Southern African public sector organisations are moving from experimental to operational cloud use, and the transition is bringing new risks with it. To mitigate these risks and make the most of the efficiency gains the cloud offers, organisations must focus on key security priorities such as enhancing identity management and legislative compliance, and getting to grips with configuration and shared responsibility.
This is according to Muzi Langa, MD of ManTK IT Solutions – a specialist IT security and services provider. Langa says: “As we engage with some of our public sector clients, especially in the southern African region, we see that cloud adoption has moved from experimentation towards operational dependency in the past few years. Organisations are increasingly hosting sensitive workloads, customer data and some of their main cloud systems on the public cloud. This offers significant benefits, but it also changes their risk profile.”
Langa believes that organisations moving sensitive and mission-critical workloads into the public cloud must mitigate risk by increasing their focus on identity as a perimeter; understanding data sovereignty and shared responsibility models, which outline the security responsibilities of customers and cloud providers; and by addressing misconfigurations that put data at risk.
This aligns with Fortinet’s global CISO Predictions for 2026, which highlight key cloud risks such as the industrialisation of cyber crime, AI as a force multiplier, identity as a control plane, and persistent misconfiguration risks. Fortinet’s 2025 Global Threat Landscape Report describes cloud misconfigurations as the CISO’s Achilles’ heel, with open storage buckets and over-permissioned identities continuing to be leading vectors of attack. The Cloud Security Alliance cites a Gartner survey stating that misconfiguration-related issues cause 80% of all data security breaches, with up to 99% of cloud environment failures attributed to human errors.
Langa says: “A key issue as organisations move to the cloud is the changing security perimeter. In traditional environments, security focused on defending the network perimeter, but in a cloud environment, that perimeter no longer exists in a meaningful way. We've got to secure users, APIs, workloads and third-party access to cloud resources from anywhere, making identity the new security boundary.
“Traditional technologies like firewalls, DLP solutions and mail filtering gateways remain crucial, but they don’t necessarily focus on data as a critical asset in cloud-scale, identity-centric environments,” he adds, noting that data protection is now a top priority for business resilience.
“In the cloud environment, weak identity controls are now one of the leading causes of data compromise, so organisations need to focus more on role-based access controls, identity life cycle management and identity governance and administration (IGA).
“Other key risks we see emerging are misconfigurations like publicly accessible storage, and poor cloud security posture management (CSPM),” Langa says. To address these risks, organisations should regularly audit configurations and implement CSPM tools.
Langa says local organisations moving to the public cloud also have concerns around increased public sector audit expectations and regulatory pressure from legislation such as POPIA and GDPR. They have stepped up their focus on data sovereignty and they want to understand where their data sits, what controls are being implemented on that data, how are those controls enforced, how audit logs are maintained and how these factor into regulatory reporting.
To help organisations mitigate the risks associated with cloud computing, ManTK IT Solutions has expanded its security solutions offering and expertise.
“ManTK IT Solution offers cloud security advisory services and cloud security assessments, comprehensive solutions and implementations, and for more mature environments, we also do offensive security assessments to test the efficacy of the controls that they have implemented on a cloud level,” he concludes.
Share