Increasing levels of adoption of the cloud is driving urgency around the need for a secure operating environment and the skills necessary to maintain this environment.
Cloud services experts like Gavin Lingenfelder, cloud services lead at Pamoja, believe good all-round security skills to support cloud adoption are in high demand – especially with regards to hybrid cloud solutions.
Pamoja is the cloud business unit of Pan-African ICT enabler SEACOM and a wholesale provider of cloud services.
The company says a standardized environment that operates according to a set of security policies, absolutely enforced, is a prerequisite for businesses that want to leverage off the “power of the cloud”.
As Lingenfelder explains the offer of flexibility of on-demand resources on a pay-as-you-use model through the cloud and the advantage of an automated solution to simplify disaster recovery processes, risk and cost reduction, is only attainable through a secure operational environment.
“A secure operating environment is not just about protecting the perimeter but involves translating compliance requirements into a technology implementation. This requires practical skills and knowledge around data protection, privacy standards, encryption, malware protection. Additional skill sets of value include identity management, authentication methods, and auditing,” he explains.
Although he believes the market does understand the significance of a secure operating environment, the issue is often relegated to the back of the queue in terms of priority or is only seriously considered when there is a breach.
If there is a breach, the damage could be catastrophic to a company Lingenfelder adds. “It’s not about just restoring data and recovering environments; imagine sensitive data been made available to competitors,” he argues.
The critical role that these security skills play is emphasised through key business disciplines such as disaster recovery and business continuity.
Lingenfelder says many businesses believe having a disaster recovery plan in place is sufficient – but this is not the case.
“The truth is a disaster recovery plan is only a small portion of the business continuity plan. Business continuity is making sure your business can continue operating during a disaster and most important surviving a disaster.”
It is here where assessment is fundamentally important. Regular assessment has to involve a great deal more than “ticking a few boxes” and has to be incorporated into regular operations and there must be certainty that necessary recourse is in place – company risk has to be owned at board level and cannot be left up entirely to operations teams.
“When you mention a disaster every one thinks of this massive event but everyone forgets that it could be losing a proposal you been working on for days just before the deadline. So, recovery starts from end user devices right through to the data centres making sure data is automatically backed up and that there are processes that are regular tested in place,” Lingenfelder continues.
Pamoja advises organisations to acquire a solid understanding of what impact a third party vendor will have on their risk profile. Vendors can be approached to provide information on their security policies and procedures, and how these are managed. Certifications such as ISO 27001 sets the basic benchmark for security.