Despite mixed feelings in the market about migrating IT to the cloud and uncertainty about the security of that which resides off-site (even that which is governed by a hybrid cloud model), the level of security in the cloud is really a matter of who you decide to trust with company data.
This is the view of experts at operations who have established leadership positions in this increasingly competitive area of ICT.
Albie Bester, GM at Pamoja, the cloud business unit of Pan-African ICT enabler SEACOM and a wholesale provider of cloud services, describes the perception of security risk as the “Achilles Heel of cloud adoption”.
“In many instances the security flag is raised by IT departments that fear losing control over a corporation’s IT decisions. Episodes such as the US National Security Agency’s PRISM program which involved collecting data about internet service users has not helped to change the security perception,” says Bester. “The notion that cloud service is not secure is not entirely accurate.”
Bester contends that just as quality of service will vary between service providers in other industries, the same can be said about services related to the cloud.
“It is possible to get secure cloud services and in many instances the security of these services will be better that what most organisations have in place today,” he continues.
Pamoja’s standpoint has always been to put awareness and education at the forefront of efforts to change perception.
To this end the company advises the market, specifically users of technology in companies, to understand the business’ data security policies and involve their IT department in this process.
Secondly, it is critical to source a reputable cloud service provider and, says Bester, “do your homework” to find out as much as possible about the provider.
“Decision-makers must ensure that internal users adhere to data security policies, a breach can happen at many places in the chain and in many cases it happens inside the organisation. Since Public cloud providers will not allow external technologies in their datacentres customers can’t run any services to scan the environment.
“Ask your potential cloud provider about their security model and insist on certification (such as ISO 27001) if it is a company requirement,” Bester adds.
Pamoja’s leadership reiterate that until all security concerns are satisfactorily addressed and broad cloud adoption has become a reality, the issue of cloud security will dominate discussions.
However, as Bester contends, just as people trust their mobile service provider not to divulge sensitive business conversations with unauthorised parties, there is a case for applying the same level of trust to a credible, experienced and professional cloud service provider.