• Latest
  • All
  • How To

Highlights of AITEC East Africa Summit – Security Panel Discussion

October 27, 2012
Samsung QLED TVs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

May 9, 2025
Apple Smart Glasses

Apple Is Making Its Own Chip for Smart Glasses Coming by 2027

May 9, 2025
Safaricom

Safaricom Breaks Barriers with $3B Milestone and Bold Ethiopia Play

May 9, 2025
Private Number calls

How to Handle Private Number Calls in Kenya

May 8, 2025
DHgate Tablet Cases deals
Kenya Power EV charging stations

Kenya Power Rolls Out 45 EV Charging Stations Across the Country

May 8, 2025
Bayobab

MTN’s Bayobab Connects Uganda and Kenya with New Fiber Route

May 8, 2025
Airtel Africa Starlink partnership

Starlink Is Expanding in Africa Through New Airtel Partnership

May 8, 2025
Android FreeType patch

Android May 2025 Security Update Fixes Critical FreeType Zero-Click Vulnerability

May 7, 2025
worldcoin kenya

Court Ruling Orders Worldcoin to Delete All Kenyan Biometric Records

May 7, 2025
smartphones-2024

Smartphone Market Recovers Slightly in Q1 2025 With Apple, Vivo Leading Gains

May 7, 2025
GTA 6 Trailer 2

GTA 6 Trailer 2: Rockstar Confirms Release Date and Dual Protagonists

May 7, 2025
YouTube Premium Duo

YouTube Now Lets Two People Share a Premium Plan

May 6, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Highlights of AITEC East Africa Summit – Security Panel Discussion

Carlos Ageng'o by Carlos Ageng'o
October 27, 2012
in News
Reading Time: 4 mins read
264
0

AITEC Africa

There were two parts to this discussion. The first: How does cloud computing influence information security and how should we embrace it regionally? Part two addressed the role of law enforcement in fighting cybercrime. Among the panellists were Edwin Moindi from PriceWaterhouseCoopers, Paul Roy from Microsoft, Lucy Munga from Barclays Africa and Collins Ojiambo from Kenya Airways.

The session began with a presentation from Edwin Moindi. This addressed the important steps to be considered before adopting cloud computing. Cloud computing is driven by consumerism (the availability of devices, mobile phones, PCs has led to a great demand for information), collaboraton and being able to access computing resources everywhere. Applications have evolved from LAN-based to cloud based services. With the advent of the cloud, computing promises to become a utility service. This is already the case with SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service).

To choose a suitable cloud service, the organization needs to assess its requirements. Reviewing the certifications and regulations that address data integrity is key to developing a cloud migration strategy. The organization’s data also needs to be classified in order to identify which data is to be pushed to the cloud. Before presenting the cloud as a solution, you should ensure that it is going to be a cheaper and more efficient service than what the organization already uses. How much effciency does the cloud bring? What risks does it bring? How do you reduce those risks? Once the organization has assessed its needs then it has a choice between different services: PaaS, IaaS and SaaS. At the deployment stage there are also different choices: public, private and hybrid.

The organization however needs to develop a security model before moving to the cloud. This includes assessing the physical components (location, computer), compliance and audit directives. It is essential that you assume a no-trust policy before you entrust your data to the cloud services provider. The provider should be able to prove to you that they can protect your information. This should include the matrices, compliance and certifications that indicate the level of data protection. When adopting the cloud services, first deploy less critical information. As the market matures, you can re-examine the level of adoption and decide on better options for the organization.

In moving data to the cloud, most people resort to complacency since there is the belief that responsibility shifts from you to the provider. But according to the objectives concerning external practice in the ISO 27002 certification, your controls shouldn’t reduce as a result of moving data to an external service. The organization should be aware of differences in legal frameworks between countries. Cloud services tend to be in a different jurisdiction from that of the organization. The limitations faced by the organization as a result of this fact should be assessed. This way the organization can serve their customers without making impractical promises. In the AWS service for example, Amazon only takes care of the environmental and physical security, everything else becomes the consumer’s responsibility including the operating system and application security.

Part of the organization’s risk management should include risks dealing with fibre cuts as this forms the backbone of cloud services. Don’t assume that the cloud will be available 24/7, there should be some form of backup such that critical business services are not affected by outages. Every requirement should be provided for in the SLA (Service Level Agreement), including the right to audit clause and data protection. The contract should also take into account the differences in legal framework between countries. The SLA should therefore be the basis of dispute resolution between vendor and customer. This is because most courts refer cases that involve technical evidence (like IT operations data) to alternative arbitration which can prove to be rather expensive.

