Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Access control is paramount for cloud security

1 December 2019 Access Control & Identity Management

Companies are increasingly shifting IT services and applications to the cloud to be readily available to employees, empowering their productivity from wherever they are and from any device. Moving critical business information to the cloud does come with security challenges, with unauthorised access topping the list.

To protect data in the cloud, companies need to have appropriate measures in place to manage and control who has access, based on their credentials. This is according to Charl Ueckermann, CEO at AVeS Cyber Security.

“Before the cloud, everything was hosted on physical servers in your data centre at your premises. If someone wanted access to your data, they had to overcome several security obstacles along the way. A person needed physical access to your server room, to bypass a firewall or intrusion prevention services installed on the servers, and to outwit any other security controls blocking his/her way into the organisation’s databases.

“There is a misperception that if the cloud is secure, measures to control access like this are not necessary, as the data is in a ‘safe place’, so it must be safe. This isn’t necessarily true. The same level of vigilance is required to control access to data in the cloud than what is necessary with data hosted on site. It is also essential to control and manage what different levels of employees can do with that data. Lack of access control, as well as the misuse of employee credentials, means data can be accessed by people who are not allowed to see it,” says Ueckermann.

He explains that companies operate in a highly regulated environment and are obligated to protect their information. To comply with industry or governmental regulations, they should protect their data and carefully control who has access to it.

“Companies cannot rely on usernames and passwords alone to effectively control access to the cloud, as 80% of breaches in the cloud are due to weak passwords[1]. Multi-factor authentication to access cloud services should be non-negotiable. For example, when you use Microsoft’s Authenticator on your smartphone, there are four layers of security. These are: where you are, based on the geographic location from where you are logging in; what you know, being your username and password; what you have, namely your mobile device in your hand; and who you are, which would be your biometric code to access your phone.

“Similarly, you ideally want at least three ways to authenticate your employees before they can access company resources in the cloud. Besides, there should be clearly defined containers to segregate who has access to what information once they have been authenticated. Employees should be granted access only to the information they require to do their work. Authorisation measures should also be in place to ensure that information cannot be downloaded by or shared with people who don’t have permission.


Charl Ueckermann.

“Monitoring tools can also help to pick up on abnormal behaviours. For instance, geolocation control would detect unusual behaviours such as a login by an employee in Pretoria and five minutes later, a login in Germany by someone using the same login details. Monitoring tools will also detect mass downloads, mass deletes and any other activities that are outside the norm,” Ueckermann recommends.

He stresses that employee education should form part of any organisation’s cloud security strategy.

“People tend to trust too easily and not verify enough when it comes to IT security threats. They open emails, click on links, share information, download information and share their passwords without understanding the potential consequences. For a cloud security strategy to succeed, it is vital that employees understand the risks, how their actions can make data vulnerable, and what they can do to keep data safe.”

Ueckermann concludes with these three tips:

• Implement appropriate governance processes and policies to formalise and govern how organisations manage their data security in the cloud.

• Deploy effective technologies that are specific for the cloud to enable identity management and control access to data.

• Relentlessly continue with user education and awareness to make your employees part of the solution rather than a vulnerability.

Reference: [1] Martins, A. (2019, 02 27) – ‘Poor Access Management Leads to Majority of IT Hacks, Study Finds’. Retrieved from https://www.businessnewsdaily.com/11310-cyberattacks-poor-access-management.html




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Centurion raises the bar at HomeSec Expo
Centurion Systems News & Events Access Control & Identity Management Residential Estate (Industry) Smart Home Automation Commercial (Industry)
Centurion Systems unveiled its latest product lines at HomeSec Expo 2026, introducing SMART+, a simpler way for installers and end users to manage their Centurion installations - as well as a few new products.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
Protecting citizens’ identities: a shared responsibility
Access Control & Identity Management
A blind spot in identity authentication today is still physical identity documents. Identity cards, passports, and driver’s licences, biometric or not, are broken, forged, or misused, fueling global trafficking networks and undermining public trust in institutions.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...
Access as a Service is inevitable
Technews Publishing SMART Security Solutions ATG Digital Access Control & Identity Management Infrastructure
When it comes to Access Control as a Service (ACaaS), most organisations (roughly 90% internationally) plan to move, or are in the process of moving to the cloud, but the majority of existing infrastructure (about 70%) remains on-premises for now.

Read more...
From surveillance to insight across Africa
neaMetrics TRASSIR - neaMetrics Distribution Access Control & Identity Management Surveillance Products & Solutions
TRASSIR is a global developer of intelligent video management and analytics solutions, delivering AI-driven platforms that enable organisations to monitor, analyse, and respond to events across complex physical environments.

Read more...
Securing your access hardware and software
SMART Security Solutions Technews Publishing RBH Access Technologies Access Control & Identity Management Information Security
Securing access control technology is critical for physical and digital security. Every interaction between readers, controllers, and host systems creates a potential attack point for those with nefarious intent.

Read more...
Access trends for 2026
Technews Publishing SMART Security Solutions RR Electronic Security Solutions Enkulu Technologies IDEMIA neaMetrics Editor's Choice Access Control & Identity Management Infrastructure
The access control and identity management industry has been the cornerstone of organisations of all sizes for decades. SMART Security Solutions asked local integrators and distributors about the primary trends in the access and identity market for 2026.

Read more...
Access data for business efficiency
Continuum Identity Editor's Choice Access Control & Identity Management AI & Data Analytics Facilities & Building Management
In all organisations, access systems are paramount to securing people, data, places, goods, and resources. Today, hybrid systems deliver significant added value to users at a much lower cost.

Read more...
Luxury residential access
Access Control & Identity Management Residential Estate (Industry)
Clifftown Shore is an exclusive collection of 51 luxury 1, 2 and 3-bedroom seafront apartments and penthouses set within a protected conservation park area, served by CAME’s XiP system and door entry system.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.