classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory

It’s still your data
April 2017, This Week's Editor's Pick, Cyber Security, IT infrastructure, Security Services & Risk Management

The forecast is cloudy with a chance of security breaches. Fortunately, the state of cloud security is not as lame as that opening line. Yet, as more companies entrust their data and applications, and almost everything else to cloud service providers, one must wonder just how secure it all is.

Let’s be honest, if you watch the media, it seems that hackers don’t really have a hard time breaking into computer systems and taking what they like. There is, of course, a bias in the media to only reporting the juicy news of hacking and breaches while ignoring the boring stuff like a company that protects its data effectively. Nevertheless, there are enough breaches and technology failures to be a cause for concern when it’s your data at risk.

Just how secure can companies feel entrusting their information, which may include sensitive client and employee information, to the cloud.

Caitlin Harrison.
Caitlin Harrison.

Caitlin Harrison, senior security consultant at MWR InfoSecurity Johannesburg says that the security standard offered by different cloud providers can and does vary across the board. Consequently, it is not possible to give a single, comprehensive answer about the state of cloud security in general.

“It would be similar to trying to comment on the security of operating systems as a whole,” she adds. “The security will depend on how the product is implemented, who developed and maintains it, and the security of the environment surrounding the deployment.”

You can’t let go

Paul Ruinaard, regional sales manager, sub-Saharan Africa, at Nutanix confirms that the financial risk and fiduciary duty around data security remain with the company whose data it is. “You can outsource your servers to the cloud, but you still need to make sure the cloud is secure – you can’t outsource governance and risk because you’ve put it in the cloud. That means you have to drive quite a rigorous SLA (service-level agreement) and ensure there is governance and risk reporting from the cloud provider.”

Paul Ruinaard.
Paul Ruinaard.

He continues that all local cloud service providers view security as a major issue, but there are some horror stories. Part of the problem is that you must ensure that, if you put data in a cloud and it is not onsite, you have the correct disaster recovery and other services included in your SLA with the cloud provider. “Around two years ago, for instance, a major local ISP was providing virtual machines (VMs) to many large corporates, but the standard SLA did not include disaster recovery or uptime. So, when those VMs fell over, the clients had no recourse around data loss – the ISP was within the SLA of simply providing virtual machines.

“The most recent example is the Amazon S3 outage which affected many companies that make use of Amazon’s cloud services.”

Companies must make sure they’re getting what they pay for and align the services they’ve purchased with what they require – it will come down to price and this is why cloud can actually be quite expensive. “Large corporates simply have to factor high availability, security and disaster recovery into their SLAs with cloud providers, which makes the cloud expensive in certain industries,” says Ruinaard.

Should cloud users sleep at night?

The benefits of cloud computing are touted as a cost saving and the ability to buy or rent as much storage or processing power, or whatever IT component you need, as you need it. You save on having to buy and maintain all the resources under your own roof, and you don’t have to worry about hiring the right IT skills as the cloud provider will have enough to take care of your needs and its other clients.

While that sounds good since it’s another responsibility taken away from the company so the business can focus on its core competencies, in a digital world where data is critical you can’t ignore the importance of and ability to quickly access your information.

Harrison compares cloud services to other outsourcing projects. She says many functions in a business will need to be outsourced. “Where a business lacks the resources and experience to focus completely on a specific function, it may well be safer to rely on companies who specialise in that field than to try to manage it alone.”

As to responsibility, she adds that using cloud services does not mean handing everything over to someone else and washing your hands of what may happen. “It is worth noting that choosing a third party to manage your security does not necessarily amount to abdicating responsibility where security is concerned. Using a third party does not prohibit ongoing engagement with them to ensure they maintain their standards throughout the relationship.”

Ruinaard echoes this, noting, “IT security is encoded into regulations like the Basel II accords and King IV guidelines. Those frameworks all mean that IT security remains primarily your responsibility to your customer, worldwide.

“Similarly, you can’t outsource risk under South African law. So if you are a bank and you put your apps in the cloud, you’re still responsible for the risk attached to your own customer database. You can’t say because it is in the cloud, it is somebody else’s problem.”

He explains there is no regulatory framework in South Africa under which you can defer or devolve risk unless the cloud provider accepts such risk contractually, which means your SLA has to be watertight. “And once an SLA starts including 99.99999% (yes, five nines after the decimal point) uptime and a requirement for no data breaches, it will be a very complex and expensive outsourced contract.”

Moving to the cloud has many benefits, but also a few caveats for the buyer. No matter how many nines one has in the contract or what the service provider promises, it’s worth remembering that it’s your assets under the spotlight and you are still responsible for them – and let’s not forget that you want to keep them because you need them. Make sure the contract you sign takes care of the security issues, as well as backup and recovery. And make sure your data is yours, stays yours and can be retrieved quickly and easily in the format you choose.

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Securing your security
    April 2017, Technews Publishing, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, IT infrastructure
    The digital age has not only seen the security industry migrate to IP, but is now forcing it to be aware of the latest cyber security risks.
  • Empowering the CCTV installer
    April 2017, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    Installers can differentiate themselves by offering remote monitoring as a service for a monthly fee.
  • Axis launches new IP camera running at three frames-per-minute
    April 2017, Axis Communications SA, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    Hi-Tech Security Solutions spoke with Dr Martin Gren about the history of the network camera and what is important to consider when buying an IP camera.
  • How the types of surveillance impact on control room and workstation design
    April 2017, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    People often speak about CCTV surveillance as a relatively simple thing, however, the type of surveillance operation will determine the optimal control room setup required.
  • Management platforms in view
    April 2017, Tyco Security Products, Visec International, Genetec, NUUO Inc., CCTV, Surveillance & Remote Monitoring, Integrated Solutions, Security Services & Risk Management, Products
    It goes without saying that the VMS is critical to surveillance installations. However, which VMS to choose is always an issue. Some are saying that the days of the smaller VMS solutions are over because ...
  • Digital transformation comes in waves
    April 2017, Milestone Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    The time to reinvent your business is now. Cloud-driven digital transformation and the Internet of Things (IoT) are emerging as major drivers of change across entire industries.
  • Power management for surveillance
    April 2017, Clearline Protection Systems, BT-SA, Eurobyte Technology, IT infrastructure, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    Having a safe, reliable source of power is crucial for the continuous operation of any electrically powered piece of security equipment, and for the integrity of the overall installation.
  • 360-degree perimeter protection
    April 2017, Perimeter Security, Alarms & Intruder Detection, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    Spotter allows for complete 360-degree situational awareness, providing peace-of-mind and allowing critical management decisions to be effected.
  • Wireless works for CCTV
    April 2017, MiRO Distribution, RADWIN, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Wireless networking is a reasonable choice for surveillance, as long as one uses the right technology and plans correctly.
  • Addressing smart city communications
    April 2017, RADWIN, CCTV, Surveillance & Remote Monitoring, IT infrastructure
    The future IoT landscape in a smart city will rely on LPWA networks, but it will also require higher speed broadband communication for big data transmission.
  • The future is software (and IoT)
    April 2017, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
    The Internet of Things will have a significant impact on the surveillance industry, and security as a whole. The MEA IoT market alone will be worth over $7 billion in 2017.
  • Do you have a plan for data storage?
    April 2017, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
    One of the most important (and often overlooked) aspects of any successful surveillance system is choosing the most appropriate type of storage.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.