Concerns over information security are the biggest barrier to businesses moving to online cloud-based computing services, says Kgomotso Kganyago, chief security advisor at Microsoft SA.

As companies move to seamless computing and as more international cables land on the shores of the African continent, companies need to realise that security attacks will rise and secure their systems appropriately, he says.

“The cloud is no longer a choice,” says Kganyago. Cloud computing is a “great equaliser” for small businesses and is making IT more dynamic.

Cloud computing is a model where computing resources are delivered over the network in a utility-type model.

Kganyago says the crucial issue is choosing the right cloud model for their needs, whether it’s a public, private, community or hybrid cloud. He says it’s also about finding the right balance of security and cost. Private clouds are perceived as the most secure, but are also the most costly to deploy.

Transparency about what user information companies will store in the cloud, privacy and security measures, and regulatory compliance are the most pressing concerns for businesses looking to move their systems onto cloud-based services. But a lack of regulation and policy governing cloud computing in SA is hampering adoption, Kganyago says.

Companies need to try and prepare for future regulation while providing suitable services today. “There’s fear from IT people that cloud computing is going to take their jobs, but they’re still necessary to mitigate risk, and provide identity and access management,” he says.

Businesses must expect to be able to secure three devices per user, as users increasingly demand to use their own devices for business purposes. “Data classification helps to decide which data is ready for the cloud, under which circumstances and with which controls.”

Different companies require different solutions. For example, data for public consumption like those from Stats SA require great elasticity to meet demand. Highly sensitive data, meanwhile, require anywhere access, strong security controls and possibly a private cloud.

Local and regional government, on the other hand, need to be able to handle a combination of public and sensitive data, is more cost sensitive, and is perhaps best suited to a community-type cloud model.

He says choosing the right model is the first big obstacle and companies need to ensure a secure development lifecycle that will allow them to meet regulatory requirements and “strong, federated identity controls” are essential.

“Security requires looking at the whole system, from hardware and infrastructure all the way up to users and data. You have to look at your whole network, not just part of it, if you are to remain secure while benefiting from the benefits cloud computing offers.” — Craig Wilson, TechCentral