As cybercrime surges across the public and private sectors, global tech companies are being challenged to tighten data localisation and data sovereignty capability while supporting the federal government’s vision of making Australia the most cyber-secure nation in the world by 2030.
Achieving this objective requires a profound paradigm shift away from the current culture of self-interest. To do business here, global vendors must prioritise national cyber resilience and economic growth and consider how they can contribute to Australia’s digital future.
While companies like Microsoft often speak about having local data centres, only some of their products and services are hosted within those data centres inside Australia’s borders. This can be confusing for agencies and poses a material risk to data security.
Data localisation is not just about storing data; it’s also about having a fully equipped and isolated infrastructure that protects Australia’s sovereignty. Future-proofing our shores against cyber intrusions requires access to world-class technology while ensuring compliance with current data regulations and privacy laws, and future regulatory changes.
While data localisation focuses on processing data within national borders for regulatory compliance and protection, data sovereignty emphasises a nation’s ownership, access and control over its data.
Regarding responsible data governance, the public and private sectors should work together to establish a robust data ecosystem that ensures integrity and complies with regulations encompassing localisation.
Global tech can thrive under inbound regulation
Global primes must rise to the occasion and embrace inbound regulation that opens up revenue-sharing opportunities and economic development linked to data localisation and sovereign capabilities.
Government initiatives such as the Critical Infrastructure Act set an agenda around cybersecurity as a national priority and provide a framework for best practice. Industry and government standards will continue to evolve as the global threat landscape becomes more complex and breaches more costly. Tech vendors in the Australian market would be wise to respond to this by embedding best practices such as data localisation.
Global technology companies can invest in Australia’s digital future by building secure physical or virtual data centres that meet the highest degree of trust required by the Australian government. Meeting security standards, such as IRAP ‘Protected and above’, and showcasing local Points-of-Presence (PoPs), like the Sydney Amazon Web Services (AWS) PoP or sovereign-owned businesses such as AUCloud, is essential to helping isolate clusters, air gapping locations and ensuring no data escapes Australian shores.
It is imperative to Australia’s strategic priorities that more tech giants follow these accreditations to better support the government in meeting cyber adversarial threats head-on.
The winds of change
Infrastructure and compliance are foundational, but they are not the endgame. The local security industry must undergo a cultural metamorphosis. Vendors must take responsibility for outcomes and support the government and local businesses in building cyber resilience and boosting our security capabilities.
According to the Tech Council of Australia, over 2 per cent of the world’s tech unicorns were founded in Australia despite the nation’s tiny GDP footprint of 1.6 per cent. While global tech companies naturally flock to this leading regional tech hub in APAC, it demands that they respect and improve Australia’s growing data localisation requirements and proactively invest in the nation’s economic interests.
Many vendors have put self-interest and a focus on short-term gains at the expense of long-term security and resilience for far too long.
It is high time the vendor community rises above mere profit motives and recognises its critical role in national security and sovereignty. Vendors must be willing to make genuine investments in local ecosystems and foster a culture that prizes collaboration and shared responsibility. Local supply chains strengthen when global tech vendors partner with local ecosystem partners, support industry development and foster talent within Australia – particularly in the midst of a critical skills crisis.
Global vendors that adhere to data regulations create opportunities for Australian channel companies that are bound by local requirements, through providing access to more world-leading solutions that are accredited for government use. Creating these new revenue streams lays the foundation for local partners to continue to innovate and grow their business, leading to greater industry development, job creation, increased capability and concentrated commercial gain while simultaneously supporting Australia’s security posture.
There must be a nuanced “whole-of-economy approach” to data security, as articulated under the emerging National Data Security Action Plan. There must be more than strong encryption and infrastructure protection to address cybersecurity risks; data localisation is the way forward.
Some have argued that data localisation does not protect data of strategic national importance and also threatens an open and democratised digital economy. This is simply not true. While acknowledging the potential cost of transferring data from an international location to Australian shores, investing in local ecosystems and fostering collaboration can offset these costs and lead to innovation and job creation within Australia.
My message to global players in Australia is clear: Seize the opportunities that data localisation brings and be at the forefront of our nation’s cyber resilience.
Jason Duerden is the A/NZ regional director of Sentinel One
