Why African Enterprises’ Cloud Journeys Require Holistic Cybersecurity Strategies 

Cybersecurity Threats in 2021

Cybersecurity Threats in 2021

Ola Williams

The future is cloud-first. According to Gartner, global cloud spend is forecast to reach $178B in 2022, and although Africa may lag behind the rest of the world’s cloud adoption with only 15 per cent cloud penetration, the continent’s public cloud market has doubled in the past three years. To remain competitive in a digitally transformed business environment, agile enterprises around the world have also adopted cloud technology to enable new ways of working for their distributed-, remote- and hybrid workforces.

And this new way of working isn’t going anywhere: 60 per cent of global knowledge workers are currently remote, and at least 18 percent will not return to the office. Africa has embraced this trend, too. According to a 2022 International Labour Organization report that covered more than 1,000 enterprises in 15 African countries, nearly 36 per cent of employees worked remotely during the pandemic. The report also reveals that while most future workplaces in Africa won’t be fully remote, they will be either in-person or hybrid.

Enterprise-wide cloud adoption is increasing as digital-first business leaders look to ensure flexibility through hybrid work, market agility, and business continuity throughout their daily operations. Paradoxically, however, when a rapid digital evolution is not approached strategically with end-to-end security in mind, it can leave enterprises more vulnerable to cybersecurity threats due to a wider set of risks spread across multiple surfaces and entry points. This is particularly important during a cloud migration, when the rush to move business-critical workflows from on-premise to the cloud can unintentionally (and easily) open backdoors to bad actors.

A robust, end-to-end cybersecurity strategy – every step of the way

Cybersecurity remains a significant concern for enterprises in Africa, as according to the Club of Information Security Experts in Africa (CESIA), in 2022, more than half of companies in Africa believe they are not prepared to handle a large-scale cyberattack. And Interpol’s Africa Cyberthreat Assessment report found that more than 90 per cent of businesses on the continent operate without the necessary cybersecurity protocols.

According to a recent IDC security survey commissioned by Microsoft, only 16% of organizations in Nigeria have implemented a full end-to-end security strategy with shared responsibilities, risk tolerances, classified events, and recovery plans in case of an attack. Another 15% of surveyed organizations have implemented – but not formally tested or reviewed – a security strategy. Organizations in Nigeria still lag in terms of security solution implementations.

With the acceleration of digital transformation enabling cloud-first and hybrid work environments, it’s more important than ever to have a robust, end-to-end cybersecurity strategy in place – right from the beginning of the cloud journey, and every step of the way.

Cloud environments are more complex to secure, and a ‘lift-and-shift’ migration approach is no longer feasible. Increased hardware, software, and network fragmentation (on-premise, cloud, and hybrid) result in access-control and human-error risks – the latter often being the biggest reason why cyber threats take hold in the first place. In fact, a Stanford University study confirmed that around 88 per cent of all data breaches are caused by an employee mistake. For example, an employee simply failing to limit permissions on a cloud database can easily open the entire organisation to a cyberattack.

Approximately 20% of organizations in Nigeria indicated that training non-IT employees in security awareness is one of the most important steps for increasing security. Although this percentage is fairly low, it is expected to increase, with many more organizations expected to launch security awareness campaigns.

Consistency – and shared responsibility – is key

A consistent cloud migration strategy that focuses on keeping data integrity intact from the start is key. The strategy must also be holistic to include ongoing regulatory compliance (a constantly evolving space) and, importantly, employee cybersecurity awareness. As more enterprises embrace the public cloud, a crucial factor is often overlooked on this point: cybersecurity is a shared responsibility between the customer (the enterprise and its employees) and the provider. For example, if an enterprise stores its data in a data centre, it must proactively set up and manage its own cybersecurity policies. Cybersecurity must therefore include the entire organisation and not just be siloed with the CIO and IT function, or even the provider.

The right approach is security-first

This is why it’s essential to have the right cloud provider as a partner when undertaking cloud migration. A security-first partner like Microsoft has Zero Trust built into its cloud architecture and cloud-based solutions, whether public or hybrid, and can provide valuable guidance throughout an enterprise’s digital transformation journey. In fact, Microsoft boasts more than 3,500 full-time security professionals who use AI to analyse more than 24 trillion signals a day across email, endpoints, and identities.

The impact of the Covid-19 pandemic forced more businesses to connect online than ever before. Remote- and hybrid working environments have also meant that more devices, networks, and connection points have expanded the threat surface, bringing the need for a robust and holistic security strategy to the fore. As enterprises across the continent continue to ramp up their digital transformation journey, security must be considered every step of the way to ensure a safer digital environment for all.

Ola Williams is Country Manager, Microsoft Nigeria

Related Articles