Experts warn that the majority of African organisations do not administer security protocols over their data and systems when using a cloud-based service, shifting full responsibility to the service providers.
Riaan Badenhorst, General Manager at Kaspersky Lab Africa, said, “According to our survey, 59% of small-to-medium businesses think that providers should protect their files on team document sharing sites, 57% say providers are responsible for protection of marketing automation, and 58% figure a third party must secure trading software.”
He added that, “Worryingly, businesses do not take cloud security seriously, with 42% of businesses being sure in their data security, however uncertain about where their data lives. This uncertainty leads to a ‘cloud zoo’ scenario, with many businesses finding themselves in a data jungle with a lack of control and visibility of their data.”
Badenhorst said some organisations do not have the funds to recruit cyber security experts.
The Africa Cybersecurity Report 2017 by Serianu suggested that out of Africa’s population estimate of 1.3 billion in 2017, there were only 10,000 cybersecurity certified professionals, a number that the company explains cannot meet the continent’s IT security demands
According to Badenhorst, companies operating in countries that lack data legislation should adopt global standards in securing data – specifically in line with developments including Europe’s GDPR law.
He also advised that organisations prioritise equipping their in-house teams with the ability to handle data such as passwords and cloud sensitive information.
Organisations must ensure that they are enabling cloud ecosystem visibility, to give businesses a clear view of what data resides where.
“Each part of the cloud infrastructure – be it hybrid, hosted or public cloud – should have its own set of security measures as if it were data being protected within the company network on the horizon. This ensures visibility, which ultimately enables control,” Badenhorst said.