Transitioning most or all of your organization’s employees to remote work creates significant security challenges. Your business continuity plan should take these challenges into account and include solutions to address these new risks. And what you can learn…
Today’s hybrid networks make centralized visibility and control difficult to achieve.
Consolidation and integration of networking and security are the best strategies for addressing such overly complex environments. But selecting the right solution can be daunting, and there are several critical mistakes to avoid.
SD-WAN solutions that lack consolidated security and networking require adding an assortment of tools to secure and manage the solution. Instead of SD-WAN making things easier, complexity is increased and security gaps are introduced.
Ransomware is rapidly growing, partly due to the expansion of Ransomware-as-a-Service. These easily obtainable tools make it easy and cost-effective for nearly any bad actor to launch a successful ransomware attack.
POPIA is going to be enforceable as of 1 July 2021, and while the majority of businesses have already embarked on their data protection journey, having a set deadline for compliance puts the pressure on, says Pieter Nel, Regional Head for SADC at Sophos.
Nel makes particular reference to the POPI Act’s Condition 7 on security safeguards, which requires businesses to secure all of the personal information that they have by implementing appropriate and reasonable security measures.
He clarifies: “The POPI Act sets forth eight conditions for the lawful processing of personal information. These conditions address how organizations demonstrate accountability for the privacy of individuals in South Africa. The Act regulates how this information is collected, stored, processed and shared. It also includes security measures that responsible parties must comply with to ensure the integrity and confidentiality of personal information.”
In brief, businesses have an obligation to safeguard the personal information that they have from being destroyed unlawfully, accessed unlawfully, being lost or damaged. They need to put reasonable technical and organizational measures in place to protect this personal information. They also need to identify and priorities new risks.
Businesses can deploy firewalls to monitor and block malicious, exploitive inbound and outbound traffic and consider solutions such as intrusion prevention systems, advanced persistent threat, anti-virus, sandboxing, Web and e-mail protection. It’s also key to implement a solution that can identify and highlight shadow IT, the use of IT-related hardware or software without the knowledge of IT or security department. Identifying such usage helps to prevent exposure of sensitive data through non-approved company services (Dropbox, etc) and can save organizations from potential risk. Deployed solutions must be able to share threat, system health and security information in real-time.
Endpoints require protection against data-stealing malware and ransomware. Data on mobile devices must be secured and encrypted. Data should be encrypted and secured wherever it goes, including in transit. Businesses should consider a solution that automatically detects shared storage and database resources in the public cloud, assessing security posture and configurations to reduce the risk of a data breach.
Businesses should consider user-aware control over applications, Web surfing and other network resources and the ability to identify users who utilize high network traffic. Compromised machines should be isolated, preventing lateral movement or data exfiltration. It’s also key to manage access privileges for user, group and cloud service roles able to access public cloud accounts and resources storing data. Identity access management (IAM) policy updates must be done on a regular basis. Protect privileged and administrator accounts with two-factor authentication.
“Most South African businesses had already implemented some of the measures suggested above to secure personal information long before POPIA or GDPR were enacted, so may just need to review their data protection policies and technologies and possibly implement some additional ones where required. Access rights and security measures also need regular review,” says Nel.
Stratus Cloud Consulting is excited to announce that the AWS South Africa – Cape Town Region went live on 22 April 2020. The Region is named “Africa (Cape Town)” with the label “af-south-1”.
In light of the current Global Corona Virus (Covid-19) pandemic, the launch of this region couldn’t have come at a better time for the African Continent. Not only will it aid businesses with enabling their employees to work remotely, but it will also generate lots of employment opportunities in IT sector.
For Businesses and IT Professionals that are interested to learn more on how this new Region performs see below some graphs showing Network Latency from the new South Africa Region to some key Internet Destinations.
Latency from AWS Cape Town to other AWS Regions
Latency from AWS South Africa (Cape Town) to Anycast DNS Cache Servers
Our team of consultants are available to assist with any deployments or migrations to the new South Africa region.
Click here for more information on the services that we support.
New AWS Infrastructure Region in the first half of 2020 will enable customers to run workloads in South Africa and serve end-users across the African continent with even lower latency
AWS to Open Data Centers in South Africa – Amazon Web Services, Inc. (AWS), an Amazon.com company, today announced it will open an infrastructure region in South Africa in the first half of 2020. The new AWS Africa (Cape Town) Region will consist of three Availability Zones. Currently, AWS provides 55 Availability Zones across 19 infrastructure regions worldwide, with another 12 Availability Zones across four AWS Regions in Bahrain, Hong Kong SAR, Sweden, and a second GovCloud Region in the U.S. expected to come online in the coming months.
EC2 Proudly South African
“Having built the original version of Amazon EC2 in the Cape Town development center 14 years ago, and with thousands of African companies using AWS for years, we’ve been able to witness first-hand the technical talent and potential in Africa,” said Andy Jassy, CEO, Amazon Web Services, Inc. “Technology has the opportunity to transform lives and economies across Africa and we’re excited about AWS and the Cloud being a meaningful part of that transformation.”
AWS investing in South Africa
The new region is the latest in a series of AWS investments in South Africa. In 2004, Amazon opened a development center in Cape Town that focuses on building pioneering networking technologies, next generation software for customer support, and the technology behind Amazon EC2. AWS has also built a number of local teams including account managers, customer services representatives, partner managers, solutions architects, and more to help customers of all sizes as they move to the cloud. In 2015, AWS opened an office in Johannesburg, and in 2017 brought the Amazon Global Network to Africa through AWS Direct Connect. In May of 2018, AWS continued its investment in South Africa, launching infrastructure points of presence in Cape Town and Johannesburg, bringing Amazon CloudFront, Amazon Route 53, AWS Shield, and AWS WAF to the continent and adding to the 138 points of presence AWS has around the world.
Lower Latency across Sub-Saharan Africa
The addition of the AWS Africa (Cape Town) Region will enable organizations to provide lower latency to end users across Sub-Saharan Africa and will enable more African organizations to leverage advanced technologies such as Artificial Intelligence, Machine Learning, Internet of Things (IoT), mobile services, and more to drive innovation. Local AWS customers will also be able to store their data in South Africa with the assurance that their content will not move without consent, while those looking to comply with the Protection of Personal Information Act (POPIA) will have access to secure infrastructure that meets the most rigorous international compliance standards.
Offerings: AWS is integrated IaaS+PaaS. Its Elastic Compute Cloud (EC2) offers metered-by-the-second multitenant and single-tenant VMs, as well as bare-metal servers. AWS’s hypervisors are based on Xen and KVM. There is multitenant block and file storage, along with extensive additional IaaS and PaaS capabilities. These include object storage with an integrated CDN (Amazon Simple Storage Service [S3] and CloudFront), Docker container services (Amazon Elastic Container Service [ECS], ECS for Kubernetes [EKS], and Fargate container instances), a batch computing service (AWSBatch), event-driven “serverless computing” (Lambda) and an aPaaS-like developer experience (Elastic Beanstalk). It is willing to negotiate large-scale single-tenant and on-premises deals (such as the U.S. intelligence community cloud deal). The AWS Marketplace has an extensive selection of third-party software and services. VMware offers a VMware Cloud Foundation service within AWS data centers (VMware Cloud on AWS). Enterprise-grade support is extra. It has a multi-fault-domain SLA. Colocation needs are met via partner exchanges (AWS Direct Connect).
Locations: AWS groups its data centers into regions, each of which contains at least two availability zones (data centers). It has multiple regions across the U.S., as well as in Canada, France, Germany, Ireland, U.K., Australia, India, Japan, Singapore, South Korea and Brazil. It also has one region dedicated to the U.S. federal government. There are two China regions — Beijing (operated by Sinnet) and Ningxia (operated by Ningxia Western Cloud Data Technology [NWCD]) — which require a China-specific AWS account. It has a global sales presence. The portal and documentation are provided in English, Dutch, French, German, Italian, Japanese, Korean, Mandarin, Portuguese and Spanish. The primary languages for support are English, Japanese and Mandarin, but AWS will contractually commit to providing support in a large number of other languages.
Provider maturity: Tier 1. AWS has been the market pioneer and leader in cloud IaaS for over 10 years.
Recommended mode: AWS strongly appeals to Mode 2 buyers, but is also frequently chosen for Mode 1 needs. AWS is the provider most commonly chosen for strategic, organizationwide adoption. Transformation efforts are best undertaken in conjunction with an SI.
Recommended uses: All use cases that run well in a virtualized environment.
AWS has been the dominant market leader and an IT thought leader for more than 10 years, not only in IaaS, but also in integrated IaaS+PaaS, with an end-of-2017 revenue run rate of more than $20 billion. It continues to aggressively expand into new IT markets via new services as well as acquisitions, adding to an already rich portfolio of services. It also continues to enhance existing services with new capabilities, with a particular emphasis on management and integration. AWS is the provider most commonly chosen for strategic adoption; many enterprise customers now spend over $5 million annually, and some spend over $100 million. While not the ideal fit for every need, it has become the “safe choice” in this market, appealing to customers that desire the broadest range of capabilities and long-term market leadership. AWS is the most mature, enterprise-ready provider, with the strongest track record of customer success and the most useful partner ecosystem. Thus, it is the provider not only chosen by customers that value innovation and are implementing digital business projects, but also preferred by customers that are migrating traditional data centers to cloud IaaS. It can readily support mission-critical production applications, as well as the implementation of highly secure and compliant solutions. Implementation, migration and management are significantly eased by AWS’s ecosystem of more than 2,000 consulting partners that offer managed and professional services. AWS has the broadest cloud IaaS provider ecosystem of ISVs, which ensures that customers are able to obtain support and licenses for most commercial software, as well as obtain software and SaaS solutions that are preintegrated with AWS.
AWS’s extensive portfolio of services requires expertise to implement. Customers should be aware that while it’s easy to get started, optimal use — especially keeping up with new service innovations and best practices, and managing costs — may challenge even highly agile, expert IT organizations, including AWS partners. As new, less-experienced MSPs are added to AWS’s Audited MSP Partner program, this designation is becoming less of an assurance of MSP quality. However, since it sets a high minimum bar for MSP capabilities, it is still the best way to identify partners that use AWS best practices, especially when used in conjunction with the DevOps and Migration Partner competency designations. Throughout its history, AWS has near-invisibly updated its service implementations as its scale and customer requirements have changed. Customers may need to make the active choice to gain the full advantage of some modernizations that represent a generational shift in technology, such as the new Nitro offloaded-virtualization platform that is used for some new EC2 instance types. Competitors that copy AWS ideas sometimes have the opportunity to improve on the implementation or service construct. AWS is still adapting to the emergence of meaningful competitors — not only cloud providers, but also entrenched competitors in the new markets that it is entering with services that displace existing solutions. Also, as AWS introduces more open-source-compatible services, it has increasingly needed to work with open-source communities in a mutually beneficial fashion, and has begun to change its approach accordingly. Customers’ future technology choices are likely to be influenced by AWS’s ecosystem relationships.