Over the NSA spying hype? Don’t be

April 2014 Information Security

Last year when Edward Snowden dropped the revelation that the United States National Security Agency was peering into the private data of individuals and companies, the world sat up and took notice.

All the hype that security companies had been generating over the years suddenly became a reality – big brother is watching. Not only that, but companies and individuals have spent the past 10 years putting their private data in a public space – social media and the cloud – with little thought for the implications that could result when a big, bad government agency comes knocking.

JJ Milner
JJ Milner

And yet, a year later, all the hand-wringing and face palming has died down, and most companies and individuals are carrying on as they did before. But they shouldn’t be, according to JJ Milner, MD and founder of Global Micro.

“When you look at the security of data, there has to be a tacit appreciation of the fact that data has value,” he says. “In the same way as you treat anything of value, you have to protect it.”

This isn’t spy vs spy

Milner points out that companies have a tendency to be very dismissive of the possibility that government spies might be looking at their data, but are ignoring the real threat of industrial espionage, and the fact that most data thefts are actually internal.

“After all the awareness that the NSA surveillance story has generated, people are still not seeing the wood for the trees,” he says. “Companies have moved their data to cloud operators not owned by US firms, but have allowed all other protection processes to go out the window.”

South African cloud storage

While decision-makers at companies in the United States have a lot to consider both in terms of the NSA and every other data security threat to their business, South Africans also need to make some serious considerations.

“In South Africa, even if you store your data in another country, it is still required to comply with the local Protection of Personal Information Act,” says Milner. “You should store your data with a provider that you know, understand and trust to look after it, and you should be mindful that security must encompass spying, hacktivism and hackers, and that it needs to be available when you need it and at the speed at which you need it.”

He cautions that a haphazard approach to off-site data storage will lead to uncertainty, and the agreements get more and more diluted over time, especially if the data is stored in another country. “As this volume of data grows, companies are seldom considering if they are with the right provider for their needs, or what might happen if they need to restore that data.”

Accountability is vital

Hybrid cloud solutions – a mix of the best services provided by an outside environment and an internal infrastructure – is the latest buzzword. But even as they are touted as a ‘best of both worlds’ solution, they come with their own concerns. “The mix of environments provides scope for security issues, and it is difficult to allocate responsibility when there are multiple providers.”

As the corporate world puts more and more data online, in the hands of cloud providers, the risks of security breaches increase. It is for this reason that Milner says it is so vitally important to consider your choice of cloud provider carefully.

“Security is important and you need to talk to people you trust”, says Milner. “There are ways to make public clouds secure, so choose your providers with care and be sure to ask them all the right questions.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.