By Muhammad Ali, managing director of WWISE
By now most people know that artificial intelligence tools are based on machine learning mechanisms collating large amounts of information.
RELATED: Migration is no longer about adopting a cloud-first approach
The integrity of data, information and controls related to confidentiality are the key aspects in how an organisation manages its governance risk and compliance. The organisation, in turn, is held accountable by the relevant country’s laws.
Accordingly, it has become critical for every organisation to safeguard against its data being compromised.
South African companies increasingly find themselves in the crosshairs of cyber criminals.
The State of Ransomware in South Africa report, released by IT security company Sophos earlier this year, reveals that 78% of local companies experienced ransomware attacks in a 12-month period.
In almost half the number of instances, system vulnerabilities were exploited by criminals. Credentials that were comprised also ranked as a major cause of attacks.
Cloud systems present their own challenges. Their ever-changing nature makes it difficult to be on top of whether data is being stored correctly, with the result that loopholes can be exploited.
A recent survey by cybersecurity software solutions company Check Point of 1 000 cybersecurity professionals showed that misconfigurations concerned almost 60% of respondents, as these left organisations vulnerable to attacks.
Another problem is that of multiple security solutions to keep criminals at bay. While well-intentioned on the part of a company, too many cloud security measures can lead to confusion and ultimately put the systems at risk.
The Check Point report recommends that organisations address cloud security challenges proactively.
The development of tools like cloud-native application protection platforms (CNAPPS) will certainly assist this process. These platforms perform an all-one-one monitoring function that protects cloud-native applications across development and production.
Another effective way to shore up cyber defences is by adhering to International Organisation for Standardisation (ISO) guidelines, specifically ISO 27017, a tool that meets the requirements of entities providing cloud-based solutions.
The standard includes world-class methodologies and guidelines to secure the cloud services offered and is an extension of the ISO/IEC 27001:2022 standard.
While Microsoft Azure, Amazon Web Services and Google Cloud dominate the cloud services space, software service providers running Software as a Service (SaaS), Infrastructure as a Service (Iaas) and Platform as a Service (PaaS) should also consider this standard.
What is important to note is that ISO management systems should not be viewed in a negative light.
Instead, they should be regarded as an investment that protects a business from reputational damage and lawsuits in the event of a cyberattack or data breach.
For this reason, it is essential that qualified experts are tasked with implementation of the system.
Skilled standardisation practitioners not only reduce the timeframe for implementation but also lower the risk of failures and costs associated with poor service.
With the assistance of these experts, governance is created within an organisation. A successful roll-out will align with strategic direction and create employee and user awareness.
It also will assist in creating client assurance and improving supplier performance, which will reduce losses and generate more revenue as the standards are often a requirement set out in tenders and client onboarding processes.
IT businesses, software solutions companies and any provider managing confidential information should adhere to the standard, particularly in light of the Protection of Personal Information Act in South Africa and the EU’s General Data Protection Regulation.
Companies would do well to review articles and join discussion forums about standardisation and how it streamlines processes in the short-, medium- and long-term. They should also note the repercussions of not implementing ISO 27017.