Subscribe
  • Home
  • /
  • Security
  • /
  • Controlling access is number one priority for protecting data in the cloud

Controlling access is number one priority for protecting data in the cloud


Johannesburg, 20 Jul 2017

South African businesses, like many worldwide, are increasingly shifting applications, services and infrastructure to the cloud where they are more accessible and available, thereby enabling productivity and business continuity for employees. However, according to Securicom - a leading South African managed IT security company - companies are discovering that the cloud presents unique security challenges, amongst which unauthorised access and misuse of employee credentials rank highly.

"Cloud apps and services to empower employee productivity and business continuity are becoming mainstream, but we are definitely noticing a lack of competency and preparedness amongst local businesses in dealing with the associated IT security challenges. The conventional methods of securing IT infrastructure do not adequately address the threats associated with the cloud," says Securicom's Richard Broeke.

Similar to findings in the just released Cloud Security Spotlight Report by Crowd Research Partners, Securicom's experience in the local market also demonstrates that poor management and control of access to cloud based infrastructure, apps and data in the cloud are a major threat to companies' IT security.

"Poor access control and misuse of employee credentials means that data is being exposed to people who aren't authorised to see it. While exposure of salary and income information to unauthorised eyes is never appropriate, things become far more sinister when confidential information such as banking details or sensitive business intelligence is exposed outside the company or is accessed by employees who have malicious intentions.

"Insider threats to IT security are well documented and for the most part, companies have tried to implement controls to on-premises infrastructure to curtail the problem. But, these controls are not effective for the cloud. Comprehensive and more effective management and control solutions that are specific to the cloud are needed to protect data in the cloud," explains Broeke.

Nowadays, companies across most industries operate in a highly regulated environment and are required to control and protect their information. In compliance with their industry or governmental regulations, they should therefore know where their data is, who is able to access it, and how it is being protected. When access to cloud resources is uncontrolled, with the potential of exposing the information they are required to protect, companies are in violation of regulatory requirements which can have serious repercussions. For instance, when employees move restricted data into the cloud without authorisation, business contracts may be violated and legal action could result.

In addition to the information and apps that companies themselves make available in the cloud for their users, employees are also bringing their own preferred apps into the equation. Employees choose apps based on their ability to assist them in working more efficiently but they aren't aware of the risks of storing corporate data in unsecured apps. With the plethora of apps available, Broeke says a lot of companies do not even know which apps are at play in their enterprises.

"It makes the challenge of protecting information in the cloud more complex because now, in addition to unauthorised people accessing cloud resources which are meant for authenticated personnel only, you also have all levels of users uploading sensitive information to a host of cloud-based apps that you aren't even aware of," he says.

"The approach to protecting company information floating in the cloud must therefore encompass controlling access to the company's cloud-based resources as well as managing the number and nature of cloud-based apps that employees introduce to the environment. This must be coupled with setting and enforcing sound security policies across cloud environments," concludes Broeke.

Share

Securicom

Securicom is a leading managed IT services vendor in Africa, with global presence. It is one of a handful of local vendors to offer an end-to-end range of fully managed IT security services for the cloud, from the cloud. Its consumption-based services are available through a select partner network in Africa.

Securicom's holistic suite of solutions provides comprehensive weaponry and proactive defence against the host of threats that afflict businesses today from endpoint protection, managed firewalls, and advanced Fortigate reporting, to WAN and LAN optimisation; e-mail content management, and mobile device management.

Solutions are packaged to harness the capabilities of best-of-breed technologies including Symantec Brightmail, Riverbed, Fortinet, logMojo, and XenMobile. Solutions are hosted upstream at Securicom's highly-secure, local data centres.

Securicom has offices in Johannesburg, Cape Town and Namibia; and offers its services in 10 other African countries. For more information on Securicom, please visit www.securicom.co.za.

Editorial contacts

Kerry Webb
Securicom
(082) 496 0713