Securing the cloud?


Cloud services have come of age in Malawi, with the recent release of Microsoft cloud services, especially Office 365, to the local market you will know from previous columns that I have been championing cloud services for quite some time.

This growing range of services offers small and large businesses an efficient and cost effective way of managing their IT services and infrastructure in the local and global market. This is predicted to be worth $5.9 billion by the end of 2016.Research has shown that 88 percent of enterprises in developed countries use the public cloud in one way or the other. The use of cloud services among personal users has also exploded with Microsoft gaining 39 percent market share with its Office 365 product range.

Cloud services—sometimes called hosted services—offers clients the opportunity to outsource their IT software (Saas), infrastructure (Iaas) or platforms (Paas). This means that the clients will not need to install and maintain a costly IT centre on their premises.


So, for example, your financial software can be run in the cloud and be accessed by any device (including smartphones and tablets) wherever you have internet access. You are not tied down to attending your office to access your systems, or restricted to a single device. The most common usage of cloud services worldwide is for e-mail services.

IT professionals should by now have tested and assessed this technology with a view towards briefing their management teams. The benefits appear too good to be true. In Malawi currently, a number of ISP and communications companies are offering a range of services, mainly based around infrastructure outsourcing. But careful assessment needs to be given to a number of areas, most notably security.

Questions need to be asked of your current, or proposed service provider, to ensure that you make the right choice. Does your provider have formal written information security policies? This is essential, if they are to be trusted with your sensitive company, client or staff data.


These policies need to be re-visited by them regularly to ensure full protection of your data in the face of changing technology. What procedures are in place to restrict physical access to their date processing equipment and network equipment? One of the great benefits of centralised data services is the high level of disaster recovery services that can be achieved.

You do need to check a few basic issues. What power backup services do they offer on your data access in the event of public power downtime? How long does this last? What redundancy do they offer on their VPN and internet links? Once you have assured yourself of these you will need to find out what their disaster recovery plan is for you as their client, as well as their facilities in total. Well defined plans will minimise the length and impact of loss of service due to disaster.

Have they tested their disaster recovery plan, when and how often? It would be useful to look at their recent external audit report and their IT strategy document. Scrutinise is their data segregation policy. In other words, how do they keep your data safe and secure from data belonging to other clients? How do they remove or destroy redundant data, that may belong to you, from their devices? How about encryption of data and backups? What controls they have to detect attacks and breaches? What is their reporting policy if your data has been breached? Are you given access to logs and traffic details on your data so that you can assess misuse?

Approach prospective vendors with tremendous care to ensure that you are handing over data and process well. Ensure that your contractual documentation reflect satisfactory procedures and answers to all the points above as a start.

Show More

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker