The adoption of cloud computing services in South Africa, in both the public and private sectors, increased significantly during the COVID-19 pandemic, which was responsible for pushing cloud computing to the forefront of decision-makers’ minds. This is according to SA research group World Wide Worx, which reports that “some 82% of South African businesses increased cloud spend [in 2020]”.
The question is, has this money been wisely spent? We see evidence of confusion in the marketplace around what cloud services should be adopted and who should be appointed to lead their implementation as a preferred supplier. This is despite a number of global cloud-focused organisations being operational in SA.
Many ascribe this state of confusion to the corporate anxiety that surrounded the initial work-from-home demands and – more recently – the requirements associated with the hybrid workforce that has developed with the easing of COVID-related movement restrictions.
Perhaps surprisingly, confusion also exists among IT professionals, many of whom grapple with the complexities of the cloud environment. For instance, they are often undecided as to whether returns on investments are best realised within a public, private or hybrid cloud.
Confusion also reigns when it comes to selecting cloud types – such as infrastructure as a service (IaaS), platform as a service (PaaS) or software as a service (SaaS). In addition, making a choice between cloud management platforms, reference architectures and security policies is equally challenging.
If the definition of cloud computing services is accepted as “the delivery of on-demand computing resources, ranging from applications to data centres, over the internet”, then the importance of security is obvious due to the parlous nature of the internet.
Minimising confusion, improving understanding and refining insight are thus strategic goals, not only in the implementation of the cloud, but also in the application of appropriate security solutions designed to protect data and applications from cyber attacks, phishing and ransomware as well as common theft, internal corruption or accidental deletion.
In this light, security policies, controls, procedures and technologies have to be defined and evaluated as to their abilities to work in harmony to protect cloud-based infrastructures against myriad attack vectors.
Unless users have a distinct understanding of their cloud services – in terms of how many instances are running, for example – it will be near-impossible to ensure the efficacy of security barriers such as access authentication, traffic filtering and others.
Similarly, a clear visibility of assets, networks and cloud resources and how they are allocated is also vital if the constantly evolving and increasingly sophisticated malware security threats with which organisations are regularly faced are to be mitigated. Such intelligence will also help users meet compliance mandates, formulate policies and draft necessary reports.
To ensure best practices are adopted – and to beat a pathway through the jungle of confusion – a professionally customised cloud solution, which addresses centralised security, should be a priority.
Cloud-based networks depend on many devices and consist of a number of endpoints. While their management is demanding, a competently engineered centralised security system is able to enhance vital functions such as web filtering and boost traffic analysis on a proactive basis.
Essentially, this is as a result of the automation built into a fully managed system that is geared to deliver around-the-clock protection with minimal human interaction and – importantly – administer critical system patch updates.
As the rate of cloud adoption continues to rise in SA, the need for unobstructed views into the implementation of cloud services will be key to assisting organisations drive down operating costs, scale their operations and develop agile systems capable of providing a competitive edge in business.
Moreover, a clear insight into how a cloud infrastructure could be expected to evolve within an organisation is needed to allow decision-makers to plan ahead, keep abreast of advancements in cloud security and ensure the latest privacy and regulatory compliance requirements are met.
Awareness at this intensity level will also be essential should South African companies move towards the employment of a non-permanent workforce in the post-pandemic era, as predicted by acknowledged South African recruitment specialist Georgina Barrick.
Deon Smal
Deon Smal (B.Tech: Information Technology) is the CEO of Cyber Insight, a leading cyber security consulting and advisory firm. Cape-based, he has extensive experience in the IT industry. His focus is on cyber security and his expertise lies in the formulation of contemporary corporate network and infrastructure security strategies.
Smal is also a part-time lecturer on ethical hacking for post-graduate students at Central University of Technology, Free State. He serves on the EC-Council Advisory Board of Certified Network Defenders and has numerous networking, virtualisation, server administration and firewall certifications to his credit.
Share