The dark side of cloud

October 2013 Cyber Security

In every technology publication I open, every business symposium I attend, every CIO roundtable I facilitate, we hear about the next wave of change branded 'Cloud'.

Rudie Raath
Rudie Raath

CIOs are warned that this wave is building up like a tsunami and will change the information technology landscape as we know it today, similar to the introduction of the computer accessory called the mouse in the late ‘80s. The mouse allowed us to click objects on the screen and windows were born. No more dull black terminal screens with a flashing cursor waiting for our next keystroke. This wave created a brand new style of IT.

Cloud concepts certainly make for a very good debate and challenge most of our paradigms in business today. Cloud technologies are magnified with the introduction of mobile application and smart phones demanding this new style of IT. Our traditional paradigm limited us to a dumb browser just displaying information, to mobile applications that augment our reality and take a 2D flat drawing on a piece of paper and bring it to life through the lens of the smartphone camera.

The role of the CIO

The new role will be one where the CIO becomes that broker of services both internally and externally. This CIO will be the custodian of the strategy and the IT department the executer, where a balance will be struck between retaining some traditional IT services, building an internal private cloud, consuming a managed virtual private cloud and public cloud services. With this new style of hybrid delivery we are also facing brand new challenges and paradigms that can have a major impact on the organisation’s growth and competitive advantage.

Assets of the future are no longer the technology or physical assets, it is the way information is mined, shared and consumed. We live in a connected world where everything around us has some relation to each other and the data sources are no longer within organisational boundaries.

Don’t get caught out!

Although we have many success stories and the mobile application world explosion compels us to understand and adopt this new style of IT, we do have some critical areas that are sometimes swept under the rug and ignored as 'it should not be a problem'. These are:

* Terms and conditions.

* Customisation requirements and testing.

* Customer data handling and platform design.

* Regulatory compliance and liability.

Depending on the services that are hosted, you need to make every effort to understand the terms and conditions or find a provider that you can negotiate with. Here are the top most common areas you should consider:

* Uptime commitments.

* Data backup policy and restore windows, and its associated costs – some providers charge enormous fees to restore data.

* Data theft liability.

* What is included and excluded from your subscription fee – make sure that this is clearly defined.

* Use of your personal information.

* Migration costs – how you will migrate onto their platform and what start-up costs are involved.

Moving towards the dark side

Many technology manufacturers and cloud providers build services based on highly customisable platforms with bundled consulting packages. This service is pushed hard to upsell the value, but has a very dark side to it – Locked In! The word customisation is synonymous with high costs and limited movement options. The platform choice obviously plays a major role in any customisation that might be required. In some cases it is unavoidable to customise the platform or services to fit the business, but this must be kept to the minimum to ensure that you can harness the benefits that future cloud innovation will bring.

A very critical consideration is the migration of data on and off platforms. The easy answer is that migration costs are included in the contract, but what is not covered is the architectural intellectual property of the cloud providers hosting infrastructure in relation to your data and application integration. This might make it almost impossible to move if the reference architectures behind your data and applications are not available to the next cloud provider.

Can you force your cloud provider to share that information with a possible new cloud provider? Yes you can, but this will not be an easy journey if the current cloud provider delays the matter – even if this is part of the contract.

Regulatory compliance and local acts can also have a major impact on selecting the correct cloud provider should you host outside South Africa in a country where the local legislation allows the government to lockdown the boarder due to security threats or war which might lead to you being disconnected from your data and services.

It is very easy to get demotivated, negative and somewhat close-minded when considering this 'dark side of cloud', but the reality is that the world is changing, and cloud technologies, mobile application and virtual reality are here to stay. The question is, how do you embark on this journey and stay competitive? The simple answer – choose the correct partner to walk this journey with you and share the risks.

For more information contact HP, +27 (0)11 785 1000,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

The importance of XDR for cyber protection
October 2019 , Cyber Security, Products
35% of South African organisations are expecting an imminent cyberattack and a further 31% are bracing for it to happen within a year, according to local research conducted by Trend Micro.

Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky Lab , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Cybersecurity for video surveillance systems
September 2019 , Cyber Security, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are increasingly accessible over any IP network, which has led to the rise of potential cyberattack.

Cyber-securing your surveillance infrastructure
CCTV Handbook 2019, Genetec, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
When it comes to cybersecurity, understanding the risks and the solutions as well as engaging in open communication helps everyone.

Cybersecure surveillance partnership
CCTV Handbook 2019, Bosch Building Technologies, Genetec , Cyber Security, CCTV, Surveillance & Remote Monitoring
With Bosch and Genetec, you can feel confident that your data is protected by one of the world?s best security solutions, end to end, day after day.

Keeping your things to yourself
October 2019, Technews Publishing , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Three experts spoke to Hi-Tech Security Solutions to offer advice on keeping your IoT working for you and not for cyber criminals.

IoT in security
October 2019, Duxbury Networking, Technews Publishing , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Using the Internet of Things is not really optional these days, but securing the Internet of Things is compulsory, no matter what industry you operate in.