Select Page

Access control is paramount for effective security of data in the Cloud – expert

Access control is paramount for effective security of data in the Cloud – expert

Companies are increasingly shifting IT services and applications to the Cloud to be readily available to employees, empowering their productivity from wherever they are and from any device.

Moving critical business information to the Cloud does come with security challenges, with unauthorised access topping the list. To protect data in the Cloud, companies need to have appropriate measures in place to manage and control who has access, based on their credentials. This is according to Charl Ueckermann, CEO at AVeS Cyber Security.

“Before the Cloud, everything was hosted on physical servers in your data centre at your premises. If someone wanted access to your data, they had to overcome several security obstacles along the way. A person needed physical access to your server room, bypass a Firewall or Intrusion Prevention Services installed on the servers, and outwit any other security controls blocking his/her way into the organisation’s databases,” he said.

“There is a misperception that if the Cloud is secure, measures to control access like this are not necessary, as the data is in a ‘safe place’, so it must be safe. This isn’t necessarily true. The same level of vigilance is required to control access to data in the Cloud than what is necessary with data hosted onsite. It is also essential to control and manage what different levels of employees can do with that data. Lack of access control, as well as the misuse of employee credentials, means data can be accessed by people who are not allowed to see it,” added Ueckermann.

He explained that companies operate in a highly-regulated environment and are obligated to protect their information. To comply with industry or governmental regulations, they should protect their data and carefully control who has access to it.

Companies cannot rely on usernames and passwords alone to effectively control access to the Cloud, as 80% of breaches in the Cloud are due to weak passwords.1 Multi-factor authentication to access cloud services should be non-negotiable. For example, when you use Microsoft’s Authenticator on your smartphone, there are four layers of security. These are: where you are, based on the geographic location from where you are logging in; what you know, being your username and password; what you have, namely your mobile device in your hand; and who you are, which would be your biometric code to access your phone, he said.

“Similarly, you ideally want at least three ways to authenticate your employees before they can access company resources in the Cloud. Besides, there should be clearly defined containers to segregate who has access to what information once they have been authenticated. Employees should be granted access only to the information they require to do their work. Authorisation measures should also be in place to ensure that information cannot be downloaded by or shared with people who don’t have permission,” he added.

According to him monitoring tools can also help to pick up on abnormal behaviours. For instance, Geolocation control would detect unusual behaviours such as a login by an employee in Pretoria and five minutes later, a login in Germany by someone using the same login details. Monitoring tools will also detect mass downloads, mass deletes and any other activities that are outside the norm.

He stressed that employee education should form part of any organisation’s cloud security strategy. “People tend to trust too easily and not verify enough when it comes to IT security threats. They open emails, click on links, share information, download information and share their passwords without understanding the potential consequences. For a cloud security strategy to succeed, it is vital that employees understand the risks, how their actions can make data vulnerable, and what they can do to keep data safe.”

Meanwhile Ueckermann concluded with the following tips: Implement appropriate governance processes and policies to formalise and govern how organisations manage their data security in the Cloud; Deploy effective technologies that are specific for the Cloud to enable identity management and control access to data and Relentlessly continue with user education and awareness to make your employees part of the solution rather than a vulnerability.


Caption: Reference: 1. Martins, A. (2019, 02 27). Poor Access Management Leads to Majority of IT Hacks, Study Finds. Retrieved from businessnewsdaily: https://www.businessnewsdaily.com/11310-cyberattacks-poor-access-management.html


 

About The Author

Guest Contributor

A Guest Contributor is any of a number of experts who contribute articles and columns under their own respective names. They are regarded as authorities in their disciplines, and their work is usually published with limited editing only. They may also contribute to other publications. - Ed.

Following reverse listing, public can now acquire shareholding in Paratus Namibia

Promotion

20 February 2020, Windhoek, Namibia: Paratus Namibia Holdings (PNH) was founded as Nimbus Infrastructure Limited (“Nimbus”), Namibia’s first Capital Pool Company listed on the Namibian Stock Exchange (“NSX”).

Although targeting an initial capital raising of N$300 million, Nimbus nonetheless managed to secure funding to the value of N$98 million through its CPC listing. With a mandate to invest in ICT infrastructure in sub-Sahara Africa, it concluded management agreements with financial partner Cirrus and technology partner, Paratus Telecommunications (Pty) Ltd (“Paratus Namibia”).

Paratus Namibia Managing Director, Andrew Hall

Its first investment was placed in Paratus Namibia, a fully licensed communications operator in Namibia under regulation of the Communications Regulatory Authority of Namibia (CRAN). Nimbus has since been able to increase its capital asset base to close to N$500 million over the past two years.

In order to streamline further investment and to avoid duplicating potential ICT projects in the market between Nimbus and Paratus Namibia, it was decided to consolidate the operations.

Publishing various circulars to shareholders, Nimbus took up a 100% shareholding stake in Paratus Namibia in 2019 and proceeded to apply to have its name changed to Paratus Namibia Holdings with a consolidated board structure to ensure streamlined operations between the capital holdings and the operational arm of the business.

This transaction was approved by the Competitions Commission as well as CRAN, following all the relevant regulatory approvals as well as the necessary requirements in terms of corporate governance structures.

Paratus Namibia has evolved as a fully comprehensive communications operator in Namibia and operates as the head office of the Paratus Group in Africa. Paratus has established a pan-African footprint with operations in six African countries, being: Angola, Botswana, Mozambique, Namibia, South Africa and Zambia.

The group has achieved many successes over the years of which more recently includes the building of the Trans-Kalahari Fibre (TKF) project, which connects from the West Africa Cable System (WACS) eastward through Namibia to Botswana and onward to Johannesburg. The TKF also extends northward through Zambia to connect to Dar es Salaam in Tanzania, which made Paratus the first operator to connect the west and east coast of Africa under one Autonomous System Number (ASN).

This means that Paratus is now “exporting” internet capacity to landlocked countries such as Zambia, Botswana, the DRC with more countries to be targeted, and through its extensive African network, Paratus is well-positioned to expand the network even further into emerging ICT territories.

PNH as a fully-listed entity on the NSX, is therefore now the 100% shareholder of Paratus Namibia thereby becoming a public company. PNH is ready to invest in the future of the ICT environment in Namibia. The public is therefore invited and welcome to acquire shares in Paratus Namibia Holdings by speaking to a local stockbroker registered with the NSX. The future is bright, and the opportunities are endless.