Many small business owners are more concerned about how secure their data is in the cloud, but don’t worry about taking their unencrypted laptops to a local coffee shop. Having a ‘secure’ password doesn’t mean one’s data is protected.
Gartner, a research and advisory company, predicts that by 2022, at least 95% of cloud security failures will be the user’s fault. The challenge is not in the security of the cloud itself, but rather in the policies and technologies for security and control of the technology.
SMEs need to understand where their data protection concerns should lie. Having a ‘secure’ password surely cannot compare to storing one’s data on a multi-billion dollar cloud platform like Microsoft's Azure, Amazon Web Services or Google Cloud.
Instead of asking whether the cloud is secure, they should rather be asking whether they are using the cloud securely. It is nearly always the user, and not the cloud provider, who fails to manage the controls used to protect an organisation’s data.
Small and mid-sized businesses have a relationship with cloud security that reflects a line from Shakespeare: full of sound and fury, signifying nothing.
In part, the blame should be placed on the shoulders of the ‘bakkie brigade’ – a group of IT providers that service the SME sector in South Africa.
Unfortunately, most small businesses have a vested interest in friends and relatives who look after their computers. These ‘IT professionals’ tend to keep software and data local and charge a handsome callout fee every time there’s a problem.
So they sow Fear, Uncertainty and Doubt (FUD) about ‘the Cloud’ while punting their own ‘datacentre’. It’s not even worth commenting on the security of a couple of servers in the IT provider’s basement.
There are very few fortune 500 companies that can compete with the availability and security of Azure, Amazon Web Services or Google Compute, let alone any small or mid-size businesses. There is a massive difference between a real data centre and the local IT provider’s ‘datacentre’.
So, do businesses never get hacked in the cloud? Of course, they do, but Microsoft’s Azure SLA, for example, states that they take responsibility for the security of the cloud service they provide, e.g. the physical components and the network connected layer.
SMEs can run pretty much any service they want from these global cloud platforms, but if they leave remote connections open to the world, give every user that needs access full admin rights, and have a password policy that allows ‘Password123’ as the only form of authentication needed, then they deserve to be hacked.
Don’t blame the platform; securing data is the company’s responsibility and this is according to Protection of Personal Information Act 2013 (PoPI) and the European Union’s General Data Protection Regulation (GDPR).
Next time a ‘trusted advisor’ says the cloud is just not ready yet, consider some of the following statistics: Amazon cloud achieved 49% year-on-year growth in Q1 with $5.44bn in revenue, while Microsoft’s commercial cloud revenue leapt an incredible 58% to $6bn.
There are plenty of good reasons to move to the cloud. It makes good business sense and it allows small business owners to focus on their business. Cloud computing can be used for almost all types of applications, not just business security.
When running one’s own servers, the overall costs of maintenance and management can lead to unforeseen expenditure.
While the idea of cloud computing can sometimes sound complicated, it's clear that it saves its users money.
There are no upfront costs, moving to the cloud is cheaper than one thinks. It involves no upfront investments, as all the IT infrastructure needs will be taken care by the cloud service provider for a fixed cost.
Oliver Potgieter is Alto Africa CTO
Did you love this article?
We’d like to know.
Email The Messenger here