Despite mixed feelings in the market about migrating IT to the Cloud and
uncertainty about the security of that which resides off-site (even that which is
governed by a hybrid Cloud model), the level of security in the Cloud is really a
matter of who you decide to trust with company data.
This is the view of experts at operations who have established leadership
positions in this increasingly competitive area of ICT.
Albie Bester, GM at Pamoja, the Cloud business unit of Pan-African ICT enabler
SEACOM and a wholesale provider of Cloud services, describes the perception of
security risk as the "Achilles Heel of Cloud adoption'.
"In many instances the security flag is raised by IT departments that fear losing
control over a corporations IT decisions. Episodes such as the US National Security
Agencys PRISM program which involved collecting data about internet service users
has not helped to change the security perception,' says Bester. "The notion that
Cloud service is not secure is not entirely accurate.'
Bester contends that just as quality of service will vary between service
providers in other industries, the same can be said about services related to the
"It is possible to get secure Cloud services and in many instances the security of
these services will be better that what most organisations have in place today,' he
Pamojas standpoint has always been to put awareness and education at the
forefront of efforts to change perception.
To this end the company advises the market, specifically users of technology in
companies, to understand the business data security policies and involve their IT
department in this process.
Secondly, it is critical to source a reputable Cloud service provider and, says
Bester, "do your homework' to find out as much as possible about the provider.
"Decision makers must ensure that internal users adhere to data security policies,
a breach can happen at many places in the chain and in many cases it happens
inside the organisation. Since Public Cloud providers will not allow external
technologies in their datacentres customers cant run any services to scan the
environment. Ask your potential Cloud provider about their security model and insist
on certification (e.g. ISO 27001) if it is a company requirement,' Bester adds.
Pamojas leadership reiterate that until all security concerns are satisfactorily
addressed and broad Cloud adoption has become a reality, the issue of Cloud
security will dominate discussions.
However, as Bester contends, just as people trust their mobile service provider
not to divulge sensitive business conversations with unauthorised parties, there is a
case for applying the same level of trust to a credible, experienced and professional
Cloud service provider.