Ralph Berndt, sales and marketing director at Syrex
South African businesses are turning to the cloud for the storage and management of their data. But even though this brings significant security advantages with it, when compared to on-premises environments, the cloud is not without its challenges especially given how rapidly the threat landscape is evolving.
Regardless of whether the data is stored locally or in the cloud, a breach can have serious consequences, including loss of data, damage to reputation, and financial risk. It is surprising to think that the shared responsibility model is still not understood by all companies. This sees cloud service providers taking responsibility for the security of the underlying infrastructure, with the business itself taking charge of the security of its own data and applications. Having a clear understanding of the roles and security responsibilities in this regard must be an imperative especially given the normalisation of the hybrid workforce contributing to a significantly expanding attack surface.
But beyond this, decision-makers in South Africa are faced with another challenge – that of government-enforced rolling blackouts. The unreliability of the national grid and its inability to sustain power, means organisations must make difficult decisions when it comes to the cloud. Accessing data in the cloud can only happen if there is electricity to sustain connectivity. This is resulting in significant investments being made in alternative energy sources such as solar, wind, and even generators. However, it does add to the cost of doing business requiring decision-makers to carefully consider which workloads they need to move to the cloud and which ones must remain on-premises.
Organisations have turned to multi-cloud environments to get the best of all worlds. They can leverage the respective expertise of different providers for specific workloads. But the complexity of managing security across the multi-cloud can be intimidating. Using multiple cloud services from different providers can result in a fragmented security landscape. This makes it difficult to monitor and manage security across all cloud services and increases the risk of security vulnerabilities and data breaches. Reporting also becomes a challenge.
Fortunately, this can be overcome by focusing on a few key interventions. For starters, a business must conduct a risk assessment. By assessing their security risks and identifying the areas where they are most vulnerable, decision-makers can prioritise their security efforts and allocate resources more effectively.
Businesses should also consider putting a comprehensive security framework in place that covers all aspects of cloud security. This can include the likes of access controls, data encryption, data leak prevention, threat detection and response, and compliance. Throughout this, monitoring and managing security in real-time must be prioritised. Companies therefore need to implement tools and processes that can monitor for suspicious activity, identify and mitigate security vulnerabilities, and respond to security incidents quickly and effectively.
Compliance can never be neglected. Companies must ensure they are compliant with relevant regulations and standards such as GDPR (for those with European partners and customers) and POPIA. This requires a deep understanding of the regulatory landscape and a commitment to ongoing compliance efforts. In Africa, virtually every country has different data requirements. Businesses looking to expand their footprint across the continent must be mindful of how this could impact their strategies as well as cloud adoption in those countries.
A new way forward
Going the cloud route means more than just improved uptime and a stronger cybersecurity stance. It also provides hybrid workers with more effective ways of accessing workloads regardless their geographic location.
Companies are moving to more fluid, hybrid methodologies with their applications being reworked to embrace the full functionality of the cloud. Many businesses have turned their focus to Web-enabling in-house tools while incorporating aspects of Zero Trust and endpoint management into their approaches. Data leak prevention tools and security ads a service in the cloud solutions have become very relevant. Ultimately, it comes down to providing a stable and secure way of managing and accessing the cloud.