Role of Law Enforcement in fighting Cybercrime

The advantage of cybercrime is anonimity. In most cases, the victim will never know who is to be prosecuted. The Communications Commission of Kenya (CCK) has taken some steps in reducing this risk by ensuring that mobile phone users are registered. It is therefore easier to trace the origin of criminal activities perpetuated using mobile phones. Over the years, the capacity of the Kenya Police to handle cybercrime has been gradually increased. A cybercrime unit trained by the FBI has been instituted into the force. According to Collins Ojiambo, there needs to be an independent team that handles cyber-security issues. Currently, this is handled by the CCK which is also responsible for postal services and the availability of telecommunication services. Mr. Ojiambo says that for the government to develop an effective cyber-security strategy, there must be collaboration from industry players.

Cyber attacks are conceived and master-minded by ordinary criminals who recruit people skilled in IT operations. There are few cases where they are not actually driven by the technical guys. These criminals have the ability to commit resources needed for sophisticated cyber threats such as APT’s (Advanced Persistent Threats). APT’s are well organized attacks carried out by specialized teams. These attacks have very specific targets ranging from individuals to huge corporations. Other types of cyber-attacks include cyber bullying and impersonation. But the question arises, can you prosecute cybercrimes committed in a different jurisdiction.

Information security mainly involves privacy and confidentiality of data. Some ways of reducing risks posed to confidentiality are creating personal trust and operating under ethical business practices. When hiring, the organization should make an effort to know their employees values and ensure that their members will maintain the confidentiality of the organization’s information.

Although the data protection bill in Kenya is making headway, it may not be passed into law until the election period is over. However, there’s a chapter in the Kenyan law that criminilazes disclosing passwords, says Mr. Ojiambo. The penalty can be upto 200,000 shillings. Hacking is also criminalized in the penal code. For anything to be labelled a crime, it has to be defined in the penal code. “The most common form of electronic record is a document,” says Mr. Ojiambo “Anywhere on the penal code where there is a document, the words “or electronic” can be added making most of bringing in half the population with you.”

Tags: Cloud ComputingData Protection
SendShare146Tweet92
Carlos Ageng'o

Carlos Ageng'o

Bringing you news on information systems, business intelligence and IT innovations. Contact me on @aKhadiemik and c [dot] agengo [at] techweez [dot] com

Related Posts

MPs phone numbers shared online on Twitter to oppose Finance Bill 2024.

Doxxing or Democracy? How Kenyans Used MPs’ Phone Numbers to Protest Finance Bill 2024

June 21, 2024
Nigeria Data Protection Act 2023 signed into law by President Tinubu

Nigeria Data Protection Act is Now Law

June 16, 2023
Amazon server down for 2 hours

Amazon Server Outage Hits Major Websites

June 14, 2023
Machakos University Ordered to Pay Former Student KES 0.7 Million for Using Her Images on Ads

Machakos University Ordered to Pay Former Student KES 0.7 Million for Using Her Images on Ads

August 18, 2022
Who is a Data Controller and Data Processor?

The Process of Registering as a Data Controller and Data Processor

July 19, 2022
Legal Crystal Ball: Top Focus Areas for ICT Policy and Law in 2020

Legal Crystal Ball: Top Focus Areas for ICT Policy and Law in 2020

February 1, 2020

Latest

Samsung QLED TVs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

May 9, 2025
Apple Smart Glasses

Apple Is Making Its Own Chip for Smart Glasses Coming by 2027

May 9, 2025
Safaricom

Safaricom Breaks Barriers with $3B Milestone and Bold Ethiopia Play

May 9, 2025
Private Number calls

How to Handle Private Number Calls in Kenya

May 8, 2025
Kenya Power EV charging stations

Kenya Power Rolls Out 45 EV Charging Stations Across the Country

May 8, 2025
Bayobab

MTN’s Bayobab Connects Uganda and Kenya with New Fiber Route

May 8, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

May 9, 2025

Apple Is Making Its Own Chip for Smart Glasses Coming by 2027

May 9, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

Introducing A Brainbox Quiz: Techweez’s Monthly Trivia Night!

5 Most Reliable Virtual Dollar Card Providers in Nigeria

More News

Starlink Is Expanding in Africa Through New Airtel Partnership

Android May 2025 Security Update Fixes Critical FreeType Zero-Click Vulnerability

Court Ruling Orders Worldcoin to Delete All Kenyan Biometric Records

Smartphone Market Recovers Slightly in Q1 2025 With Apple, Vivo Leading Gains

GTA 6 Trailer 2: Rockstar Confirms Release Date and Dual Protagonists

YouTube Now Lets Two People Share a Premium Plan

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.