With IT spending in South Africa on the increase and organisations increasingly turning to the cloud to host their data, cybersecurity must remain a strategic priority. And so it has become less about the technical capabilities of protection and more about understanding the dependencies of data and how to keep this asset safe from compromise.
“Even though the cloud has changed how companies approach data management and its availability, many organisations still adopt a silo approach between security teams and what happens in the rest of the organisation. This must change to align all divisions with the business strategy. It requires cybersecurity methodologies to adapt for a cloud environment,” says Kate Mollett, regional manager for Africa at Veeam.
Although the cloud provides companies with a more secure way to safeguard their data, the data still needs to migrate to an online environment. Decision-makers, therefore, need to ask themselves how to move it in a way that provides the most acceptable amount of risk. In 2016, 80% of security breaches involved privileged credentials. When compromised, these credentials provide malicious users with a virtual free reign to sensitive information.
“This is where the shared responsibility model where security and compliance are shared between the cloud service provider and the customer comes in. Moving data to the cloud is not a fire-and-forget way of managing it. Instead, organisations must carefully scrutinise their systems to ensure they have the required protection in place before commencing a cloud project.”
Fortunately, companies who are moving their data to the cloud are doing it within the boundaries of compliance. In certain respects, this also empowers them to future-proof their data management when it comes to things such as the Protection of Personal Information Act (POPIA) that is still a largely theoretical policy.
A growing awareness of cybersecurity risks have resulted in companies structuring their cloud migration to be in line with these and other legislative requirements (think the General Data Protection Regulation of the European Union). This has the additional advantage of breaking down those erstwhile silos and providing a better view of how data permeates all aspects of operations.
Having the cloud as a foundation enables organisations to more effectively break down the silos that exist between themselves, their customers, and even their partners. It provides for a better understanding of all the tools they have at their disposal when it comes to cyber protection, both from a reactive as well as a proactive backup strategy perspective.
In terms of data security, South Africa compares well to other, more developed, markets.
“It is especially in the financial space where the country is significantly more mature when it comes to data protection. Even so, all industry sectors must be aware that data security requirements will continually evolve as the threat landscape changes. It has steadily moved higher on the corporate agenda and is now an unavoidable topic especially when it comes to the cloud,” she says.
Adding impetus to data security discussions is the recent ransomware attack on City Power, the electricity utility of the City of Johannesburg. The ransomware encrypted all its databases, applications, and network, leaving prepaid customers unable to purchase electricity. Its website was down, and its sensitive data was put at risk.
“South Africa remains one of the most hacked countries in the world. The rapidly-evolving attack surface is becoming more sophisticated, putting the onus on organisations to better protect themselves and their data. What the City Power hack highlighted is that any organisation is a target and more work must be done to ensure systems are safeguarded. But it is not good enough to only protect the data. Companies must have business continuity and availability solutions in place to help mitigate the threat when the worst should happen,” she concludes.