Trends for 2019 - Online Security, GDPR and Consumption Based Services

Posted 30 January 2019

The pace of innovation in the digital space and online world is continuing, with underlying trends that are continuing to boom.

This is our final article in our top three trends for 2019 series. Click to read our past articles The Cloud and Security Breaches.

Online Security is getting tighter

We have seen both OpenSSL and the PCI requirements make bold moves in 2016 - 2018 in removing legacy encryption from their services, and this is something that in 2018 the four major browser vendors indicated they are going to take to new levels.

The problem with adding newer, more secure encryption options to a service is the presence of the previous implementations, ready for a naive service operator to enable, in the assumption they are helping with compatibility. Despite all the recommendations and documentation advising against this, many service providers still enable legacy protocols, ciphers, key exchanges, and use certificates with weak keys, weak signing algorithms or other problems.

Because of this, an updated browser removing these legacy capabilities is being enforced. Services that have not yet updated to enable new protocols will drop off the Internet. Digital agencies without any underlying digital security capability, who publish content without adequate understanding of the transports and technologies, will come up short.

But as security gets tighter, and identity federation gets wider, more critical business services will be made available over the Internet. Unable to resist the ease and convenience of office365, Xero, Internet Banking, and everything else that "just works", organisations will switch to SaaS, and find they no longer need to "VPN to the office" to access critical corporate systems. Multi-Factor Authentication will continue to be used to ensure higher confidence in user authentication.


With GDPR consistently in the headlines across the globe, Australian organisations are considering what it means for their own processes and how they handle individual’s data. GDPR is becoming the standard for data protection and security the world over and many Australian business are already ensuring they are compliant with these standards. While it can seem an onerous task to understand, it doesn’t have to be costly and complex to implement.

GDPR imposes a host of obligations on any organisation collecting or processing the data of EU individuals. These obligations range from simple data processing within specific boundaries, to storage and retention requirements with strict timeframes for the notification of any data loss or breach.  Robotic Process Automation (RPA) is now common practice in many industries and the applications to GDPR compliance are great.

RPA is the use of software robots to automate highly repetitive or labourious manual tasks typically performed by an information worker. RPA is a cost-effective solution to complying with GDPR’s strict response timeframes.

GDPR places numerous, onerous, and wide-ranging obligations on an organisation, with heavy penalties for non-compliance. RPA alone cannot automate an organisation’s entire GDPR function, nor can it eradicate costs of compliance. However, RPA can markedly improve the speed and efficiency of response, as well as significantly reduce ongoing costs and compliance risks.

Consumption Based Services

The availability of consumption-based technology services is increasing at a rapid pace. Almost any technology service, from computers to testing services to artificial intelligence APIs can be accessed by consumption-based pricing.  Only paying for what you need, when you need it, can enable organisations to reduce fixed up-front investments (and risk of over-committing on costs) and provide access to the latest technology and services with less risk.

Ideally, consumption-based pricing metrics should move “up the stack” to be as close to the business outcomes as possible.  Consuming services by transaction or by user, with tiered pricing models on short time periods, can allow IT organisations to focus their attention on the services delivered to the business, and less time on the widgets in the technology stack.

Traditionally, finance and procurement departments want to know the total spend with service providers in advance.  Modelling the total cost and value of a service for your organisation, including all the fixes and variable elements in the stack, provides a great apples-with-apples cost comparison, and sets a budget for services to enable ROI to be achieved.  Consumption pricing metrics should also incentivise good behaviour – for example, paying a managed service provider “per incident” does not encourage the service provider to improve services by reducing incident volumes.

IT design, develop and operations teams must change to take advantage of consumption pricing.  At a minimum this involves turning components off or deprovisioning service elements when not required, which is critical to controlling costs in consumption-based services.  This extends to rearchitecting application stacks to consume PaaS, SaaS and cloud APIs – e.g. moving from traditional database & applications on IaaS servers to fully server-less apps that increase performance and resiliency, huge reduction in costs, and have access to the latest analytics and AI services.  We have seen this impact IT team culture – moving away from technology you can see and touch to ephemeral commodity services that come-and-go on demand can impact moral.

The tech space is fast moving, with constant change and new developments occurring regularly.  We invite you to read more on Modis and support services and solutions we can provide to help you keep up with technology.

Discover Modis