Today’s IT environment is becoming increasingly complex, with computing assets spanning from on-premises legacy solutions to advanced workloads running as a service in the cloud. The challenge is securing the enterprise without impacting the business’s ability to operate, allowing the ever-increasing demand on mobility to be safe, secure and agile.

Ryan Roseveare, MD of BUI, says: “We’re seeing an escalating number of breaches, both local and international, so concerns around cloud security and identity are very valid and a top priority for all of our customers.”

As breaches, ransomware and modern cyber crimes become the new normal, the cost of security platforms to business is spiralling. According to Microsoft’s 2016 Trends in Cyber Security:

* More than 6 000 vulnerabilities are disclosed per year across the industry.
* 41.8% of all vulnerability disclosures are rated as highly severe – a three-year high.
* The encounter rate for consumer computers was about 2.2 times as high as the rate for enterprise computers (domain joined).

“In South Africa, organisations entering the cloud face the additional concern that their data will be hosted internationally, so the security aspect is very much top of mind for the local CIO considering taking his business into the cloud,” says Roseveare. “As a result, over the past couple of years we’ve seen an increase in the number of companies undergoing the cloud security journey, especially in South Africa where we don’t have any big data centres just yet. We’re having this conversation on a daily basis with businesses that are nervous to ship their data off overseas. They want to make sure it’s secure.”

“Other concerns that we’re seeing revolve around data sovereignty, businesses want to know whether other governments see their data. The perception is that the minute the data leaves South Africa’s borders, we lose control over what happens to it,” says Roseveare.

So South African organisations are caught in a quandary between migrating to the cloud – a non-negotiable for survival and growth – and keeping their data secure while complying with complex local and possibly international regulations. Roseveare says: “When you move your organisation to cloud services, you must be able to trust your service provider with your most important, sensitive and confidential data. Look for someone who focuses on building secure solutions that deliver value to customers, partners, and shareholders alike – both in the cloud and on-premises.”

What makes a good cloud partner from a security perspective? Well for one thing, explains Roseveare, they must address all areas of security, from identity and access to network security, data protection and data privacy. It’s also important that the provider be able to offer a holistic integrated security service as opposed to stand-alone products. Clients who have legislative or compliance requirements around their data, should also request extensive privacy controls and visibility into where their data resides and who has access to it, as well as whether the data is hosted in a single data centre or across more than one, so that should that data centre cease functioning for some reason, the data is still available. Customers with data sovereignty and compliance concerns will be glad to know that two hyper scale data centres are being developed in South Africa in 2018.

“There are three aspects to cloud security,” says Roseveare. “You want to secure your users’ identities, you want to protect your infrastructure and you want to ensure that apps and data are kept safe.”

User identity and customer data must be secured by means of enterprise grade multifactor authentication and information protection, so the use of biometric access controls such as retina or fingerprint scanning, as well as identifying the user’s location, can ensure that only legitimate users can access your data or applications.

Infrastructure management includes protecting mobile users, identifying potential threats and managing security incidents from detection to post-event analysis. The emphasis is on early detection, remediation and notification, which are key aspects of defending against security threats.

The bottom line, concludes Roseveare, is that whether the threat comes from inside your own organisation or from outside forces, you need to know that your organisation’s data is protected, regardless of where it resides.

Security As A Service

Our commitment to ensuring business continuity – even in the face of disruption – has been recognised by the British Standards Institution.

We’re proud to announce that we have earned ISO 22301 certification after a rigorous independent evaluation by the British Standards Institution last month. The ISO 22301 badge is recognised internationally and sets the standard for Business Continuity Management Systems.

“This certification highlights the strength of our company’s business continuity strategy,” says Gayle Roseveare, our Chief Operating Officer (COO) here at BUI. “It proves to our staff, partners and customers that we’re prepared for any eventuality – and that we’re able to serve and support the people who rely on us, no matter what. Our ISO 22301 badge represents our commitment to effective risk management, organisational resilience, and reliability – even in the face of disruption,” notes Roseveare.

What is ISO 22301?

Developed by the International Organisation for Standardisation, ISO 22301 lays out a framework to help companies like ours create, implement, and maintain a comprehensive business continuity management system (BCMS). The main aim is to ensure that companies are protected against unforeseen business challenges and equipped to respond and recover when such events do occur.

“BUI is a global company with offices in East Africa, South Africa, the United Kingdom and the United States,” says Roseveare. “On any given day, our teams are provisioning cloud infrastructure, monitoring and securing digital environments, and delivering a wide range of IT services to customers. We operate around the world and around the clock – and we have to be able to do so continuously. Whether there are power outages in South Africa or internet connectivity issues in Europe, we need to ensure we can deliver uninterrupted services to our customers. Our ISO 22301 certificate validates our planning for disruptive incidents and disasters.”

Why is ISO 22301 certification important?

“In an unpredictable business climate, it pays to be prepared,” explains Dhiren Boodhia, our Group Governance and Compliance Manager. “And that goes double for service providers like us. To earn our ISO 22301 certificate, we had to demonstrate that we have a thorough BCMS in place; that the staff in our various offices understand the BCMS and the processes required to sustain it; and that we are focused on maintaining business continuity and sustainability regardless of market uncertainties and challenges. I think the ISO 22301 badge is an important differentiator – especially when customers are looking for a steadfast technology ally that is as dedicated to legal and regulatory compliance as it is to protecting the business resources of the organisations it works with,” he says.

For customers who choose to partner with BUI, there are five key benefits, adds Boodhia.

  1. Consistency. ISO 22301 emphasises the importance of consistency when it comes to best practices and business processes. “We’ve been assessed on our capabilities around risk assessment and impact analysis as well as our strategies for mitigating disruptions. Our teams excelled in every area – and that means our customers can expect the highest standards of service and care from everyone at BUI,” says Boodhia.
  2. Data protection. With the cyber threat landscape evolving so quickly, data privacy and data security are critical considerations for customers. “ISO 22301 includes extensive conditions for data protection and data recovery,” notes Boodhia. “Our ISO 22301 badge, together with the ISO 27001 certification we achieved for our commitment to information security management, should give our customers even greater confidence: we handle all data respectfully and safely.
  3. Faster recovery. “ISO 22301 requires us to have a holistic strategy in place to deal with disruptions and disasters. It also mandates a detailed recovery plan to ensure that downtime is minimised – for our company and for the business organisations we serve,” says Boodhia. “BUI customers can be assured that, in the event of an issue, our teams will follow a step-by-step framework to resolve the problem as quickly as possible.”
  4. Greater compliance. By achieving ISO 22301 certification, BUI has met the global benchmark for business continuity management, adds Boodhia. “Many of our customers operate in highly regulated industries, like financial services and healthcare, and they must adhere to their own standards in terms of the services they provide to their clients. BUI is committed to maintaining essential functions during adverse circumstances – and that’s a big plus for customers who have strict compliance obligations.”
  5. Peace of mind. ISO 22301 calls for certified organisations to update and improve their business continuity processes to ensure that their strategies remain current, relevant, and effective. “We’re obligated to adapt and enhance our BCMS plan as our company grows,” explains Boodhia. “It’s good news for our customers because it means we’re always prepared. Whatever happens, the BUI services and solutions that so many businesses utilise every day will be available.”

Our commitment to your success

ISO 22301 may be our newest certification, but it’s also a testament to our unwavering focus on our customers, notes our COO. “To be a dependable, reliable technology partner, you need to anticipate the challenges you’re going to face and then take the necessary steps to ensure that you can address those challenges as soon as they arise. We’re being proactive today so that we’re ready for tomorrow – and always on hand to help our customers be productive, secure, and resilient,” Roseveare concludes.

Do you have a disaster recovery plan in place?

Our experts can help you craft a comprehensive backup strategy aligned with your business structure, your IT resources, your budget, and your goals.

Contact our team to arrange a discussion today.

share this article