- Solutions
Our solutions
Digital solutions combining strategy, technology, automation and people.
Technology advisory
Navigate the fast-changing world
Cloud engineering
Transformational change at scale and speed
Data solutions
Realise the untapped potential of data
AI and machine learning
Leverage your data assets
Application engineering
Optimise and grow your digital investment
Maintenance and support
End-to-end application management
Business process solutions
Manage business processes to reduce operating costs
Quality solutions
Independent testing for your systems and software
Digital experience platforms
Redesign your digital assets for the optimal customer experience
- Industries
Industries
We provide solutions tailored to your sector to assist you in identifying opportunities, realising value and opening up new markets.
Financial services
Insurance, risk management, banks, and fintech
Healthcare
Patient empowerment, lifesciences, and pharma
Retail
Functional and emotional customer experiences online and in-store
Travel
Airlines, online travel giants, niche disruptors
Media and publishing
Content consumption for the tech-driven audience
Hi-tech and IOT
Real-time information and operational agility and flexibility to respond to market changes
Logistics and supply chain
Reimagine a supply chain that is more flexible and resilient to change
Education
Create an exciting and engaging digital experience for students and departments
- Our thinking
Our thinking
The latest updates to help future-focused organisations on the issues that matter most in business.
News
Keep up to date with company news and announcements at NashTech
Digital Leadership Report
Explore insights from the latest world's largest and longest-running study on technology leadership
Insights
The latest expertise and thought leadership from the NashTech and our clients
Resources
Expert guidance on everything from complex technological issues to current trends
- Case studies
- About us
About us
Find out what makes us who we are
Leadership
The diverse leadership team at NashTech
Nash Squared
A global professional services organisation with three key areas of focus
Vietnam 360°
Experience a 360 degree all-encompassing virtual tour of NashTech’s Vietnam offices
ESG
Discover our environmental, social and governance commitments
Diversity, equality and inclusion
Making diversity, equality and inclusion an integral part of our culture
Our locations
Discover our network of global offices, centres of excellence and innovation
- English
Why application modernisation is the key to improving organisational security in Australia
High-profile cyber-attacks, such as the Optus hack[1] and the Medibank health fund breach that exposed millions of customer records and led to demands for million-dollar ransom payments[2], demonstrate the real security risks Australian organisations are facing. It shows why the constant, rapid evolution of cybercrime techniques and growing volume of attacks have put organisations on high alert that strengthening security through modernising applications is an urgent task confronting IT leaders.
Legacy apps were typically not designed to use data effectively and report security issues, meaning the consolidation of data around security and the ability to interpret it doesn’t always exist in a useful way in legacy apps. It’s why accumulating technical debt imposes real security risks and burdens on organisations, according to Gartner’s 2021 report, Building a Successful Business Case for an Application Modernization Program.[3]
Legacy applications that have outlived their reliable lifespan pose serious security risks in the hyper-connected landscape where the sophistication of cyber-attacks is growing in line with advances in technology. Most older apps were originally built to be in secure, closed networks, where security considerations only needed to extend to that environment. If a security incident occurs, system logs may be in place but not set up to trigger security alerts or flags because this capability wasn’t needed and not built into the app.
Malicious actors can target networks running legacy software and routinely scan for vulnerabilities, according to the Australian Cyber Security Centre’s 2022 report.[4] However, older applications that have little or no proper documentation or a patchwork of spaghetti code from years of add-on updates pose challenges when looking to modernise.
In some cases, organisations can face a lack of developer support, leaving their older applications on technical life support and their organisation vulnerable to code exploitation and other attacks. Who’s to know the security implications of binding old and new code together until it’s too late?
Lifting the security posture through application modernisation in Australia
The recent examples in Australia with Medibank and Optus demonstrate the profoundly damaging impacts of cyber attacks. Every day, organisations large and small are needing to defend themselves from a myriad of threats and attempted attacks.
