South African organisations – particularly those responsible for critical infrastructure – need to rethink their reliance on legacy “trusted network” approaches.
“It’s a major systemic risk,” says Armand Kruger, head of cybersecurity at NEC XON. However, the fact that many African organisations haven’t yet moved beyond the perimeter security mindset presents a unique opportunity.
The opportunity for Africa
Unlike more mature markets burdened by decades of legacy systems, African organisations are uniquely positioned to bypass incremental upgrades and move directly to modern, cloud-delivered security models. “This is one of the few areas where being ‘behind’ is actually an advantage,” says Kruger. “Africa can leapfrog straight into Zero Trust architectures that are identity-driven, context-aware, and designed for distributed environments.”
This shift is already underway. NEC XON has recently supported large-scale Zero Trust and secure access transformations across large enterprise and public sector environments – enabling organisations to replace implicit trust with continuous verification, granular access control, and improved visibility.
While many organisations continue to depend on perimeter-based security and VPN-driven access, a growing number of enterprises across Africa are adopting Zero Trust and Secure Access Service Edge (SASE) frameworks.
Kruger says this is a decisive shift in how security is architected. “The issue is not just technological – it is philosophical. If your security model assumes trust inside the network, you don’t have a cybersecurity strategy, you have a liability,” says Kruger.
Legacy thinking meets modern threats
Many of South Africa’s most important IT systems, including large organisations, utilities, transport, and public services – remain particularly exposed. Many environments still rely on legacy VPN architectures that were designed for a time when users, devices, and applications were largely confined within clearly defined network boundaries.
“That world no longer exists,” Kruger explains. “Today’s organisations operate across cloud platforms, remote workforces, and multiple geographies. The idea of a ‘secure perimeter’ is fundamentally outdated.”
The cost of standing still
At the heart of this transformation is a fundamental change: moving from trusting networks to trusting identities. Zero Trust models assume that no user or device – whether inside or outside the network – should be trusted by default. Instead, access is continuously verified based on identity, device posture, location, and behaviour.
“These days, cybersecurity is about identity, not location,” Kruger adds. “Where you are on the network matters far less than who you are, what you’re accessing, and under what conditions.” For organisations that fail to modernise, the risks are escalating – from ransomware attacks and data breaches to operational disruption in critical services. “Clinging to legacy security models doesn’t just slow you down – it actively increases your exposure,” says Kruger. “Threat actors are exploiting assumptions of trust that simply shouldn’t exist anymore.”
Building for a distributed future
As cloud adoption accelerates and African organisations expand across borders, the need for scalable, flexible, and secure access models becomes more urgent. Kruger emphasises that Zero Trust and SASE are not just security upgrades – they are enablers of digital transformation.
“Security should not be a barrier to innovation,” Kruger concludes. “Done correctly, it becomes the foundation that allows organisations to operate confidently in a connected, digital-first world.”