Africa debate whether to remain on-premise or move to the cloud

Security, risk, data loss, and legislation. These are the primary concerns listed by organizations and government institutions when asked why they are reluctant to move to the cloud.

 It is the perennial debate – will cloud put the data at risk? Isn’t on-premise more secure? How can the organization ensure it is compliant in light of growing regulatory control over how data is accessed, protected and used?

For many, the answer lies in the tried and trusted foundations of on-premise solutions that have weathered the storms so far. The problem is that this isn’t necessarily the right answer…

Some organizations remain convinced that on-premise is more reliable than the cloud. In Kenya, government guidelines recently approved by President Uhuru Kenyatta – safeguards that are considered to be on a par with the General Data Protection Regulation (GDPR) – have put immense pressure on organizations when it comes to data handling and sharing.

When a company faces either a prison sentence or a hefty fine for violating the act, it makes sense for them to panic about security and be more prudent about with which provider to share their personal information with.

This trend is reflected in Nigeria, Ghana and Rwanda where legislation is influencing decision making when it comes to the cloud. In Nigeria, government industries have been advised to stay with their on-premise platforms. Rwanda has clamped down on its personal data protection with regulations around consent from individuals.

South Africa is still toying with its Protection of Personal Information Act, but this is very likely to be signed into law fairly soon. These regulations are all essential in a time when data privacy and security are under scrutiny and the cyber-threat has never been more present. And it makes sense that companies are forming a protective circle around their information and question where and how a provider stores their data before investing into the cloud.

Due to the far-reaching hands of governments, data sovereignty is a primary concern of institutions moving to the cloud. Data sovereignty refers to the fact that information which is stored in the cloud is subject to the laws of the country in which it is physically stored. For some organisations this concern may be warranted, such as highly regulated government organisations storing highly confidential information.

However, even highly regulated organisations are taking advantage of what the cloud has to offer by taking a hybrid approach.

For more sensitive confidential information, the data is stored on-premise, and other processes that are less sensitive, are outsourced to third party cloud providers. This is a reasonable approach. However, most companies don’t have the skilled manpower or budget to build a secure hybrid approach, or even an on-premise solution, which is why not moving to the cloud becomes a business risk.

At the same time the truth is that while many organisations cling to on-premise as the solution, it can be the most dangerous of the two.

Using or not using a cloud provider has no bearing on complying with privacy regulations, as long as adequate safeguards around personal information can be guaranteed. Privacy regulations stipulate organisations take into account the state of the art and industry prior to implementing new solutions. When looking into the information technology landscape today, we can see the moving to the cloud is the most secure, scalable, and reliable way to protect data.

“Professional cloud infrastructures are usually safer and more reliable than many on-premise platforms,” explains Anna Collard at KnowBe4. “One of the most common reasons for this is the lack of security resources organisation can employ. Security skills are hard to come by even globally, and in Africa we only have about 10 000 security professionals across the entire continent. Large companies such as Oracle have employed a security team that is bigger than all the African security professionals together.”

Cloud service providers are in the business of looking after their infrastructure and their client’s data, providing a level of assurance via ISO 27000, PCI DSS, Cloud Security Alliance and other security certifications.  Microsoft Azure or Amazon Web Services (AWS) list of security certs is mind bogglingly long –a feat that is difficult to accomplish unless security or IT infrastructure management is your core business.

Another issue is that people often ask if the security on offer by the cloud service provider is the absolute best on the market. The real question should be whether the security is appropriate for the level of data and services being provided and where the data centre is located to ensure adequate data protection alignment.

“Cloud service providers consider all the angles from auditing to phishing to updates to patches and intrusion detection,” concludes Collard. “Their solutions are designed to not just meet industry standards, but to exceed them. This is not only to ensure the safety and security of the customer, but because their own reputation is on the line if they don’t deliver.”

According to ESG research in January 2020 67% of enterprises use public cloud infrastructure services to support their IT operations. That number is most likely going to increase even more so over the next few months with the Covid-19 pandemic forcing many organisations to set up work from home.

 There is no guaranteed road to risk-free business. Cybercrime is on the rise and it is exceptional sophisticated, leveraging human error and system vulnerability to gain access to systems and damage reputations. Ultimately the cloud is just a third-party provider, the responsibility over the data remains with the data owner, which is the business or organisation processing the data.

Performing a third-party risk assessment and reviewing the cloud provider’s security certifications should be standard practice to ensure adequate security will be applied, regardless of where the data is stored and should help greatly in the decision-making process.

While it’s perfectly understandable for the business to hold onto what it knows – the on-prem solution – cloud has become a powerful and reliable ally that can not only surpass most on-prem solutions, but can do so at a lower cost and with better security.

www.knowbe4.com

Cloud-computing solutions can reduce banking costs in Africa, report

More than 700 million Africans lack access to a bank or mobile money account and only 41 per cent of Africans are financially included.

This is due to the high cost of providing financial services in Africa which forces many financial services providers to remain focused on serving wealthier customers.

These are some of the many insights from the report Cloud Banking in Africa: The Regulatory Opportunityby Genesis Analytics and Orange Business Services on how the application of cloud computing in financial services can help financial services providers reach and serve the poor. 

Part of the cost problem is that financial institutions in Africa are so much smaller than elsewhere – the biggest bank in Africa (SBSA with assets of $148 billion) ranks 296th globally; most banks in Africa have assets of less than $5 billion. But African consumers are increasingly expecting these banks to provide the same range of digital services as banks in other countries. This is why consumers have been turning to mobile banking in such numbers. The telecommunications companies have been much more successful at delivering affordable financial services than banks are, but also need to find new ways to reduce costs if they are to reach out to even poorer customers. 

Cloud computing creates an opportunity for providers of financial services to rethink their technology spend and significantly reduce costs. Cloud computing involves using internet technologies to provide virtual infrastructure that is scalable and delivered as a service. Fixed costs can be converted into a subscription-based approach and upfront capital investments are converted into operational costs. Cloud computing allows banks to pay less for ICT infrastructure and services and achieve higher utilisation on ICT spend. Particularly for small banks in small markets where specialised ICT skills are in short supply, cloud computing can ease a critical operational constraint.

The most compelling reason to move to the cloud is undoubtedly cost savings, but there are other business reasons too. The flexibility of cloud-based operational models allows financial institutions to experience shorter development cycles for new products, which supports a faster and more efficient response to the needs of customers. Cloud computing provides the computer power necessary to deliver analytical insights in real time, which enables financial institutions to move towards a customer-centric model where the financial needs of customers are fully understood. Financial institutions can also gain a higher level of data security, resilience, fault tolerance and disaster recovery from cloud computing.

A few international and African banks have already realised the value of cloud banking. WeBank is China’s first digital bank that is based in a private cloud and uses innovative technologies, such as Artificial Intelligence and blockchain, to effect an extraordinarily high volume of transactions at a very low cost. WeBank has been able to run at 95% lower cost than that of traditional banks’ IT operations and has passed this cost saving onto their customers in the form of low account fees. TymeBank is a new digital entrant to the South African banking sector and has made a 56% cost saving compared to other startups by using cloud services from AWS.

Before financial service providers can adopt cloud banking, regulators need to support and approve the use of cloud technology within the financial sector. Some international regulators are already allowing the use of cloud banking in the financial sector. The European Union has been at the forefront of defining an enabling regulatory environment for cloud banking services, which has involved both the regulation on the use of data and privacy and protection of data. Under the regulations, financial institutions have to ensure that consumer personal data is gathered legally and under strict conditions and that consumer data is fully protected. Other developing markets like Turkey and Argentina have adopted similar legal and regulatory environments, which has enabled the use of cloud banking in their financial sectors. 

Africa’s financial sector regulators’ approaches are very much work in progress. The report urges African regulators to develop clear policy positions and regulations on data privacy, risk and security; data sovereignty; cybercrime; protection of intellectual property; vendor risk; and migration complexity and operational risk to enable financial institutions to reap the benefit of cloud banking.

Genesis Analytics is a global African firm that has worked in more than 74 countries across the world, 41 of which are on the continent, and Orange Business Services is a network-native digital services company and the global enterprise division of the Orange Group, connecting, protecting and innovating for enterprises around the world.

The full report can be accessed here

www.genesis-analytics.com

www.orange-business.com

[[$links]]

[Column] Rentia Booysen: It is time to adopt multi-cloud

Companies have been preparing for a multi-cloud world for some time, even if they were not aware of doing so.

The arrival of international data centres in South Africa means decision-makers have access to additional cloud options, thereby providing the impetus for multi-cloud to become a more intentional strategy in the months to come.

But what does this equate to?

A multi-cloud environment refers to policy-based and coordinated service provisioning, use, and management across a mixture of internal and external cloud services. Such has been its growth that research shows 81% of public cloud users surveyed are working with two or more providers.

Not only does it provide the means to avoid vendor lock-in, but going this route empowers organisations to select the best environments for specific tasks. Cloud Provider A could be ideal for business continuity and disaster recovery. At the same time, Cloud Provider B provides access to innovations such as artificial intelligence (AI) and machine learning (ML) more cost-effectively.

More than hardware

However, a true multi-cloud environment is not about how many service providers a business uses. Instead, it revolves around how to operationally transform the company by integrating all aspects of its cloud offerings, whether these are private, public, or hybrid. The technology, therefore, plays just a part in this approach. More importantly, the extent to which organisations are willing to embrace this new way of thinking becomes a key factor.

In the past, this might have entailed moving just one application to the cloud. Now, the level of sophistication has evolved along with the strategic priorities of the organisation. Therefore, a mix of public and private clouds along with on-premise infrastructure can be considered a standard operating model.

But irrespective of the level of cloud adoption utilised, a company requires unified, automated, and AI-driven management at a software level. This enables the business to create an architecture capable of evolving as companies seek ways to modernise their enterprise networks. Companies can use such a solution to simplify growth throughout their migration from secure routers to software-defined networks (SD-WAN) and, ultimately, to a multi-cloud network automated by AI.

User-focused

An AI environment introduces automation that improves user experiences and simplifies operations, providing reliability and agility while extending visibility across the enterprise, both on-premise and off.

The right software provides the business with a foundation to easily add multi-cloud endpoints, security, monitoring, and third-party network services to its SD-WAN. IT departments can now easily manage this every step of the way using a multi-cloud orchestration solution. It even enables the business to run software and virtual endpoints on its own infrastructure or on that of public cloud service providers such as Amazon AWS, Google Cloud, and Microsoft Azure.

Think of this multi-focused environment as part of the process of how the cloud-native technology stack is evolving and becoming more sophisticated.

With data driving all decision-making at a company, irrespective its size and industry, the resources provided by the high-performance computing capabilities of the cloud cannot be ignored. But instead of going the ‘all or nothing’ route, a business can select how to use the cloud services (and providers) that make the most sense at any given point in time. The ability to turn on and off resources as required is a more efficient value proposition that provides complete control over cloud costs.

Furthermore, this dynamic enables the business to still maintain control of sensitive data that can remain on-site while getting the flexibility of AI and ML for data analysis as required. All told, the multi-cloud does present an exciting value proposition to South African organisations as they start competing against others on the continent and beyond.

Rentia Booysen is Collaboration Business Unit Manager at Westcon-Comstor Sub-Saharan Africa

[Column] Kabelo Makwane: Agriculture and its future on Mars

Cloud computing is the delivery of on-demand computing services, from applications to storage and processing power, which is typically on a pay as you go basis over the internet.

One benefit of using cloud computing services is avoiding the upfront cost and complexity of owning and maintaining your own IT infrastructure, and instead simply paying for what you use as and when you use it. 

When thinking about the agricultural industry, there are practical applications for the use of cloud computing that create a whole ecosystem, from sensors and monitoring tools that collect soil data to agricultural field images and observations from human actors on the ground accurately feeding data repositories along with their GPS coordinates.

Agribusiness needs more effective tools to engage with the smallholder farmer. At the same time, the smallholder farmer needs to be empowered with information, access to markets and financial services. To achieve this, mobile phone technology from Vodacom Business can play a game-changing role.

The Vodacom Business technology the Connected Farmer service gives a readily available message functionality allowing for real-time communication with other farmers on the database, transactional capabilities which support electronic vouchers and a companion application called AgriSuite Plus that provides content of practical agricultural value to field workers.

This content includes topics such as crop and livestock production management, crop descriptions, production programs, soil preparation and pest and disease identification (farmers using smartphones are able to download the AgriSuite Plus app.

Vodacom Connected Farmer is a cloud-based web and mobile software solution that links enterprises to smallholder farmers through the transfer of industry-related information, which equips the farmer to make better decisions about crop rotation and improve efficiencies in order to deliver better produce and consistently improve yields 

Farmers can also take advantage of knowledge-based repositories that contain information related to farming practices, agriculture innovations, pesticides, seeds, fertilizers, nutrients and equipment.

However, with the onset of technology, there is the valid fear and resistance that comes with it, especially considering the fact that the agriculture industry is driven by smallholder farmers, who more often than not do not have access to technology. 

Kabelo asserts that Vodacom Business is aware of the fact that rural areas of South Africa are under-serviced with regard to connectivity. This has presented real challenges to not only the farming community, but to their customers, service suppliers and rural communities in general.

Smallholder farmers need to be empowered with information, access to markets and financial services. To achieve this, mobile phone technology from Vodacom Business can play a game-changing role. Vodacom Connected Farmer is a phone enabled enterprise solution. 

Once smallholder farmers are registered mobile enterprise users, such as agronomists, and field officers then profile these farmers and their farms and verify their identity during field visits, using Vodacom Connected Farmer on their mobile devices. The enterprise is now able to communicate with its smallholder farmer base via their mobile phones, whether individually, as a group or across the entire smallholder farming community.

Vodacom is also alive to the risks that come with the internet like breach of privacy. That is why in the Vodacom Business Connected Farmer program, there are a number of security measures which ensure that personal or financial information is protected. There is a secure, role-based authentication and authorisation that allows users to only access to those system functionalities that are relevant to them. Connected farmers also use secure cashless value and transactions through electronic vouchers. 

Potential challenges

While these resources can be used in developed countries with ubiquitous Internet access, this is not as easy to accomplish in developing economies where there may be challenges with internet access, bandwidth and power. However, even in these circumstances, we are seeing technology made available on mobile phones, providing a wealth of services to farmers powered at times by renewable sources of energy and enabled by mobile devices

Three main challenges in Africa include performance, costs and availability. 

Performance: Whether locally- or internationally-hosted, it can be a challenge to deliver reliable Cloud services to certain regions – particularly in smaller towns and rural or remote areas.

Costs: Uncontended, enterprise-grade networks can be extremely expensive, often making it challenging for the cloud business case to be compelling to both small and large enterprise

Availability: For many businesses in outlying areas, the availability of internet connection, in general, is a huge problem. South Africa still has vast patches that are underserved or entirely unserved. Certain agricultural sites for example, experience problems with basic telephonic and crude internet connections – which makes high-powered Cloud services seem like an impossibility. 

Effective adoption and implementation of this technology will encourage other sectors also, which will lead to optimal  benefit of shifting towards cloud. This will definitely have a positive impact in the overall economic development of a nation. Above all, cloud computing is a newly introduced concept and most of the developing nations are not readily willing to accept and implement it. Therefore, it needs a mass awareness and promotion among the prime stakeholders to acquire the full potential of it and have a well established information base for the nation. This will in return lead to a well-connected world.

Kabelo Makwane is the Managing Executive for Cloud, Hosting & Security at Vodacom Business

[Column] Joel Chacko: Harnessing the value of cloud by rethinking how new services are operated

As companies embark on their application and data modernisation programmes and look to the cloud and infrastructure required to support their plans, most land on a hybrid cloud strategy with application and data workloads balanced across both public and private clouds.

Hybrid deployments combine the hyper-scalers’ public cloud benefits of innovation, speed, consumption, and scale with private benefits of regulatory compliance, performance, data gravity, and recouping of existing investments.

Hybrid also enables increasingly dynamic workload placement over time, allowing them to optimise for performance, service levels, security and compliance, and cost. The downside to a hybrid deployment is managing and keeping track of multiple vendors and security across platforms. Inherently, this requires expertise across different cloud platforms. Some argue that adopting a hybrid environment may require more complex IT management that could equate to higher overall costs. This is where Accenture is valued partner for our clients because we’re platform agnostic, we’re purely focused on the business outcomes of our clients.

In order to harness the value of cloud, a key part of any company’s cloud transformation requires rethinking of the operational model. Historically, companies managed their data centers and networks separately from the data,applications, and business services those data centers and networks supported. Today, this siloed approach is ineffective, and perhaps even harmful.

Accenture’s deep expertise in leading on SAP and other application migrations to Microsoft Azure means that clients can benefit from a more secure, scalable and agile operating environment that is more cost effective than standing up a new on-premises data centre. This will improve business processes and continuity, as well as free up resources to focus on achieving superior business outcomes.

Consider how much more complicated technology landscapes are becoming. As a result of digital decoupling and the adoption of microservices, applications are evolving to more complex patterns and topologies, increasingly requiring more dynamic underlying compute, storage, and networking infrastructure. Cloud native patterns and technologies are typically more ephemeral than traditional environments, where containers may last hours, minutes, or even seconds, compared to servers and virtual machines that may be in production for months or years.

The extreme is serverless computing, where functions are spun up on demand to execute service and are torn down immediately upon completion. Not only are these environments more ephemeral, but they increasingly scale up and down more rapidly as Kubernetes controllers orchestrate their deployments.

 At the same time business users are far more focused on outcomes than the underlying applications, data and infrastructure that enable them. The boundaries between the services delivered to customers or the business, and the applications, data and infrastructure that deliver them are blurring. Consequently, it is critical to manage “services” and technologies more seamlessly. To effectively manage and optimize this increasingly complex landscape, enterprises need to rethink how they construct and operate new services to improve innovation and agility, enhance service levels, streamline operations, and minimize costs while seamlessly managing the applications, cloud, and infrastructure that deliver these services.

We refer to this as “Build Different/ Run Different.” To effectively operate in the New, companies should: Standardise: In order to take advantage of new capabilities and drive operational efficiencies in a hybrid cloud, it’s important to standardise services and the underlying infrastructure that supports them.

 This includes not only aligning the organisation around an enterprise-wide IT services catalog, but also standardising hardware and platforms to allow for increased automation. Create an agile cloud operating model: Dual velocity application delivery is critical. That means supporting the agile delivery of cloud-native applications while maintaining legacy code bases that are increasingly exposed through microservices.

This operating model should also deliver on the promise of DevSecOps by tightly aligning and integrating cloud, infrastructure, security, and operational requirements. Upskill organisation and transform culture: New application patterns, technologies, and operating models require new skills. This includes not only upskilling developers, but also transforming “eyes on glass” operators into developers who write data ingestion scripts, create analytics algorithms and visualisations, develop automation scripts, and tune AI engines.

Use hyper-automation and applied intelligence: Companies should be investing in platforms and tools that deliver the hyper-automation needed to drive agility, streamline operations, and minimise cost. Such hyperautomated intelligent operations – sometimes referred to as AIOps – leverage analytics to drive predictive operations, automation to eradicate unnecessary tasks, and AI to continually optimise environments.

 To effectively deploy and manage the next-generation of IT services, enterprise strategies must be application and data led, cloud and infrastructure enabled, secure, and optimised for the operational run. For these reasons, a hybrid application and data placement will be the natural choice for most large enterprises. Accenture has strong technical knowledge and capabilities, robust partner ecosystem, local expertise and its deep experience implementing large-scale cloud migrations.

 We have worked on more than 21,000 cloud computing projects for clients, with 80 percent of the Fortune Global 100, and have more than 77,000 professionals trained on cloud technologies and architectures, and more than 50,000 SAP professionals. Accenture has been innovating n cloud technology for nearly a decade and holds more than 300 granted patents and pending applications across its global cloud portfolio.

Joel Chacko is Associate Director for Accenture Microsoft Business Group in Africa

Standard Bank South Africa migrates SAP cloud platform to Microsoft Azure to boost efficiency

Standard Bank South Africa is moving its core SAP Cloud Platform services to Microsoft Azure to significantly improve the experience customers have with the bank, while enabling it to introduce new solutions to market more efficiently.

This accelerates the digital transformation of SAP customers to S/4HANA by partnering with Microsoft and using jointly developed reference architectures, roadmaps, and industry best practices. Many enterprises are looking to reduce their reliance on their own datacentres and moving more of their core workloads to the cloud.

Sabelo Nkwanyana, Standard Bank’s CIO for Personal and Business Banking SA, says leveraging the computing power of Microsoft and the product innovation capability of SAP demonstrates how Standard Bank is embracing partnerships and ecosystems to develop customized solutions for its clients.

“SAP has a deep understanding of our business requirements and how we want to ensure our customers are happy with our service offering. This partnership continues our focus on innovation by leveraging the respective skills of SAP and Microsoft to transform the digitization and personalization journey for our customers,” says Nkwanyana.

Lillian Barnard, Managing Director, Microsoft South Africa says, “The Project Embrace initiative between Microsoft and SAP announced globally last year is centred around the customer journey to SAP S/4HANA and SAP Cloud Platform on Microsoft Azure. The work that we are doing with Standard Bank is the first local demonstration of this partnership, and another milestone in the journey Microsoft is on with Standard Bank, to bring innovation into every aspect of the bank’s IT system and enable enriched interactions with the bank’s customers.”

The partnership brings together SAP and Microsoft, along with a global network of selected system integrators, to move on-premise SAP ERP and SAP S/4HANA customers to the cloud through industry-specific best practices, reference architectures and cloud-delivered services.

Barnard continues, “Enterprises are migrating to cloud providers at an accelerated rate. This makes it critical for our customers to have the right cloud infrastructure in place, enabling them to unlock the power of innovation. Microsoft’s significant investment on the African continent, with our first hyperscale datacentre regions in Johannesburg and Cape Town, means many more partners and customers are enjoying the benefits of our intelligent cloud platform.”

Speaking on the SAP partnership specifically, Barnard adds, “Project Embrace has three tenets at its heart: simplify, accelerate and innovate. By accelerating our customers’ digital transformation journey, we are enabling them to become agile, efficient digital enterprises on Microsoft Azure – with a cloud platform optimised for SAP – leveraging best practice and specialist expertise.”

“Today’s announcement is the biggest partnership centred on SAP implementation in Africa. With client experience a key strategic pillar for Standard Bank, Project Embrace reflects the shared commitment of both SAP and Microsoft to accelerate our customers’ journey to the cloud,” says Cathy Smith, Managing Director at SAP Africa.

This project will deliver a unified approach to how Standard Bank runs SAP S/4HANA in Microsoft Azure. Ultimately, this will help the bank deliver a faster time-to-market on products and services, while ensuring its IT infrastructure is optimised. By moving workloads to the cloud, Standard Bank will be able to access a range of features that it can deploy instantly and scale according to demand. This will result in cost reductions, improved system performance, and access to innovation.

“This will empower the bank to create new business models and deliver more personalised outcomes in today’s dynamic business environment. By providing Standard Bank with consistent engagement and delivery models, SAP and Microsoft bring both industry-specific best practices and deep local insight to deliver a compelling value proposition for their clients,” says Smith.

“Through Project Embrace, we are now able to better identify our business pain points and effectively address them through technologies that deliver a demonstratable return on investment. Having the ability to more accurately predict where customer challenges and dissatisfaction will occur enables a more flexible enterprise environment. We can help our customers transform their businesses and their lives in a secure way. This is much more than SAP and Microsoft supplying us with products. This is about fundamentally enhancing our digital journey for the future,” concludes Nkwanyana of Standard Bank SA.

In addition to the work done with Standard Bank, the Microsoft and SAP initiative is assisting customers around the world, and in a variety of industries, accelerate their journey to becoming digital, intelligent enterprises.

www.standardbank.co.za

www.sap.com

Cloud usage drives cybersecurity spending, SANS 2020 report

The rapid migration to cloud-based technologies is the biggest disrupter worldwide of operations and a key driver when organisations plan their spending increases, according to the results of the latest SANS 2020 Cybersecurity Spending Survey.

“The SANS survey showed that rapid movement of corporate services and business applications to cloud-based technology is the biggest factor causing breakage in existing security architectures as well as driving most new security spending,” says John Pescatore, SANS Director of Emerging Security Trends. “Cloud monitoring and cloud security access controls were the top two spending areas, followed by spending to increase security staff skills to deal with new technologies, such as the cloud, and to keep up with changes in regulations as well as new threats.”

Slightly more than 50% of respondents ranked the increased use of public cloud infrastructure-as-a-service (IaaS) implementations as the biggest disrupter to security programs in the next 12 months. Based on that, 71% of respondents reported seeing a need to increase spending on cloud security monitoring, followed by cloud access security broker cloud-specific tools (53%), staff skills training (52%) and strong authentication (46%). 

Overall, 57% of respondents feel that out of people, process and technology, an increased investment in people would provide the biggest improvement to their overall security posture, followed distantly by process (19%) and technology (18%). 

“Managers see increased and refreshed skills in their existing staff as being significantly more critical than simply increasing headcount,” according to Barbara Filkins, SANS Analyst Program Research Director and author of the report. “The fact that respondents prioritise increasing staff skills significantly over increasing headcount to deal with ‘disruptive technologies,’ especially when faced with escalating privacy regulations—and fines—worldwide, is not surprising. Business use of IaaS and hybrid cloud requires re-architecting security controls and integrating with CI/CD methodologies.”

In a series of follow-up interviews with selected survey respondents, security managers recognise the need for “upskilling” to increase retention rates, which improves both effectiveness and efficiency. Increased skills around new technologies and new security techniques is also required to enable any use of security automation technologies, which were not highly cited for spending increases in 2020.

Strong authentication, the fourth most highly cited area of planned new spending, points to the recognition that the majority of damage from breaches and ransomware attacks in the past year were enabled by the use of reusable passwords that were easily captured via phishing attacks. CEOs and boards of directors are backing security teams in overcoming obstacles to implementing multifactor authentication.

The report can be downloaded from the SANS website

www.sans.org

[Column] Stephane Duproz: The rise of data centres in Africa

Data centre market in Africa is poised on the brink of hugely accelerated growth, driven by several factors, including a soaring demand for cloud services.

Now and again, a new Information and Communication Technology (ICT) solution sees a combination of factors unite to create a ‘perfect storm’ of demand – one that is exacerbated by the various vendors’ inability to keep pace with it. One such industry is the multi-tenant colocation data centre market in Africa, which is poised on the brink of hugely accelerated growth, driven by several factors, including a soaring demand for cloud services, pressure by regulators to bring African content back to Africa, a surge in media content markets and improved broadband around the continent.

“Data centres are at the heart of economic growth in Africa and without them, developing rich and self-sufficient ICT ecosystems cannot happen,” says Stephane Duproz, the CEO of Africa Data Centres. “These facilities are the lifeblood of every business and the foundation of the internet itself, with thousands of networks and connections meeting there.”

He says the continued and sustained investment in connectivity and broadband in Africa are putting foundations in place for true African digital transformation. “For example 2018 saw mobile penetration reach 44% in Sub-Saharan Africa, which in turn, saw the demand for data for personal and business use reach all-time highs. Add to this the ready availability of affordable smartphones and more reasonable data plans and you’ll see why Africa is hungry for all things digital.”

Building data centres is the one way that Africa can meet the growing requirements for storage and networking that are key to fulfilling Africa’s digital transformation dreams, adds Duproz. “Keep in mind that a slew of new technologies including analytics, IoT, artificial intelligence and cloud are fueling the demand for rapid, high-availability services, and infrastructure that is local, not situated in Europe or the United States.”

Despite the clear need for more data centres, he says Africa remains the greatest untapped market for data centre providers and considering the continent is made up of more than 50 countries and a population of over a billion, this needs to change. “Most of Africa’ citizens are of the age where they want to go online, learn, communicate and consume digital services.”

Durpoz says data centres have to deliver IT services and provide storage and networking to a skyrocketing number of networked devices, users, as well as business processes. “It’s no surprise then that demand for data centre colocation services in Africa has been unprecedented, driven by the factors I mentioned above, as well as the need for digitisation in Africa. Africa wants to go digital and it wants to do it now. The continent needs servers, power, broadband – and as much of it as possible.”

At the moment, Duproz says the demand for co-location data centres in Africa is rising more rapidly than supply. “More modern colocation facilities in Africa will not only help meet the continent’s needs but will help to connect the various regions to the broader global data economy, which in turn will drive economic and social development.”

During the past couple of years, he says several cloud infrastructure and data centres have been built in many growing African markets. “However, this is just a start. The desire for more data centres for Africans is skyrocketing, and concurrently, many global companies are looking to the region for data centre development and support.”

According to him, this is important, because the data centre market on the continent is crucial to the integration of Africa into worldwide networks. Look at the hyper-scale cloud providers, including Amazon Web Services, Azure, Huawei and Google. They all have global cloud services built upon a wide network of self-built data centres, but the lack of Africa-based data centres is creating latency issues and inhibiting the growth of their hyper-scale offerings on the continent.

Another reason the continent can benefit from interconnected, carrier and cloud-neutral data centre facilities, is because they enable public sector entities in Africa to harness the benefits of information and communication technologies, as well as the economies of scale that the cloud provides.

Ultimately, Duproz says, what the continent needs is a vision of a pan-African network of carrier-neutral data centres, and that is precisely what Africa Data Centres is doing and is currently the largest operator in this space. “I believe this is the way of the future because we can offer services in all the countries in which we are present to any international customer who wants to come to Africa. We have one aim, and one aim only and that is it to digitalise Africa and interconnect our data centres all over the continent to drive true digital transformation.”

Stephane Duproz is the CEO of Africa Data Centres.

[Column] David Bunei: Stay ahead of those data security woes

The very factors that have helped to make Kenya such a motivated and major African player in the Digital Age have also made local organisations in the public and private sector vulnerable to security threats and compliance issues. The good news is that, next-generation cloud infrastructure and applications are mitigating these concerns with their autonomous capabilities, ensuring a higher level of security than ever before.

In 2018, Kenya’s economy lost Sh29.5 billion to cybercrime and related activities, up 40% from the previous year. The Communication Authority of Kenya also reported that in Q4 2018, the number of cybersecurity threats in the country jumped 167% to 10.2 million from 3.8 million in Q3.

Faced with such intimidating figures, many enterprises – especially those in high-risk sectors such as Government and Banking – are investing heavily in cybersecurity measures or carefully exploring digital transformation, the very process that will help them to operate more efficiently and cost-effectively.

At Oracle, we have been integrating security into our solutions and protecting our customers’ sensitive data for decades. Oracle solutions have multi-layered security built-in and integrated, whether talking about Oracle Cloud Infrastructure, Autonomous Database, SaaS applications as well as our traditional on-premises infrastructure and applications. Of course, with more customers moving to cloud, we have intensified our focus on security, taking advantage of developments in AI, and related machine learning, to protect customers’ sensitive data and ease their security burden.

Last year at Oracle’s annual OpenWorld conference in San Francisco, attendees were able to learn more about the role Oracle’s Generation 2 cloud has in underpinning a wide variety of new cloud services such as Oracle’s Autonomous Database.  Autonomous functionality is very important to cybersecurity as a large percentage of system breaches are the result of not being able to respond to events, self-patch or self-tune to mitigate against compromises or outages. Secure by design – in fact, having security architected into every layer– Oracle Generation 2 Cloud is designed to configure, manage and secure systems for the customer, based on their requirements. Human error is removed because processes are no longer manual, and patches are applied automatically in the background while running to avoid downtime. The same applies to data encryption, backup and a general enforcement of security policies.

As an example, Oracle Data Safe was just one of several next-generation cloud security services introduced at OpenWorld this year. Data Safe helps organisations protect their databases more effectively in a way consistent with best practices. Data Safe can identify sensitive data and mask it for use in partner or development environments. It also alerts on risky users and system configurations, and proactively monitors database activity to spotlight and respond to suspicious access attempts. After all, data is at risk from both external threats and those – whether accidental or deliberate – within organisations.

Such cloud-embedded simplification of security tasks for businesses is particularly relevant in Kenya, where there were only 1,700 skilled cybersecurity professionals in the country in 2018. Generation 2 Cloud security measures help to fill a noticeable gap and keep organisations safe.

The narrative around cloud and cybersecurity is also changing worldwide. Security in the cloud is now being recognised as secure, or more secure, than what can be achieved on-premise by 72% of those surveyed in the Oracle and KPMG Cloud Threat Report 2019. Security is now named as the biggest benefit to cloud by 66% of C-level executives, putting it ahead of both cost and scalability.

Data security is also closely linked to compliance in terms of handling personal information. Oracle’s second-generation cloud security solutions are designed to keep sensitive data safe and out of sight on Oracle cloud databases thanks to automatic encryption, advanced access controls, always-on separation of duty, data masking and redaction. It’s one of the reasons, Rakuten Securities, Japan’s largest online financial brokerage company, chose Oracle Database Security to address their strict regulatory requirements, while efficiently managing social security and tax ID numbers for 2 million customer accounts across a complex network of disparate systems.

With financial losses, fines and reputations at stake, it is critical for companies to ensure the security of their data and resiliency of their systems in the face of continually evolving threats and regulations. With Generation 2 Cloud, the burden shifts from enterprises to Oracle, and with Oracle’s embedded AI doing most of the work, customers have the chance to really innovate instead of expending so much time and manpower on patches and staying up to date with defensive measures. Cloud services are a viable option for the most critical enterprise workloads. Fears around data security should never hold an organisation back from exploring this path to greater, immediate business value.

David Bunei is the Managing Director for Oracle Kenya.

41 billion missing IoT devices: The biggest prediction miss in the history of IT?

41 billion IoT connected devices have failed to materialise, potentially representing the biggest missed prediction in the history of IT, Eseye a leader in ubiquitous global IoT connectivity, has uncovered.

In 2010, Ericsson predicted that 50 billion devices would be connected by 2020, a prediction echoed by Cisco in 2011. Yet, despite the enthusiasm for IoT, current estimates identify the true figure to be closer to 9 billion, with many of those being mobile phones. Eseye has subsequently identified six key challenges that IoT must overcome in 2020 to reach its potential.

It’s now clear that successful IoT deployments are much harder than previously thought and substantial complexities have been glossed over. This is borne out by recent research from Cisco Systems which has found that more than 75% of IoT deployments fail. A lot of the damage happens before the devices even go live, however. Microsoft estimates that 30% of IoT projects fail at the Proof of Concept (PoC) stage, while eight out of ten IoT projects fail before they are even launched, says Gartner.

From hardware design and testing to connectivity, data management and global technical support, there are many obstacles to overcome. The six challenges for IoT to overcome in 2020 as identified by Eseye, are:

  1. Hardware needs to become relevant again

In IoT deployments 80% of the data and processing is at the ‘edge’ of the network. This is where the ‘things’ and sensors are and where data is captured. However, to make sense of it all, without the expense of having to back-haul the data into the heart of the network, it needs to be processed on the edge. To deliver successful deployments organisations need a strong understanding of how to optimise IoT hardware from circuit boards to firmware.

  1. Bundled silicon to speed up deployment

The incorporation of secure IoT connectivity into silicon at the point of manufacture will go a long way to streamlining the IoT deployment experience. Bundling IoT capability at the silicon level significantly simplifies the setup and deployment of IoT devices. The real game-changer is that once the device is activated it should automatically connect to any network in the world, providing as close to 100% coverage anywhere in the world, and start provisioning data to either their on-premise solution or any one of the hyperscale cloud providers.

Eseye and Gemalto recently launched Intelligent Cloud Connect, in response to this challenge. The solution enables customers to develop and manufacture a single IoT product SKU for any application, which then connects out-of-the-box to any mobile network in the world, while offering seamless and secure data provisioning to AWS IoT Core.

  1. Localisation of devices to maintain uptime

A key precursor to the widespread adoption of IoT is the ability to quickly and simply connect devices anywhere in the world. Some suggest this exists through global roaming, yet a growing number of MNOs (Mobile Network Operators) and regulators are implementing permanent roaming restrictions which could mean that after three months an IoT device could be taken off the network. For IoT customers with fixed devices around the world, this may result in the inability to use some networks beyond the short term unless they use a localised eSIM. As roaming falls out of favour organisations will need to turn to global ‘super’ Mobile Virtual Network Operators (MVNO’s) whose strategy is to localise connectivity wherever possible, in order to effectively deploy IoT devices anywhere in the world.

  1. Overcoming the consumer centricity of eUICC

The Embedded Universal Integrated Circuit Card (eUICC) – often referred to as eSIM – was going to negate the need to migrate profiles between SIMs, enable everybody to work together and open a world of opportunities. Unfortunately, it has created a number of implementation challenges for business IoT use cases, as it was designed with the end consumer in mind, rather than industrial users. Profile management and network switching must be driven by service provision rather than the profitability of an MNO. The best way to do this is for the profile management algorithm to be implemented in an abstracted and MNO agnostic switching platform – not by the MNO’s platform. Only by doing this can a single pane of glass management capability, single global invoice and single support service be delivered for an Enterprise’s total global estate of IoT devices.

  1. Utilising Hypercloud

Cloud had its challenges with security. One of the biggest risks in IoT is the edge of the network and the massively expanded threat perimeter. The good news, however, is that several hyperscale cloud providers, such as AWS, are deploying standard security managed services features that audit the configuration of devices, monitor connected devices and detect abnormal behaviour to mitigate these security risks. Eseye predicts that that 2020 will see at least 40% of new large IoT projects deployed in a hyperscale cloud platform.

  1. The need for a ‘Star Alliance’ Federation model for IoT

With MNOs under pressure from complexity busting hardware, and with increased pressure on their commercial models, there is a growing need for them to compete for and deliver global IoT projects. A more commercially favourable and collaborative approach is required, such as a ‘federation of MNOs’, or to put it another way the ‘Star Alliance’ of the airline for IoT to prevent them from becoming a commodity. Much like the Star Alliance where you would buy a single air ticket, travel around the world and pay once, if one MNO sells a global deal in one country, each MNO in the federation needs to then deliver the traffic requirements in their own country.

Nick Earle, CEO of Eseye, comments: “41 billion missing IoT devices is a monumental miscalculation and arguably is one of the biggest misses in the history of IT forecasting! The two questions that must be asked now, however, are why this happened and what can be done to rectify it? In our view, the ‘why’ primarily comes down to organisations underestimating the complexities of IoT deployments. “The intricacies involved in creating specialist IoT device hardware, establishing access to global connectivity and the ability to manage vast amounts of data effectively and efficiently, are just some of those complexities. This was recognised by Gartner when it predicted in 2018 that 75% of IoT projects would take twice as long to deliver. Removing the complexities and barriers to IoT development and deployment will see a greater uptake on a global scale. We predict that 2020 will be the year that global IoT rollouts will take off, provided our six key challenges to IoT success in 2020 are overcome.”