Cloud computing is becoming a serious feature in the security industry – albeit with limited success in South Africa. What is the current state of cloud services when it comes to security, especially surveillance?

  • Cloud computing is becoming a serious feature with regards to surveillance. Businesses which previously did not have the correct security measures in place, are now adopting cloud solutions as the need for more holistic security increases.
  • There is much to be considered when it comes to surveillance however, and questions inevitably have arisen around who has the right to monitor whom, and what the acceptable parameters are as far as surveillance goes. For this reason, the cloud in its current state is constantly evolving and it will be some time before it is clearly defined.

And how secure is your cloud provider and the data you entrust to them

  • The security of your data is largely dependent on partnering with a reputable cloud provider, and you will only know how safe your data is after conducting the right research and verifying the credibility of your cloud provider. It’s important to note however, that even when trust is established, as a business you should still be running constant checks on your environment, asking for audit logs and regularly updating passwords to verify that your data is safe.

What questions do users need to ask of their cloud provider, especially today when data seems to be freely given to government agencies to snoop on – never mind the ease with which hackers seem to be able to steal our data?

  1. Are there policies in place to safeguard data, what are these?
  2. Which policies, as a business should I have in place to protect data internally?
  3. Where is my data stored?
  4. Who has access to my data?
  5. Can I access the audit logs?
  6. What authentication is used to verify the person accessing my data?
  7. Are systems updated continuously, do you upgrade/ maintain in batches when necessary or do you rely on yearly updates as they roll out?
  8. Do you research on the latest threats that are target driven – and how soon do you implement those fixes to ensure the environment is secure?

Is it safe to store your data on servers hosted overseas?

  • Data stored overseas is relatively safe, but again, this is largely dependent on the security levels of your data centre. Because data stored overseas is subject to the laws and policies in that country, it is not advisable to store your data overseas if it contains critical information that is of a personal nature to either another individual, or business. This means that your data could potentially be accessed under those laws without your permission.

Is it even legal under PoPI to do that?

  • After the Safe Harbour Agreement was abolished in October 2015, businesses now have to abide by the laws of the country that data is stored in. When it comes to PoPI, it is theoretically legal to store data overseas- provided you are able to prove you have measures of security in place. While the law is in place, however, the regulation of PoPI is not yet clear and it remains to be seen how it will be enforced.

Do we need to encrypt everything? If so, how?

  • When it comes to data security, it is advisable and considered best practice to encrypt all of your data. This can be achieved by ensuring:
    1. That your data is password protected
    2. That you have TLS (transfer layer security) in place
    3. That encryption policies are in place for all data in transit
    4. That it is feasible to do maintenance and updates regularly
    5. That passwords are consistently updated

As for hosted security services: Is it safe to rely on a remote server owned and operated by a third party to control your access or perimeter security systems and data?

  • If your business does not have the correct IT skills in house to protect your environment, it is in fact advisable to rely on a third party. Partnering with a company that has in depth knowledge of what would put your business at risk, is the safest option when it comes to controlling perimeter security systems and data.

Who offers these services and what are the benefits for users?

  • Larger ISPs are most likely to offer hosted security services, and the benefits include:
    1. No costly CAPEX
    2. Ease of access to regular maintenance updates
    3. Access to IT skills that may not be available in house
    4. Affordable model, where you can keep upgrading your environment
    5. Maximise in house IT skills to benefit your company more efficiently
    6. Solution which grows with your business needs