Safeguarding Australia's global resiliency

We’ve seen the enormous impact that IT outages can have not just on businesses, but also on critical infrastructure across Australia. With increased dependence on cloud services across sectors including health care, finance, emergency services and government, resiliency in the face of outage crises needs to top the list of concerns.

We’re witnessing a trend towards increased cloud adoption across Australian organisations, fuelled by the desire to modernise IT infrastructure. Research from Gartner suggests that public cloud spend in Australia will reach an estimated $23.2 billion this year, and that over 70% of enterprises will use industry cloud platforms by 2027 — a dramatic increase from the less than 15% in 2023.

But the benefits come with significant challenges.

The recent major outages, global and domestic, served as a much-needed wake-up call. The unprecedented global IT outage in July caused by CrowdStrike’s software update springs to mind. The dependency businesses had to a single tenant served as a much-needed wake-up call, with the outage impacting millions of individuals across the world as access to services like education, banking and shopping for groceries was halted.

CIOs are now being tasked with detailed preparations for the next major disruption. At the same time, governments worldwide are also evaluating ways to reduce the potential collateral impact of these outages on essential public services, with a keen focus on critical infrastructure such as communications and utilities.

As these industries increasingly rely on cloud-based solutions for data storage, real-time operations and connectivity, any downtime can lead to a cascade of issues. Imagine a hospital losing access to patient records and diagnostic tools, banks facing transaction delays affecting millions of customers, transportation networks battling operational bottlenecks resulting in widespread commuter delays, or energy providers unable to manage and monitor grids, potentially impacting entire communities.

According to Gartner, 88% of organisations have established digital resilience strategies. However, increasing instances of outages continue to impact organisations, suggesting that digital resiliency strategies need to be kicked up a notch.

From the perspective of maintaining trust, these outages drive customers towards competitors, adding another layer of loss to the total impact. The goal is to prevent service disruptions as well as maintain public trust. To do so requires an approach that is multifaceted.

Earlier this year, the government introduced the Security of Critical Infrastructure and Other Legislation Amendment to implement measures proposed by the 2023–2030 Australian Cyber Security Strategy, noting specifically the need to “expand the government assistance framework to facilitate the management of consequences of impacts of incidents on critical infrastructure assets”, among other things.

We’re heading in the right direction; however, the solution is not an easy one, nor is it a one-size-fits-all. It will require continued and dedicated collaboration between public and private sectors to share intelligence and develop coordinated responses to cyber threats or outages. Governments must engage in partnerships with multiple cloud providers to improve visibility and reduce dependency. Not only will this coordination enhance the government’s ability to mitigate risks, it will also create a culture of cross-sector information sharing, which is vital to strengthening resiliency.

As is so often the case with matters of IT and cybersecurity, education is key. This education requires a two-pronged approach: educating government and industry leaders on the importance of global resilience, and educating organisations on a more granular level to ensure every single organisation, regardless of sector, has access to the tools and resources needed to fortify defences against outages and cyber attacks.

Prioritising global resiliency

Referring to an organisation’s ability to withstand, adapt to and recover from global infrastructure failures and cyber attacks, global resiliency requires developing strategies, capabilities and infrastructure to prevent, detect, respond to and recover from global outages.

One of the most important factors is maintaining robust infrastructure, ensuring that IT systems and networks are flexible, scalable and capable of handling unexpected loads and, importantly, failures. Implementing a multi-cloud strategy avoids reliance on a single provider, while also allowing companies to maximise the value offered.

It comes as no surprise that maintaining the most effective and efficient cybersecurity practices is non-negotiable. Strong security measures must be implemented to protect against cyber threats while ensuring data integrity and availability, without introducing single points of failure — where if one part fails, the entire system will fail. It’s important to be aware that many cloud-based cybersecurity SaaS solutions are architecturally single points of failure.

Processes must be adaptable to increase global resiliency. Organisations need to develop flexible operational workflows that can swiftly adjust to changes in the environment, market conditions or technology. This creates the necessary ability to pivot quickly in the face of new challenges.

The global resiliency silver bullets

There are three essential steps to design applications for maximum resiliency.

First, categorise applications into four specific tiers. Mission-critical applications should be globally resilient, ensuring they remain operational under any circumstances. Business-critical applications would benefit from global resiliency to help reduce disruptions, although it could be considered optional. Business-operational applications are those that need to maintain consistent operations but do not require global resilience. Lastly, administrative applications support business functions but are non-essential for immediate continuity.

The second step is to choose the right design strategies for each part of an application to keep it running smoothly. For important or business-critical needs, organisations might use a mix of locations; for example, having the customer-facing parts of the application in the cloud, while keeping the core systems on their own servers for better control and reliability.

Alternatively, consider a partitioned hybrid set-up, which combines public cloud with on-premises resources. This arrangement keeps both parts active at the same time, so if one location encounters a problem, the other is able to keep things running smoothly. For mission-critical applications, a partitioned hybrid model is often ideal.

In other set-ups, like an ‘analytics hybrid’, the cloud is used for complex data analysis, while essential tasks stay on-premises. In some cases, an ‘edge hybrid’ approach, where important, time-sensitive work is handled locally while less urgent tasks are sent to the cloud or on-premises systems, may be the best option.

As a final step, organisations should adjust their resilience strategies based on the importance of each application type. By creating a flexible design plan for each group, they can make it easier and faster to set up both new and existing applications, helping to meet business goals and ensure smooth operations.

Ensuring the right toolset

Achieving global resiliency hinges on ensuring high availability, scalability and robust security for applications.

Application delivery controllers (ADCs) should play a leading role in a global resiliency strategy. ADCs optimise traffic distribution and scale applications across data centres, clouds and hybrid environments, laying the foundation for both availability and performance during a crisis.

Cybersecurity is equally important, with tools like web application firewalls, application programming interface (API) security and denial-of-service (DoS) protection safeguarding applications against cyber threats. These measures help maintain continuity, even in the face of potential attacks.

Cloud and hybrid deployments also contribute to resilience by enhancing flexibility and allowing quick adaptation to disruptions. Multi-cloud networking and hybrid configurations support seamless operations and offer multiple pathways to respond effectively to unforeseen events.

Automation and orchestration are essential for streamlining application delivery and security, reducing the risk of errors and minimising response times. This automation significantly strengthens resilience by enabling faster, more consistent management of applications.

Finally, visibility and analytics provide real-time monitoring, enabling proactive responses to performance issues and security threats. This continuous insight ensures that organisations can address challenges before they escalate.

Our reliance on cloud is only going to increase and the environment in which clouds operate is only going to increase in sophistication. Government agencies have an opportunity to tackle this growing complexity and set a strong example. Dependable systems are built atop a network of independent players, working together to fortify against points of failure.

*Jason Baden is Regional Vice President A/NZ for multi-cloud application services and security company F5.

Image credit: iStock.com/Parradee Kietsirikul