African Enterprises’ Cloud Journeys Require Holistic Cybersecurity Strategies – Microsoft Country Manager

By Pearl Ngwama

Global cloud spend is forecast to reach $178B in 2022, and although Africa may lag behind the rest of the world’s cloud adoption with only 15 per cent cloud penetration, the continent’s public cloud market has doubled in the past three years.

To remain competitive in a digitally transformed business environment, agile enterprises around the world have also adopted cloud technology to enable new ways of working for their distributed-, remote- and hybrid workforces.

And this new way of working is not going anywhere as 60 per cent of global knowledge workers are currently remote, and at least 18 per cent will not return to the office. Africa has embraced this trend, too.

These were the views of the Country (Nigeria) Manager, Microsoft Nigeria, Ola Williams, made these revelations to journalists recently in Lagos.

She quoted a 2022 International Labour Organisation (ILO) report that covered more than 1,000 enterprises in 15 African countries, stating that nearly 36 per cent of employees worked remotely during the pandemic.

Williams said the report also revealed that while most future workplaces in Africa would not be fully remote, they will be either in-person or hybrid.

She noted that enterprise-wide cloud adoption is increasing as digital-first business leaders look to ensure flexibility through hybrid work, market agility, and business continuity throughout their daily operations.

“Paradoxically, however, when a rapid digital evolution is not approached strategically with end-to-end security in mind, it can leave enterprises more vulnerable to cybersecurity threats due to a wider set of risks spread across multiple surfaces and entry points.

“This is particularly important during a cloud migration, when the rush to move business-critical workflows from on-premise to the cloud can unintentionally (and easily) open backdoors to bad actors,” she explained.

According to her, a robust, end-to-end cybersecurity strategy – every step of the way is needed.

Williams maintained that cybersecurity remains a significant concern for enterprises in Africa, quoting the Club of Information Security Experts in Africa (CESIA), which said that in 2022, more than half of companies in Africa believe they are not prepared to handle a large-scale cyberattack.

“And Interpol’s Africa Cyberthreat Assessment report found that more than 90 per cent of businesses on the continent operate without the necessary cybersecurity protocols.

“According to a recent IDC security survey commissioned by Microsoft, only 16 per cent of organisations in Nigeria have implemented a full end-to-end security strategy with shared responsibilities, risk tolerances, classified events, and recovery plans in case of an attack.

“Another 15 per cent of surveyed organisations have implemented but not formally tested or reviewed – a security strategy. Organisations in Nigeria still lag in terms of security solution implementations.

“With the acceleration of digital transformation enabling cloud-first and hybrid work environments, it’s more important than ever to have a robust, end-to-end cybersecurity strategy in place – right from the beginning of the cloud journey, and every step of the way.

“Cloud environments are more complex to secure, and a ‘lift-and-shift’ migration approach is no longer feasible. Increased hardware, software, and network fragmentation (on-premise, cloud, and hybrid) result in access-control and human-error risks.

“The latter often being the biggest reason cyber threats take hold in the first place.

“In fact, a Stanford University study confirmed that around 88 per cent of all data breaches are caused by an employee mistake. For example, an employee simply failing to limit permissions on a cloud database can easily open the entire organisation to a cyberattack,” Williams explained.

Continuing, she said that approximately 20 per cent of organisations in Nigeria indicated that training non-IT employees in security awareness is one of the most important steps for increasing security.

Williams pointed out that although this percentage is fairly low, it is expected to increase, with many more organisations expected to launch security awareness campaigns.

Speaking further, the tech expert said consistency and shared responsibility remain key.

She explained: “A consistent cloud migration strategy that focuses on keeping data integrity intact from the start is key.

“The strategy must also be holistic to include ongoing regulatory compliance (a constantly evolving space) and, importantly, employee cybersecurity awareness.

“As more enterprises embrace the public cloud, a crucial factor is often overlooked on this point: cybersecurity is a shared responsibility between the customer (the enterprise and its employees) and the provider.

“For example, if an enterprise stores its data in a data centre, it must proactively set up and manage its own cybersecurity policies. Cybersecurity must therefore include the entire organisation and not just be siloed with the CIO and IT function, or even the provider.”

Williams stated that the right approach is security-first and this is why it is essential to have the right cloud provider as a partner when undertaking cloud migration.

She said: “A security-first partner like Microsoft has Zero Trust built into its cloud architecture and cloud-based solutions, whether public or hybrid, and can provide valuable guidance throughout an enterprise’s digital transformation journey.

“In fact, Microsoft boasts more than 3,500 full-time security professionals who use artificial intelligence to analyse more than 24 trillion signals a day across email, endpoints, and identities.

“The impact of the COVID-19 pandemic forced more businesses to connect online than ever before.

“Remote- and hybrid working environments have also meant that more devices, networks, and connection points have expanded the threat surface, bringing the need for a robust and holistic security strategy to the fore.

“As enterprises across the continent continue to ramp up their digital transformation journey, security must be considered every step of the way to ensure a safer digital environment for all.”