IT Web

Security as a service

By June 2, 2017 No Comments

Today’s IT environment is becoming increasingly complex, with computing assets spanning from on-premises legacy solutions to advanced workloads running as a service in the cloud. The challenge is securing the enterprise without impacting the business’s ability to operate, allowing the ever-increasing demand on mobility to be safe, secure and agile.

Ryan Roseveare, MD of BUI, says: “We’re seeing an escalating number of breaches, both local and international, so concerns around cloud security and identity are very valid and a top priority for all of our customers.”

As breaches, ransomware and modern cyber crimes become the new normal, the cost of security platforms to business is spiralling. According to Microsoft’s 2016 Trends in Cyber Security:

* More than 6 000 vulnerabilities are disclosed per year across the industry.
* 41.8% of all vulnerability disclosures are rated as highly severe – a three-year high.
* The encounter rate for consumer computers was about 2.2 times as high as the rate for enterprise computers (domain joined).

“In South Africa, organisations entering the cloud face the additional concern that their data will be hosted internationally, so the security aspect is very much top of mind for the local CIO considering taking his business into the cloud,” says Roseveare. “As a result, over the past couple of years we’ve seen an increase in the number of companies undergoing the cloud security journey, especially in South Africa where we don’t have any big data centres just yet. We’re having this conversation on a daily basis with businesses that are nervous to ship their data off overseas. They want to make sure it’s secure.”

“Other concerns that we’re seeing revolve around data sovereignty, businesses want to know whether other governments see their data. The perception is that the minute the data leaves South Africa’s borders, we lose control over what happens to it,” says Roseveare.

So South African organisations are caught in a quandary between migrating to the cloud – a non-negotiable for survival and growth – and keeping their data secure while complying with complex local and possibly international regulations. Roseveare says: “When you move your organisation to cloud services, you must be able to trust your service provider with your most important, sensitive and confidential data. Look for someone who focuses on building secure solutions that deliver value to customers, partners, and shareholders alike – both in the cloud and on-premises.”

What makes a good cloud partner from a security perspective? Well for one thing, explains Roseveare, they must address all areas of security, from identity and access to network security, data protection and data privacy. It’s also important that the provider be able to offer a holistic integrated security service as opposed to stand-alone products. Clients who have legislative or compliance requirements around their data, should also request extensive privacy controls and visibility into where their data resides and who has access to it, as well as whether the data is hosted in a single data centre or across more than one, so that should that data centre cease functioning for some reason, the data is still available. Customers with data sovereignty and compliance concerns will be glad to know that two hyper scale data centres are being developed in South Africa in 2018.

“There are three aspects to cloud security,” says Roseveare. “You want to secure your users’ identities, you want to protect your infrastructure and you want to ensure that apps and data are kept safe.”

User identity and customer data must be secured by means of enterprise grade multifactor authentication and information protection, so the use of biometric access controls such as retina or fingerprint scanning, as well as identifying the user’s location, can ensure that only legitimate users can access your data or applications.

Infrastructure management includes protecting mobile users, identifying potential threats and managing security incidents from detection to post-event analysis. The emphasis is on early detection, remediation and notification, which are key aspects of defending against security threats.

The bottom line, concludes Roseveare, is that whether the threat comes from inside your own organisation or from outside forces, you need to know that your organisation’s data is protected, regardless of where it resides.