The fear of data loss, security breaches, legislation, among other factors have been identified as primary concerns by organisations and government institutions on why they are reluctant to move to the Cloud. The queries raised by these organisations and government institutions include: Will Cloud put the data at risk? Isn’t on-premise more secure? How can the organisation ensure it is compliant in light of growing regulatory control over how data is accessed, protected and used?
According to a survey conducted by KnowBe4, a security awareness training platform, said most answers lies in the tried and trusted foundations of on-premise solutions that have weathered the storms so far. Cloud computing is the delivery of on-demand computing services -from applications to storage and processing power, typically over the internet and on a pay-as-you-go basis.
The survey noted that some organisations remain convinced that on-premise is more reliable than the cloud. For instance, KnowBe4 said in Kenya, government guidelines recently approved by President Uhuru Kenyatta – safeguards that are considered to be on a par with the General Data Protection Regulation (GDPR) – have put immense pressure on organisations when it comes to data handling and sharing.
According to the survey, when a company faces either a prison sentence or a hefty fine for violating the act, it makes sense for them to panic about security and be more prudent about which provider to share their personal information with. KnowBe4 said this trend is reflected in Nigeria, Ghana, and Rwanda where legislation is influencing decision making when it comes to the Cloud.
Specifically, the survey said in Nigeria, government industries have been advised to stay with their on-premise platforms, while Rwanda has clamped down on its personal data protection with regulations around consent from individuals. Furthermore, it said South Africa is still toying with its Protection of Personal Information Act, “but this is very likely to be signed into law fairly soon. These regulations are all essential in a time when data privacy and security are under scrutiny and the cyber-threat has never been more present. And it makes sense that companies are forming a protective circle around their information and question where and how a provider stores their data before investing into the cloud.”
Accordingly, it informed that due to the far-reaching hands of governments, data sovereignty is a primary concern of institutions moving to the Cloud. Data sovereignty refers to the fact that information stored in the Cloud is subject to the laws of the country in which it is physically stored. For some organisations this concern may be warranted, such as highly regulated government organisations storing highly confidential information.
“Using or not using a cloud provider has no bearing on complying with privacy regulations, as long as adequate safeguards around personal information can be guaranteed. Privacy regulations stipulate organisations take into account the state of the art and industry prior to implementing new solutions. When looking into the information technology landscape today, we can see the moving to the cloud is the most secure, scalable, and reliable way to protect data,” the report said.
KnowBe4 official, Anna Collard, said professional cloud infrastructures are usually safer and more reliable than many on-premise platforms. Collard explained that “One of the most common reasons for this is the lack of security resources organisation can employ. Security skills are hard to come by even globally, and in Africa we only have about 10 000 security professionals across the entire continent. Large companies such as Oracle have employed a security team that is bigger than all the African security professionals together.”
Further to the above claims, KnowBe4 said cloud service providers are in the business of looking after their infrastructure and their client’s data, providing a level of assurance via ISO 27000, PCI DSS, Cloud Security Alliance and other security certifications. Again, Microsoft Azure or Amazon Web Services (AWS) list of security certs is mind bogglingly long – a feat that is difficult to accomplish unless security or IT infrastructure management is your core business.
Another issue is that people often ask if the security on offer by the Cloud service provider is the absolute best on the market. The real question should be whether the security is appropriate for the level of data and services being provided and where the data centre is located to ensure adequate data protection alignment. “Cloud service providers consider all the angles from auditing to phishing to updates to patches and intrusion detection. Their solutions are designed to not just meet industry standards, but to exceed them. This is not only to ensure the safety and security of the customer, but because their own reputation is on the line if they don’t deliver,” Collard stressed.
According to ESG research in January 2020, 67 per cent of enterprises use public cloud infrastructure services to support their IT operations. That number is most likely going to increase even more so over the next few months with the Covid-19 pandemic forcing many organisations to set up work from home. There is no guaranteed road to risk-free business.
Cybercrime is on the rise and it is exceptional sophisticated, leveraging human error and system vulnerability to gain access to systems and damage reputations. Ultimately the cloud is just a third-party provider, the responsibility over the data remains with the data owner, which is the business or organisation processing the data.