SMES NEED TO UNDERSTAND WHERE THEIR DATA PROTECTION CONCERNS SHOULD LIE .
CIOopinion
How secure is data in the cloud ?
Many small business owners are more concerned about how secure their data is in the cloud but don ’ t worry about taking their unencrypted laptops to a local coffee shop , says Alto Africa CTO Oliver Potgieter . He talks to Intelligent CIO about why having a ‘ secure ’ password doesn ’ t mean one ’ s data is protected and why ‘ the cloud ’ itself is not the security issue .
Amazon Web Services or Google Cloud . Instead of asking whether the cloud is secure , they should rather be asking whether they are using the cloud securely . It is nearly always the user and not the cloud provider , who fails to manage the controls used to protect an organisation ’ s data .
Small and mid-sized businesses have a relationship with cloud security that reflects a line from Shakespeare – full of sound and fury , signifying nothing . In part , the blame should be placed on the shoulders of the ‘ bakkie brigade ’ – a group of IT providers that service the SMB sector in South Africa .
“
SMES NEED TO UNDERSTAND WHERE THEIR DATA PROTECTION CONCERNS SHOULD LIE .
Oliver Potgieter , CTO of Alto Africa
Gartner predicts that by 2022 , at least 95 % of cloud security failures will be the user ’ s fault . The challenge is not in the security of the cloud itself , but rather in the policies and technologies for security and control of the technology .
SMEs need to understand where their data protection concerns should lie . Having a ‘ secure ’ password surely cannot compare to storing one ’ s data on a multi-billiondollar cloud platform like Microsoft ’ s Azure ,
Unfortunately , most small businesses have a vested interest in friends and relatives who look after their computers . These ‘ IT professionals ’ tend to keep software and data local and charge a handsome callout fee every time there ’ s a problem .
So they sow fear , uncertainty and doubt ( FUD ) about ‘ the cloud ’ while punting their own ‘ data centre ’. It ’ s not even worth commenting on the security of a couple of servers in the IT provider ’ s basement .
There are very few fortune 500 companies that can compete with the availability and security of Azure , Amazon Web Services or Google Compute , let alone any small or midsize businesses . There is a massive difference between a real data centre and the local IT provider ’ s ‘ data centre ’.
So , do businesses never get hacked in the cloud ? Of course , they do , but Microsoft ’ s Azure SLA for example states that they take responsibility for security of the cloud service they provide , e . g . the physical components and the network connected layer .
SMEs can run pretty much any service they want from these global cloud platforms but if they leave remote connections open to the world , give every user that needs access full admin rights and have a password policy that allows ‘ Password123 ’ as the only form of authentication needed then they deserve to be hacked . Don ’ t blame the platform , securing data is the company ’ s responsibility and this is according to Protection of Personal Information Act 2013 ( PoPI ) and the European Union ’ s General Data Protection Regulation ( GDPR ).
Next time a ‘ trusted advisor ’ says the cloud is just not ready yet , consider some of the following statistics – Amazon cloud did 49 % year on year growth in Q1 with US $ 5.44 billion in revenue , while Microsoft ’ s commercial cloud revenue leapt an incredible 58 % to US $ 6 billion .
There are plenty of good reasons to move to the cloud , it makes good business sense and it allows small business owners to focus on their business . Cloud computing can be used for almost all types of applications , not just business security .
When running one ’ s own servers , the overall costs of maintenance and management can lead to unforeseen expenditures .
While the idea of cloud computing can sometimes sound complicated , it ’ s clear that it saves its users money . There are no upfront costs , moving to cloud is cheaper than one thinks . It involves no upfront investments as all the IT infrastructure needs will be taken care by the cloud service provider for a fixed cost . •
46 INTELLIGENTCIO www . intelligentcio . com