The problem with legacy applications relying on code stitched together through different iterations is that organisations can’t easily respond to the evolving threat landscape. To protect themselves, organisations need to be on a defensive footing, with resilience as the foundation of their systems, and identify, defend and remediate security breaches on all fronts. As their security perimeters are changing, with increasing digitalisation, cloud-based functionality and the explosion in remote working and end-point devices, the blanket of security needs to be more robust.
In this climate, the process of responding to attacks is paramount, and it’s no surprise application modernisation is expected to be one of the top ten IT projects across the Asia-Pacific region, which includes organisations in Australia, according to IDC’s 2022 FutureScape report. In their modernisation efforts, organisations must adopt a security-first approach across their operations, with the aim of delivering numerous benefits, such as strengthening data security, tightening regulatory compliance and ensuring there’s a uniform platform to deliver updates to keep up with evolving threats. The goal is to adopt a security architecture that enables them to address security events in a timely, responsive way.
However, the squeeze on IT talent across the country, the changing threat landscape and the accelerated push for digital transformation pose significant challenges for organisations. Even so, they can’t overlook the importance of strengthening security within application modernisation initiatives. It underscores why security, together with agility, productivity gains and IT cost savings, will be the key drivers for some 80% of organisations choosing to modernise their applications by 2025, IDC predicts.
Why organisations must plug security vulnerabilities in legacy applications
Today there are security considerations that didn’t exist when applications in limited frameworks were developed. Security flaws and weaknesses can emerge over the working life of applications and become particularly vulnerable when apps reach the limits of viable upgrades. Patches and updates can only move applications so far down the path of staying functional and secure.
Older, retired applications may also pose unforeseen security risks from not being properly decommissioned. For instance, if whole strings of components aren’t fully decommissioned, such as a database that’s associated with an application, it can create vulnerabilities that attackers can exploit. With distributed systems and technology, organisations are relying on external elements they don’t necessarily have control over and it’s creating new vulnerabilities and the urgent need to lift security protections.
Australia must keep pace with technological innovation to underpin future economic prosperity, yet security concerns, legacy systems and lack of skills are some of the major barriers, according to the Government’s Productivity Inquiry interim report in August 2022. Recent events in Australian show that organisations can’t afford to allow legacy systems to leave them vulnerable to security weaknesses while holding back digital innovation and productivity gains.
To support them in addressing these challenges, organisations should look to engage an experienced, reliable service provider like NashTech and benefit from the end-to-end expertise and capability in modernising applications and lift their security posture. Furthermore, as security is strengthened, it also becomes a shared responsibility between the business and the application service provider.
References
[1] https://www.theguardian.com/business/2022/oct/01/optus-data-hack-australians-scramble-to-change-passports-and-driver-licences-after-telco-data-debacle
[2] Hackers claim they demanded $15 million ransom as more Medibank customer data posted to dark web – ABC News.pdf
https://www.abc.net.au/news/2022-11-10/medibank-data-breach-latest/101637160
Australia’s Medibank says data of 4 mln customers accessed by hacker Reuters.pdf
https://www.reuters.com/business/healthcare-pharmaceuticals/australian-health-insurer-medibank-says-all-customers-personal-data-compromised-2022-10-25/
[3] https://www.gartner.com/en/documents/4001945
[4] https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022
Suggested articles
From rising above adversity to riding the wave of digital transformation in the education sector
Explore how NashTech help Trinity College London ride the wave of digital transformation in the education sector
Migrating and modernising the virtual learning environment to AWS for an enhanced experience
The migrated and modernised Moodle infrastructure means that The Open University can now take advantage of cloud benefits.
A glimpse into a year-long RPA journey with a leading digital advertising service
A glimpse into a year-long RPA journey with a leading digital advertising services and solutions provider and how NashTech helped them.
We help you understand your technology journey, navigate the complex world of data, digitise business process or provide a seamless user experience
- Topics: