by Mikey Molfessis, cybersecurity expert at Mimecast South Africa
Microsoft’s announcement that it has launched its first cloud data centres in Africa – one in Cape Town, another in Johannesburg – is a cause for celebration among South Africa’s business sector. As we hurtle into the Fourth Industrial Revolution, access to cloud infrastructure will be critical to power artificial intelligence and edge computing innovation. And while only Azure is supported at present, Microsoft plans to soon launch Office365 from these datacentres, offering organisations increased productivity. Amazon and Huawei also have plans to establish local data centres over the next few years.
However, organisations’ tendencies to rely exclusively on single cloud service providers for day-to-day operations have exposed them to undue risk. With services such as Office365, organisations are not only putting all their eggs in one basket: they are putting all their eggs in the same basket that everyone else is putting all their eggs. The volume of users on cloud-based email services like Office365 means there is more malware created for these environments. Criminals know they have only one lock to pick to gain access, so they focus their attention on these cloud services because of the potentially large payoff.
As more businesses move email and data to Office365, there’s an increased need to protect against malicious or accidental loss of data. Mimecast’s latest Email Security Risk Assessment (ESRA) report, an aggregated analysis of tests that measure the efficacy of widely used email security systems globally, including Office365, illustrated the scope of the problem. Of the more than 232 million emails inspected, organisations’ existing email security systems missed more than 26 000 malware attachments, 53 000 impersonation attacks and 23 000 dangerous file types.
Microsoft offers certain protection-of-data capabilities as part of its Office365 services, which are designed to protect against data loss caused by its own infrastructure failing. But these services don’t always offer protection against accidental deletion, data corruption, advanced cyberattacks, or malicious users or administrators. These can often lead to downtime which can bring business operations to a standstill. Continuity is essential to any modern organisation’s efforts to maintain productivity but is not always achievable when all business-critical applications run on a single cloud provider’s infrastructure.
It’s not only breaches, human error or technical error that can cause downtime for an organisation. Well-reported and widespread Office365 outages – the most recent of which took place in Europe in mid-January – highlight what can happen when email data becomes unavailable. As more organisations move to Office365, we’re likely to see South Africa featuring on Downdetector’s outage map. Outages pose serious productivity risks to users who rely on Software-as-a-Service monocultures to support their operations. Even more concerning is the possibility that employees will turn to their unsecure personal Gmail or Yahoo Mail accounts when Office365 goes offline. You then have absolutely no control over email activity.
Important data stored on Office365 can also be lost due to accidental or malicious deletion or ransomware. If your organisation doesn’t have an independent backup in place, and deleted data passes through short term folders such as the Recycle Bin, Deleted Items folders or retention policies without being recovered, it is lost forever.
To mitigate the risks associated with cloud services, organisations should look to improve their cyber resilience. An effective cyber resilience strategy should include layered security protection, independent data storage and alternative access routes to key systems like email, for when the worst does occur. The cyber resilience strategy should further include a backup and recovery plan. This was always a priority for organisations when their systems were on premise. The fact that data is now in the cloud does not change this.
South African organisations are arguably a step ahead of their international counterparts in their cyber resilience efforts. The latest Vanson Bourne global data found that 49% of South African organisations have a cyber resilience strategy in place, against a global average of 46.2%. But this still means that half of organisations are yet to have a comprehensive strategy in place.
Recent Osterman Research titled “Why Your Company Needs Third-Party Solutions for Office365”, indicates that organisations globally are starting to supplement the service with third party products to achieve cyber resilience. The study found that nearly one-third of organisations implementing Office365 plan to use third-party solutions that will provide improved security, archiving or other capabilities, rather than relying on what is available natively in Office365. In fact, 37% of the typical Office365 budget in 2019 will be spent on a cheaper plan in conjunction with third-party security, archiving and other solutions.
Increased adoption of cloud services is a welcome development in the South African business sector and will support organisations as they strive for greater agility and scalability. But putting all your eggs in one basket – the same basket as everyone else – leaves you exposed to a broad range of risks that can have a debilitating effect on your operations. Using a third-party provider and having an effective cyber resilience strategy provides a safety net and enables organisations to quickly return to standard operations without losing critical data or productivity.