The broad adoption of cloud computing technologies and services in South Africa has gained pace over the past few years. Local businesses of all types and sizes are using cloud services because maintaining their own infrastructure is costly, and they hope to boost efficiency, lower costs and simplify their technology investments.
A substantial number of these local businesses, however, are storing sensitive information relating to clients, employees or the business itself, as well as using it for day to day operations. “This is particularly true of businesses involved in industries such as finance, healthcare and retail, as they house highly confidential customer data, and can face huge penalties should this data be compromised. Public disclosure in the event of a breach is now a legal requirement, which could result in lost revenues as well as customer confidence,” says spokesperson from MWR Infosecurity.
This creates an environment where you could seriously see companies losing business if they are repeatedly compromised. As a result, most businesses will (hopefully) be forced to consider and incorporate security into their business model. “However, lack of awareness of security issues is probably a major contributor to why businesses don’t take security as seriously as they should. From what I’ve seen, security is not necessarily a major concern in South Africa and the few companies that do try to take it into account just don’t have an adequate background to address security properly,” explains spokesperson.
He says this could result in them focusing on the wrong things; the high-profile attacks that litter the headlines, and not the real threats themselves. “You may find that they simply assume that a cloud provider would take care of security without ever checking up on that, or assuming that there is no way a third party would be able to manage security better than they do.”
However, if a South African company ever wants to compete in the international market, they’ll be judged according to the same standards as foreign businesses and that means they need to give the same attention to security, he adds.
Security of cloud infrastructure is also a concern because it is being shared with other users. “I read an article a while ago about ransomware encrypting a company’s entire system which resided mostly on the cloud. If you are sharing infrastructure with someone else, you need to secure your host because you don’t want their problems to become yours. Alternatively, another client for the same cloud provider may be malicious, at which point an insecure cloud service could be something of a gold mine.”
He believes cloud security is almost like mobile security, it’s one of those things that get a lot of media attention in the form of “cloud security is important” but without a real exploration of what cloud security is.
“Much in the same way as mobile security, if you look at the Verizon Data Breach Report or similar, this is just how companies are now getting breached. Companies are still getting compromised through users and their workstations. Until the world at large starts focusing on how organisations are really getting compromised, we will keep throwing money at ‘blinkenboxes’ that solve problems we don’t have.”
In terms of securing the cloud, he advises to consider actual security, not merely regulations, though they may help drive the minimum standard. He also believes that technical issues would probably be a major concern, including:
- Hosting system set up (OS, software, firewall, segregation of different user environments, services running, hard drive encryption, etc.)
- Communication security
- Security policies (updates, patch policies, information access control. This enables encrypted back-ups but companies should look at who in the business can access that and whether the host company has a key too)
- Disposal of equipment (most specifically hard drives that may have sensitive info)
- Security of the actual services offered
Behind the scenes: Established in 2003, MWR InfoSecurity is a research-led information security consultancy, with a client list spanning the major world indices and Government agencies & departments. MWR consults with clients around the globe, providing specialist advice and services on all areas of security, from mobile through to supercomputers.
Central to its philosophy is the desire to deliver high quality cyber security consulting services and unsurpassed levels of support to clients. MWR’s focus is working with clients to develop and deliver a full security programme, tailored to meet the needs of each individual organisation.
www.mwrifodsecurity.com / @mwrinfosecurity/@mwrlabs/@mwrphishd/@countercept
- What solutions are there for post Covid complications on the economy? |#LTC |#Coaching |#Business |#HumanResources | Kevin Britz | Jody Eiser |#ebizradio |#podcast - April 20, 2021
- The secret to e-commerce success in South Africa |#Digital | Ryan Bacher | Mike Stopforth |#ebizradio | #OneEyedMan - April 19, 2021
- Which is better – Prevention or Solutions? |#LTL | Kevin Britz | Naomi Basson | #Leadership |#Podcast | #ebizradio - April 19, 2021
- Shades between Introvert and Extrovert | Candid Conversations |#LTS | Kevin Britz | Lauren Britz |#Podcast | #ebizradio - April 16, 2021
- Tales from my stethoscope | Alan Levine | Ingrid von Stein | #PayItForward |#Podcast |#ebizradio - April 15, 2021
- Unpacking Green Packaging |#Marketing | Kevin Britz | Craig Page-Lee |#Podcast |#ebizradio - April 15, 2021
- I’m in a sales slump! |#Sales | Sales Enablement | Shelley Walters | #Podcast | #ebizradio - April 14, 2021
- Agile transformation in your business |#Insights | Kevin Britz | Myles Hopkins | #Podcast |#ebizradio - April 14, 2021
- Brand immersion into gaming |#LetsTalkDigital |#Audrey Naidoo | Garth Rhoda|#Digital |#ebizradio - April 14, 2021
- Have you heard of The People Shop? |#Careers |#LunchtimewithKevin | Chantal Kading |#Podcast |#ebizradio - April 13, 2021