Intelligent CIO Africa Issue 20 - Page 46

CIO opinion How secure is data in the cloud? Many small business owners are more concerned about how secure their data is in the cloud but don’t worry about taking their unencrypted laptops to a local coffee shop, says Alto Africa CTO Oliver Potgieter. He talks to Intelligent CIO about why having a ‘secure’ password doesn’t mean one’s data is protected and why ‘the cloud’ itself is not the security issue. Amazon Web Services or Google Cloud. Instead of asking whether the cloud is secure, they should rather be asking whether they are using the cloud securely. It is nearly always the user and not the cloud provider, who fails to manage the controls used to protect an organisation’s data. Small and mid-sized businesses have a relationship with cloud security that reflects a line from Shakespeare – full of sound and fury, signifying nothing. In part, the blame should be placed on the shoulders of the ‘bakkie brigade’ – a group of IT providers that service the SMB sector in South Africa. Unfortunately, most small businesses have a vested interest in friends and relatives who look after their computers. These ‘IT professionals’ tend to keep software and data local and charge a handsome callout fee every time there’s a problem. So they sow fear, uncertainty and doubt (FUD) about ‘the cloud’ while punting their own ‘data centre’. It’s not even worth commenting on the security of a couple of servers in the IT provider’s basement. There are very few fortune 500 companies that can compete with the availability and security of Azure, Amazon Web Services or Google Compute, let alone any small or mid- size businesses. There is a massive difference between a real data centre and the local IT provider’s ‘data centre’. Oliver Potgieter, CTO of Alto Africa G So, do businesses never get hacked in the cloud? Of course, they do, but Microsoft’s Azure SLA for example states that they take responsibility for security of the cloud service they provide, e.g. the physical components and the network connected layer. SMEs need to understand where their data protection concerns should lie. Having a ‘secure’ password surely cannot compare to storing one’s data on a multi-billion- dollar cloud platform like Microsoft’s Azure, SMEs can run pretty much any service they want from these global cloud platforms but if they leave remote connections open to the world, give every user that needs access full admin rights and have a password policy that allows ‘Password123’ as the only form of authentication needed then they deserve artner predicts that by 2022, at least 95% of cloud security failures will be the user’s fault. The challenge is not in the security of the cloud itself, but rather in the policies and technologies for security and control of the technology. 46 INTELLIGENTCIO “ SMES NEED TO UNDERSTAND WHERE THEIR DATA PROTECTION CONCERNS SHOULD LIE. HXY ۸&][YHH]ܛKX\[]H\H\[x&\\ۜX[]B[\\Xܙ[X[ۈق\ۘ[[ܛX][ۈX L JB[H]\X[[[۸&\[\[]BX[ۈY[][ۈ K^[YHH8&\YY\ܸ&H^\BY\\XYHY] ۜY\YBوH[]\X8$[X^ۈYY IHYX\ۈYX\ܛ[LH]T K [[ۈ[][YK[HZXܛٝ8&\˜[Y\X[Y][YHX\[[ܙYXH N HT [[ۋ\H\H[HوX\ۜ[ݙHHY ]XZ\\[\[H[][X[\[\ۙ\\ۂZ\\[\ˈY\][[H\Y܈[[[\\و\X][ۜ\\[\X\]K[[[ۙx&\ۈ\\Hݙ\[وXZ[[[H[X[Y[Y[[XY[ܙ\Y[^[]\\˂[HHYXHوY\][[Y][Y\[\X]Y ]8&\X\]]]\]\\[ۙ^K\H\H\۝[ݚ[Y\X\\[ۙH[ˈ][\\۝[\Y[\[HU[\X\BYY[HZ[\HHHY\XBݚY\܈H^Y ˚[[Y[[˘