BusinessDay

Cloud does not absolve organisations from being responsible for their data – Abagun

Babatunde (Tunde) Abagun, an experienced cloud professional is the channel sales manager for West, East, and Central African region for global software giant Nutanix. He has worked with clients to facilitate many of the digital transformation and IT infrastructure modernisation projects run by Africa’s top organisations. In this interview with ISAAC ANYAOGU, he explains how businesses can protect themselves from cyber attacks.

Give us an insight into the cloud computing market in Nigeria and your company’s strategy to meet the market needs?

Cloud computing is a growing market in Nigeria with many moving parts. The socio-economic clime creates the need for businesses to adopt agile, flexible, fractional, and subscription-based computing models without trading off performance and security.

The governance and privacy element prescribes the need for such computing models to be physically located within the Nigerian geography and highlights the difference between platform security and data privacy on those platforms.

There is the consideration for cloud management skills and how the development of the right skills plays into your choice of a cloud model. There is also the macro cloud industry where we see hyper-scalers or mega-cloud companies of this world developing rapidly and adding new layers of services at an unprecedented rate. These moving parts make for a commercially viable and value-adding cloud market and some interesting choices for enterprises of all sizes.

Nutanix creates a platform for hybrid multi-cloud computing, helping enterprises make their clouds invisible to their business operations.

In the last five years, international cloud companies have turned their sights on the African market. What is responsible?

For starters, West Africa, East Africa, Central Africa, and Southern Africa are estimated to reach a combined GDP of $30Trillion by 2050.

Suppose we place that against a backdrop of a reasonably young population(about 41 percent right now under the age of 15). In that case, it means Africa is positioned for massive economic gain over the next 30 years. The global cloud companies see this total addressable market, and therefore we see each tech giant fighting for the largest share of Africa’s cloud addressable market.

You would also notice, countries like Nigeria and Ghana looking to diversify their exports are accelerating their ease of doing business; therefore, we see small and medium-sized companies and “mom and pop shops” springing up at a fast pace. If you overlay that with the corresponding data validity, voracity, and volatility that ensues, then what results is a data-driven economy with Africa at the epicentre.

Read also: Cyber risks: Identity protection gets a boost with launch of YouID App

Some say that even data on the cloud can be compromised. How much of a concern is this to cloud companies, and what practical actions can be taken to forestall this?

It’s a genuine concern, but the cloud does not simply absolve the organisation from being responsible for their data. I would urge enterprises to think of cloud data security in two ways. Security of the cloud – how secure the platform hosting your data is that cloud companies are usually 100 percent responsible. Security IN the cloud – how secure your data is within the cloud.

This includes tools, processes, technology to ensure enterprises retain control even within the cloud context. Companies building a cloud roadmap would have to think through these two forms of security as they evaluate their cloud model and vendor choice.

What would you say are the biggest cybersecurity threats facing businesses in Nigeria?

With Average downtime due to ransomware being 16 days and the fact that one business is attacked by ransomware every 11 seconds
I would categorise ransomware threats as one of the most common cyber threats in the Nigerian threat landscape, closely followed by social engineering and spoofing attacks.

What is your assessment of Nigeria’s data protection policies? What gaps do you think exist?

I think data protection policies need to evolve because of the rate at which data is generated and the various media through which they are generated and communicated continuously.

So generally, our policies need to be such that they allow for continuous improvement and prioritise some basic tenets such as end-to-end compliance layers that enable customers to comply with local Nigerian regulations,

Provide accessible, easy-to-use solutions that enable businesses to validate their software and technologies against Nigeria’s data protection policies in a self-service model.
This must happen regardless of location, global availability, and alignment with major data protection policies worldwide. So you can ensure a business can comply with policies once, which cascades to other regulations around the world.

What would you say a business should prioritise when developing a cybersecurity policy?

It’s not an exhaustive list, but I will list a few tenets that we value at Nutanix to provide a favourable cybersecurity posture for our Customers.

Cybersecurity policies should cut across people, processes, and technology.

From a technology standpoint, an organisations’ cybersecurity policies should prioritise technology solutions that have security woven into them and not bolted unto them as an after-thought.

From a people and process perspective, cybersecurity tenets such as least privilege and zero-trust security should be prioritised as they have proven to be veritable in preparedness for Cyberattacks.

Overall, Cybersecurity policies should cover the prevention of attacks, detection, and recovery/remediation from attacks.

Several bank accounts in Nigeria have been compromised. Do you think this is more a function of insecure banking systems, customer naivety, or something else?

It’s quite sad that this has happened. As mentioned earlier, there is a rise in social engineering attacks that aim to extract critical account information from unsuspecting banking customers. I believe the solution remains a responsibility for all parties.

The banks need to keep evolving their security and building security natively into their technology choices and processes as they continue to sensitise their Customers. I don’t believe there is such a thing as “over-communication” when it comes to cybersecurity.

On the other hand, banking customers and account holders need to be vigilant and remember to pause before clicking any links or sending any replies to messages purported to be from their banking provider. This is a shared responsibility model.

As a professional in this field, what more do you think financial institutions can do to strengthen cybersecurity?

Financial institutions need to make Infrastructure and platform technology decisions from a security lens at a foundational level. Investments should only be made in computing technology with major security standards like NIST, ISO, PCI, and other significant financial industry security standards built into them. The onus is on technology infrastructure providers and cloud providers alike to secure their infrastructure from the ground up.

Just as a mobile phone user would not expect a security hardening guide from the telecoms provider or phone manufacturer, financial institutions should be able to pick up modern infrastructure solutions that come intrinsically secure.

These solutions exist, but financial institutions need to go through the rigorous process of selecting them and setting the proper technical criteria for selecting solutions from the lot, especially if the solutions meeting the requirements are not the “known” brands they have invested in over the years.

As e-commerce becomes mainstream in Nigeria, what precautions will you recommend for individuals and businesses?

At Nutanix, we like to say we get comfortable with being uncomfortable. I believe e-commerce users need to get comfortable knowing they are constantly a target. Vigilance is my first recommendation.

Only shop on secure sites. Before entering any personal or financial information, customers need to verify that the site is legitimate and secure. The easiest way to tell is to check that the web address is correct (no character mismatch), also look for “https” at the beginning of a site’s address, not just “http.” You can remember “s” for “secure” as all legitimate e-commerce sites will have the “s” for your safety.

Update your software securely. Your application/device provider releases updates that usually contain security patches to block prevalent loopholes. The more you apply these updates, the more secure your device/application is against recently discovered loopholes.

Watch out for emails from the right e-commerce company. Hackers tend to create malicious emails to lead customers into believing they are the e-commerce company. Watch out for correct email domains (if you get an email claiming to be from xyz e-commerce store, verify that the email domain (abc@xyz.com) is consistent with the domain the organisation uses.

Try not to click unverified links from untrusted sources. Use strong passwords that can’t be easily guessed, and don’t write these down. It is worthwhile to invest in a password vault. Avoid publicly open internet service hotspots, especially if you don’t have a verified VPN/firewall on your device.

Get real time updates directly on you device, subscribe now.