Published on the 06/03/2018 | Written by Jonathan Cotton
With last month’s rollout of new data breach disclosure laws coming into effect, Australian industry takes a fresh look at its security status - and liability...
“It’s going to be a major year of compliance for many Australian businesses” says Chad Gates, managing director, Pronto Software.
“It’s not just the mandatory data breach legislation that came into play on the 22 February, but all the other compliance regimes that are having an impact too. Businesses now have to comply with single touch payroll requirements for their staff – there are a lot of security caveats around that – and there’s the general data protection regulation of the GDPR in the EU which will come in globally in April.”
“There are a whole lot of reasons for Australian businesses to be focusing more heavily on security and compliance right now.”
Indeed there is. The new data breach notification laws alone impose mandatory investigation and notification requirements on most businesses with an annual turnover greater than AU$3 million – not to mention fines as high as AU$2.1 million for those found wanting.
To that end Pronto has recently formed a commercial co-development partnership and investment with cyber security startup Forticode, looking to embedded Forticode tech – a “highly secure yet simplified smartphone-based authentication” system – into Pronto’s product stack, as well as the company’s internal systems.
“Our intent is to use Forticode to provide a secure authentication layer across all levels of product that we produce,” says Gates, “but we’re also looking to build future use cases around the technology – things that we haven’t even thought of yet.”
The moment certainly seems right, as high-profile security failures continue to make headlines and regulators rush to respond.
“If you look at the amount of breaches going on, it would certainly seem – to the casual observer at least – that things are a lot…busier,” says Gates. “We’re hearing about this stuff a lot more often so I think it’s just a natural progression for legislators to react to that.”
“It’s a constant running race to outrun the bad guys. I think industry has been running pretty hard and I think in some ways the government is still catching up.”
Which is all well and good, but surely end-users have a part to play as well.
Therein lies the problem it seems. How do companies – and the developers who create applications for them – overcome the “convenience hurdle”? Just how do you get people to use the security protocols available to them?
Gates says it’s all about reducing barriers to high security environment.
“One of the trickiest parts of authentication is that it too often puts massive, painful barriers in front of the user. Authentication generally becomes the enemy of user convenience.”
That, says Gates, is a constant challenge, across the board.
“We’re living in a much more convenience-based world. We have shorter attention spans and we demand instant gratification, so it has to be about putting security technology in the hands of end users, making them feel like they’ve got control, and allowing them too apply those credentials easily and seamlessly to the touch points that they use in the digital world.”