Cyber
Cloud security - What leaders and executives need to keep in mind and act upon
June 12, 2025
Plena Solutions Ltd.Newsletter
June 2025
· Cloud adoption inEastern and Southern Africa is accelerating. With the increase in cloud adoption in our region, organizations face unique security challenges that require African-specific approaches. In this newsletter, we share insights on three critical cloud security considerations:
o Keeping your data within legal borders: How to comply with laws requiring customer data to stay within specific countries while using international cloud services.
o Securing remote employee access to cloud systems: Protecting your organization's data when employees workfrom home, or anywhere outside the office.
o Managing risks from cloud service providers: Understanding and addressing security gaps when relying on international technology vendors who may have limited presence in Eastern and Southern Africa.
· In this issue we share a review of cloud security challenges specific to Eastern and SouthernAfrican organizations, along with recommendations for securing cloud infrastructure. We also address how to approach regional constraints andcompliance requirements.
Plena Solutions – Bringing you Eastern and Southern AfricanFocused Cybersecurity Insights
We are pleased to share the June 2025 edition of our newsletter, designed to provide business and cybersecurity leaders in the Eastern and Southern African region with insights on cybersecurity and risk-related topics. Our goal is to help our community of leaders protect and maintain the integrity of their organizations.
About us
Plena Solutions Ltd. is a cybersecurity solutions provider, with a primary focus onaddressing the needs and challenges of organizations from the private and public sectors in Eastern and Southern Africa. With offices in Kenya and Israeland activity across Eastern and Southern Africa, we combine deep local insights, experience, expertise, and global top-notch cybersecurity technologies & solutions. We serve as our clients' trusted advisor and implementation partner on risk and cybersecurity topics, helping them keep safe and ahead of any cyber threat.
A. Keeping your data within legal borders
1. The challenge:
· Every country in our region has laws about where customer data can be stored. Kenya, South Africa, Rwanda, Tanzania, and Uganda each require certain types of data - especially personal and financial information -to remain within their borders. This becomes complicated when using cloud services like Microsoft Azure, Amazon Web Services, or Google Cloud, because these providers don't have data centers in every African country.
· Many organizations assume that selecting an "Africa region" in their cloud settings means their data stays in their country.In reality, your Kenyan customer data might be sitting in a data center inSouth Africa or even Europe, potentially breaking the law without you knowing it.
· For example, Kenya and Rwanda require certain data to be stored within their borders, with extremely high penalties appplied if violated.Many organizations unknowingly breach these requirements because selecting'Africa' in cloud settings typically means South Africa - currently the onlyAfrican country with data centers from all major providers - not the organization's home country.
2. Practical steps to stay compliant:
· Know your data: Create a simple classification system -which data must stay in-country, which can go anywhere, and which needs special protection.
· Mix local and international solutions: Keep sensitive customer data in local data centers or on your own servers, while using international cloud services for everything else.
· Control your encryption keys: Even if data is stored abroad, keep the"keys" that unlock it within your country's borders.
· Check regularly: Cloud providers change their systems frequently. Review where your data actually sits every quarter.
· Get it in writing: Make cloud vendors specify exactly where they'll store your data and include penalties if they move it without permission.
B. Securing remote employee access
1. The challenge:
· Working from everywhere: With employees now working from homes, co-working spaces and other remote locations, your company data is accessed from everywhere. Unlike the office, these locations often have weak internet security, shared WiFi, and personal devices mixing with work activities.
· Cybercriminals take advantage of vulnerable remote access: They're actively targeting remote workers in Africa with fake login pages for popular services like Office 365 and Google Workspace.Once they steal login credentials, they can access your cloud systems from anywhere.
· Attacks on cloud access points have been increasing: Cybercriminals are exploiting remote access vulnerabilities to target cloud services.According to CrowdStrike's 2024 Global Threat Report, cloud environment intrusions leaped by 75% in 2023. A Sophos study found that 65% of breaches involved remote access technologies like VPNs or Remote Desktop Protocol, while80% of IT leaders report increased security incidents from remote cloud access.Attackers primarily use stolen credentials to infiltrate Office 365, GoogleWorkspace, and other cloud platforms.
2. Practical steps to secure your organization’s cloud access
· Verify everything: Implement systems that double-check the identity of anyone accessing your cloud services, regardless of where they claim to be.
· Smart access controls: Use technology that asks for extra verification when something seems unusual - like a login from a new location or device.
· Monitor cloud usage: Deploy tools that track which cloud services employees are using, including personal Dropbox or Google Drive accounts that might leak company data.
· Protect regardless of network: Use security tools that work whether employees are on office WiFi, home internet, or public networks.
· Secure personal devices: Create a program to protect company data on personal phones and laptops without invading privacy.
1. The challenge:
· Most organizations now rely on dozens of cloud services - from accounting software to customer management systems. When these vendors have security problems, your data is at risk. The challenge in Africa is that many international vendors provide minimal local support, meaning when something goes wrong, you might wait days for help.
· Nearly half (48%) of 2024 data breaches involved third-party vendor vulnerabilities.Organizations typically manage 250-500 vendors, yet 63% lack proper oversightof vendor access. When international cloud providers suffer breaches, African companies often wait longest for support due to limited regional presence
2. Essential cloud security tools and strategies:
· Cloud Security Posture Management (CSPM): These tools continuously scan your cloud environments to find misconfigurations - like storage buckets accidentally set to "public" or databases exposed to the internet. They provide dashboards showing your security gaps and prioritize what to fix first.
· Cloud Access Security Brokers (CASB): Think of these as security guards for your cloud services. They sit between your users and cloud applications, monitoring who's accessing what, blocking suspicious activities, and preventing sensitive data from being downloaded to unauthorized devices.
· Cloud Workload Protection Platforms (CWPP): These protect the actual applications and services running in your cloud. They detect malware, block attacks, and ensure your cloud servers stay secure - especially important when vendors might not patch their systems quickly enough for African customers.
· SaaS Security Posture Management (SSPM): Specifically designed for services like Office 365, Salesforce, or Google Workspace, these tools check that your settings follow security best practices and alert you when risky changes are made.
· Multi-Factor Authentication (MFA) Solutions: Beyond basic passwords, these require additional verification like phone confirmations or biometric scans. Modern solutions can even detect when someone's behavior seems suspicious and require extra verification.
· API Security Tools: Since cloud services talk to each other through APIs, these tools monitor and protect those connections, preventing attackers from exploiting weak points where services connect.
Closing notes
Cloud security isn't just about technology - it's about finding the right balance between global cloud benefits and local realities. Whether it's keeping data within borders, protecting remote workers, or managing vendor risks, success requires both the right tools and the right approach.
At Plena Solutions, we specialize in helping organizations navigate these exact challenges. As a local solution provider we understand the unique local context and challenges and are specialized in curating effective cyber protections and solutions, addressing risks and compliance requirements.
We believe that cloud security challenges should not slow down digital transformations, with the right curated setup, your organization could also benefit from using cloud technologies while staying safe and compliant.
Sources and further reading:
· https://cipesa.org/2024/04/advancing-sustainable-cross-border-data-transfer-policies-and-practices-in-africa/
· https://www.mofo.com/resources/insights/220131-africa-and-the-near-east
· https://www.techtarget.com/searchsecurity/news/366570633/CrowdStrike-Global-Threat-Report-Cloud-intrusions-up-75
· https://www.censinet.com/perspectives/remote-access-vulnerabilities-why-48-of-2024-data-breaches-came-through-third-party-connections