By Thomas Mangwiro, Public Sector Lead at Mimecast
South Africa’s public sector entities are under pressure to deliver services despite the disruption caused by the COVID-19 pandemic.
Since the country went into lockdown in late-March, government departments and state-owned entities have had to rapidly adapt to very different work and economic environments.
The importance of uninterrupted service delivery cannot be overstated. Vulnerable communities across the country depend on government services for their survival and cannot afford any interruption.
How are public sector organisations faring in their efforts to ensure service delivery amid the current disruption?
At a recent roundtable discussion hosted by Mimecast, top public sector ICT leaders shared their experiences with adapting to COVID-19 as well as their broader ambitions for greater cloud adoption.
For a lucky few – including the National Department of Health – a fortuitous move to greater cloud service adoption ahead of the pandemic has helped them adapt quicker to the disruption it caused. For others, some pervasive issues still frustrate efforts at leveraging cloud services.
Aside from some underlying factors – the lack of network infrastructure in South Africa’s most rural areas, unreliable electricity supply, and no overarching government cloud policy to guide implementations – public sector ICT leaders are unanimous in their desire for greater adoption of cloud services.
Based on discussions with public sector ICT leaders, there are three main factors influencing the adoption of cloud services in the public sector, namely Data Sovereignty, Vendor and Channel Support, and Security.
Factor 1 – Security
A number of high-profile cyberattacks over the last year have left public sector organisations understandably nervous over cybersecurity, especially as more of their systems move into cloud environments.
Public sector organisations today have to contend with threats at their email perimeter, inside their network and organisation, and beyond the perimeter, where cybercriminals are finding increasing success with brand exploitation and spoof domains.
In addition to end-point security, email security, backup and recovery and on-going awareness training, organisations today have to protect against brand imitation as well as defend their owned domains, implement DMARC to protect the domains they own, and proactively hunt for, and takedown, domain and brand abuse.
This includes correctly implementing DMARC to protect the owned domains, combined with proactive hunting for, and takedown of, domain and brand abuse.
As one expert commented, “the heart of cloud resistance sits with security.”
There is also growing concern over using Microsoft365 without third-party security solutions, as unexpected downtime and a number of well-publicised security flaws potentially put critical systems at risk.
In the latest Mimecast State of Email Security 2020 Report, 60% of South African organisations reported suffering a Microsoft365 outage in the past 12 months, negatively affecting business productivity.
Nearly half (44%) of the organisations surveyed, are rolling out additional layers of security for their Microsoft365 email services.
In one case, one of a state-owned entity’s Azure servers were compromised and used to launch attacks against other organisations.
Standard security failed to detect or stop these attacks, prompting the rollout of additional layers of security including Mimecast solutions.
A defence in-depth approach that leverages the built-in security measures offered by the cloud providers, supplemented with additional security measures – including on-going cybersecurity awareness training – is increasingly acknowledged as best practice in the public sector.
Factor 2 – Support
For public sector organisations, support from their cloud service providers is essential.
Considering the sensitive nature of the information processed by public sector organisations – for example, the personal health information used by the Department of Health – it’s essential that any security issues are addressed quickly.
As one partner commented, “We need quick resolution to any security issues. Knowing we can rely on our partners during an emergency is a huge factor.”
Cloud service providers are also being called on to provide greater transparency in how public sector data is stored and secured.
In some cases, cloud vendors could be required to undergo an external audit and security verification to ensure they comply with government standards.
This calls for enhanced levels of support from vendors, and a model of on-going collaboration to help detect, fix and prevent security flaws and issues as the threat landscape continues to shift.
Factor 3 – Sovereignty
Finally, the matter of where data is stored remains high on the agenda for public sector ICT leaders. Some government departments delayed their adoption of cloud services due to concerns over data sovereignty.
There is good reason for this: if a data centre is located outside the borders of the country, what happens to the data during an emergency or unexpected outage?
As one ICT leader stated, “Public sector organisations cannot afford to be locked out of data when they need to deliver services to the public.”
Recent investments into local data centres by several of the cloud hyperscalers in part address the issue of data sovereignty, giving public sector ICT leaders reassurance that their data is stored within the boundaries of the country.
Microsoft launched local data centres in 2019, beating out main rival Amazon, who opened an AWS data centre in April this year.
As more of government’s critical functions move to the cloud and public sector organisations start realising the cost and efficiency benefits of cloud services, cloud vendors and service providers will need to ensure they can address government concerns and satisfy the three Ss of public sector cloud adoption.
This article was published in partnership with Mimecast.