Over the NSA spying hype? Don’t be

April 2014 Information Security

Last year when Edward Snowden dropped the revelation that the United States National Security Agency was peering into the private data of individuals and companies, the world sat up and took notice.

All the hype that security companies had been generating over the years suddenly became a reality – big brother is watching. Not only that, but companies and individuals have spent the past 10 years putting their private data in a public space – social media and the cloud – with little thought for the implications that could result when a big, bad government agency comes knocking.

JJ Milner
JJ Milner

And yet, a year later, all the hand-wringing and face palming has died down, and most companies and individuals are carrying on as they did before. But they shouldn’t be, according to JJ Milner, MD and founder of Global Micro.

“When you look at the security of data, there has to be a tacit appreciation of the fact that data has value,” he says. “In the same way as you treat anything of value, you have to protect it.”

This isn’t spy vs spy

Milner points out that companies have a tendency to be very dismissive of the possibility that government spies might be looking at their data, but are ignoring the real threat of industrial espionage, and the fact that most data thefts are actually internal.

“After all the awareness that the NSA surveillance story has generated, people are still not seeing the wood for the trees,” he says. “Companies have moved their data to cloud operators not owned by US firms, but have allowed all other protection processes to go out the window.”

South African cloud storage

While decision-makers at companies in the United States have a lot to consider both in terms of the NSA and every other data security threat to their business, South Africans also need to make some serious considerations.

“In South Africa, even if you store your data in another country, it is still required to comply with the local Protection of Personal Information Act,” says Milner. “You should store your data with a provider that you know, understand and trust to look after it, and you should be mindful that security must encompass spying, hacktivism and hackers, and that it needs to be available when you need it and at the speed at which you need it.”

He cautions that a haphazard approach to off-site data storage will lead to uncertainty, and the agreements get more and more diluted over time, especially if the data is stored in another country. “As this volume of data grows, companies are seldom considering if they are with the right provider for their needs, or what might happen if they need to restore that data.”

Accountability is vital

Hybrid cloud solutions – a mix of the best services provided by an outside environment and an internal infrastructure – is the latest buzzword. But even as they are touted as a ‘best of both worlds’ solution, they come with their own concerns. “The mix of environments provides scope for security issues, and it is difficult to allocate responsibility when there are multiple providers.”

As the corporate world puts more and more data online, in the hands of cloud providers, the risks of security breaches increase. It is for this reason that Milner says it is so vitally important to consider your choice of cloud provider carefully.

“Security is important and you need to talk to people you trust”, says Milner. “There are ways to make public clouds secure, so choose your providers with care and be sure to ask them all the right questions.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.