Getting to the cloud

1 November 2018 Access Control & Identity Management, Information Security, Infrastructure

South African businesses, like many worldwide, are increasingly shifting applications, services and infrastructure to the cloud where they are more accessible and available, thereby enabling productivity and business continuity for employees. However, according to Securicom, companies are discovering that the cloud presents unique security challenges, amongst which unauthorised access and misuse of employee credentials rank highly.

“Cloud apps and services to empower employee productivity and business continuity are becoming mainstream, but we are definitely noticing a lack of competency and preparedness amongst local businesses in dealing with the associated IT security challenges. The conventional methods of securing IT infrastructure do not adequately address the threats associated with the cloud,” says Securicom’s Richard Broeke.

Similar to findings in the just released Cloud Security Spotlight Report by Crowd Research Partners, Securicom’s experience in the local market also demonstrates that poor management and control of access to cloud-based infrastructure, apps and data in the cloud are a major threat to companies’ IT security.

“Poor access control and misuse of employee credentials means that data is being exposed to people who aren’t authorised to see it. While exposure of salary and income information to unauthorised eyes is never appropriate, things become far more sinister when confidential information such as banking details or sensitive business intelligence is exposed outside the company or is accessed by employees who have malicious intentions.

“Insider threats to IT security are well documented and for the most part, companies have tried to implement controls to on-premise infrastructure to curtail the problem. But these controls are not effective for the cloud. Comprehensive and more effective management and control solutions that are specific to the cloud are needed to protect data in the cloud,” explains Broeke.

Nowadays, companies across most industries operate in a highly regulated environment and are required to control and protect their information. In compliance with their industry or governmental regulations, they should therefore know where their data is, who is able to access it, and how it is being protected. When access to cloud resources is uncontrolled, with the potential of exposing the information they are required to protect, companies are in violation of regulatory requirements which can have serious repercussions. For instance, when employees move restricted data into the cloud without authorisation, business contracts may be violated and legal action could result.

In addition to the information and apps that companies themselves make available in the cloud for their users, employees are also bringing their own preferred apps into the equation. Employees choose apps based on their ability to assist them in working more efficiently but they aren’t aware of the risks of storing corporate data in unsecured apps. With the plethora of apps available, Broeke says a lot of companies do not even know which apps are at play in their enterprises.

“It makes the challenge of protecting information in the cloud more complex because now, in addition to unauthorised people accessing cloud resources which are meant for authenticated personnel only, you also have all levels of users uploading sensitive information to a host of cloud-based apps that you aren’t even aware of,” he says.

“The approach to protecting company information floating in the cloud must therefore encompass controlling access to the company’s cloud-based resources as well as managing the number and nature of cloud based apps that employees introduce to the environment. This must be coupled with setting and enforcing sound security policies across cloud environments,” concludes Broeke.

For more information contact Securicom at www.securicom.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
The power of PKI and private sector innovation
Access Control & Identity Management News & Events Government and Parastatal (Industry)
At the recent ID4Africa 2025 Summit in Addis Ababa, the spotlight was firmly on building secure, inclusive, and scalable digital identity ecosystems for the African continent.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Biometric security key for phishing-resistant MFA
Products & Solutions Access Control & Identity Management
New FIDO-compliant USB, Bluetooth, and NFC BioKeys with biometric login and centralised management for phishing-resistant, passwordless multifactor authentication (MFA) for enterprise users.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Gallagher Security releases OneLink
Gallagher Animal Management Products & Solutions Access Control & Identity Management
Gallagher Security has announced OneLink, a cloud-based solution that makes it faster, easier and more cost-effective to deploy security anywhere in the world, transforming how security can be delivered to remote sites and distributed infrastructure.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.