The head of cyber security at Fujitsu Australia has a strong piece of advice for any government department or business that finds itself on the wrong end of a data breach: own up.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Laurance Garner said it was better not to hide breaches, and instead be transparent about data risks.
Fujitsu's new secure cloud services centre in Canberra will provide federal and state government departments with classified security services.
The Canberra Times was given a sneak-peek behind the facility's secure doors on Thursday, which has been accredited by the Australian Signals Directorate to carry secret information.
Mr Garner said the cultural inclination for businesses and government to hide security breaches needed to change.
"Transparency, it's hard, it's challenging, but long-term trust will only be built if you are transparent," he said.
"Our culture tells us that when something bad happens, or when there's a failure, that's a bad thing. I think it's only bad when we don't learn from that lesson."
Mr Garner said Australia's highly fragmented data security market often obscured the need for companies to work together. Better security outcomes could be achieved by working in partnership with other companies, he said.
"Unfortunately, because it's so fragmented, we've stopped working together. I think some of the best ways to solve this cyber-security resilience, cyber-security challenge is for us to work better with our competitors and not work against them in that traditional competitive nature.
"I think the security industry has realised that," Mr Garner said.
Canberra-based tech company Vault, which is certified to hold protected government information, last week warned in a submission to a review of encryption legislation that companies were blacklisting Australian data centres over the laws.
Vault's chief executive Rupert Taylor-Price said there was an "exodus of data from Australia" due to the legislation.
Mr Garner said Fujitsu had sought to be as open as possible with clients in New Zealand about the risks associated with the encryption-busting legislation in Australia.
Mr Garner said it was important data security efforts focused on what was actually important to keep protected.
"As the generations have changed, what's important to people has changed. Some people aren't worried about certain information that I suppose our more traditional approaches might be focusing on," he said.
The new cyber resilience centre, which operates from a secure area in Fujitsu's Canberra office, was purpose-built.
Mr Garner said the facility operated on the same physical networks as its Canberra customers, which included government departments, and allowed the company to share threat intelligence quickly.
"We want to keep our security people actually closer to the customers that we serve. There's no point us building capability where our customers need to travel to see. When something goes wrong, you want to be able to go and see the people that are helping you out," he said.
But government clients that outsourced security did not outsource the risk.
"Ultimately, I think they're outsourcing to us because in the end they realise, just as we do, it's not really outsourcing, it's a partnership," Mr Garner said.