of hiring and retaining cybersecurity talent. Our goal is to build a brand around providing a strong framework of advisory and assurance.

Do you think there is a talent shortage in cybersecurity — have you had difficulty building your team?

Michael: Recruitment is always a challenge because you are dealing with an unknown. Globally, there is a shortage of cybersecurity professionals – and that’s certainly the case here in Australia too.

However, I believe that some of that reality is caused by inefficiencies in the allocation of existing resources. Companies tend to duplicate cyber capabilities, and most talent is drawn to high-end organisations. The mid-market often gets left out of that equation. Because of this, the mid-market has become easier prey for cyber-criminals who see it as a much softer target than banks or government.

We are providing a solution to both the mid-market's immediate problem, and a framework to address the entire market’s supply problem by consolidating talented individuals in one place and providing solutions to a large number of organisations.

It is also important to look beyond technically trained professionals at a wider range of talent clustered around analytical thinking. I am a firm believer that people buy from people.

They buy an outcome, but they buy that outcome because they trust the person sitting across from them. My goal is to build a team of sales professionals, work closely with customers to identify problems, and build a framework for expansion. We can use people with technical cyber training to do that, but we are also looking to train tenacious and talented people from a range of backgrounds to assist in our expansion.   

What is in the future for Aura in Australia and cybersecurity?

Michael: In addition to what we’re already offering in the areas of consulting services,  penetration testing and web-application shielding, we will soon unveil into market a particular offering focused on mandatory data breach notification.

We are also bringing to life a Virtual Security Officer (VSO) offering to which organisations can subscribe and bring experience and expertise into their business on an as-needed basis. We will anchor those products and services and be in market by the end of the year.

We want to be able to go work with the market to understand the specific problems afflicting different companies and build a framework that can deliver outcomes from an advisory, policy and procedural point of view. We aim to differentiate ourselves through a focus on the non-technical aspects of cyber, and the provision of that framework as a service.

In the longer term, it is important to increase the number of people in the industry – and to do this we need to foster up-and-coming cybersecurity talent. In New Zealand, we have recently signed a scholarship agreement with a large university and we are looking to set up something similar in Australia in due course.

We want to be the go-to partner for cyber advice — particularly in the Australian mid-market. We have a proud history of doing that in New Zealand already and have been a trusted partner to a wide range of organisations across many industries for more than 10 years.

I believe there is demand for this outcome. Companies have dealt with other providers and still not achieved what they want. They are looking for somebody new — we want to be that partner.

Article by Robin Block.

Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.