THE SOUTH AFRICAN TREASURER: NEXT GENERATION TREASURY

28 TMI | THE SOUTHAFRICANTREASURER NEXT GENERATIONTREASURY Large cloud providers invest enormous amounts of resources in cybersecurity. Over the last decade, companies have again been asked to trade something physical for something less tangible – a server for a cloud1. And companies are heeding this request - business services, software, platforms and even infrastructure are moving out of companies’ premises and out to the cloud. Of course there aremany aspects to consider before any company, including in relation to its treasury function, decides tomove its business services, software, platforms and infrastructure to the cloud. These aspects include cost, flexibility, availability, complexity, control and dependence (lock-in). Another aspect to consider is risk.The Bank of England, for example, has expressed concern about ‘concentration risk’ of cloud computing and questioned the transparency and resiliency of cloud providers. If toomany entities use the same cloud provider, what would be the result if the cloud provider went down? Nevertheless, the trend ismoving towards the cloud, rather than away from it. Cybersecurity There are long lists of pros and cons of cloud computing, all of which are discussed at length in the press. One aspect however that should be at the top of the list of any company’s consideration is cybersecurity. Howwill the company deal with cybercriminals that launch denial of service attacks, employees that accidentally deploy malware, or phishing? Does cybersecurity fit into the ‘pro’ column or the ‘con’ column when accessing amove to the cloud? Are a company’s data and processes safer in a localised server environment where the company itself has greater control, or in the cloud? The answers to these questions seem more andmore to favour amove to cloud computing. Firstly, larger cloud providers are able to and do in fact invest enormous amounts of resources in cybersecurity. Although a company ultimately carries its own responsibility for ensuring the security of its own data, the larger cloud providers are working on and providing services that help companies uphold their ends of cybersecurity responsibility.These services include platforms, which integrate into a cloud provider’s overall cloud computing services, and help companies automate and continually scan cloud assets for vulnerabilities, threats and compliance, giving greater visibility into a company’s segment of security and riskmanagement. However, notwithstanding these efforts by cloud providers, the security of a company’s data in the cloud also depends massively on the company itself.The companymust ensure that it has in place rigorous policies and processes to secure local storage (e.g., employees’ laptops and smart phones) and control access to the systemor cloud (e.g., employees’ passwords and other authenticationmethods). New security vulnerabilities are springing up regularly as we adopt what is termed the Internet ofThings – the use of seemingly innocuous technology like smart light bulbs and thermostats, and wireless speakers and home security systems. Where such items are connected to a company’s own IT systems the linkmay be obvious, but it may be less obvious where, for example, a home security system is connected to a smart phone, which an employee also uses to connect to her employer’s IT system. It may be difficult for companies to quickly identity these vulnerabilities given the speed at which they appear. Again, larger cloud providers aremore likely to be on top of these vulnerabilities given their large investment in cybersecurity. Cybersecurity specialists Cloud providers also direct large budgets to employ talented cybersecurity specialists who focus exclusively on cybersecurity, unlike IT department employees at many companies who are also tasked with acting as document production help-desks, hardware installers and printer technicians. By contrast, cybersecurity specialists spend their days continually testing for and finding security weaknesses, monitoring for breaches or malware and fixing and strengthening gaps or attack sites. In addition, large cloud providers are able to deal effectively with international laws and regulations that local companies may not even be aware of. A good example of this is the General Data Protection Regulation (GDPR), which is a European regulation that applies to and protects the private data of residents of the European Union and European Economic Area (European residents).The GDPR applies to such data even if European residents are transacting or doing business with KELLE GAGNÉ Counsel, Banking Department, Allen&Overy Kelle Gagné is a counsel in the banking department of Allen &Overy, Johannesburg, and has been practising law in the areas of financial services regulation and structured finance for 20 years. Her skills lie primarily in the derivatives, securities lending and repomarkets and regulations, but she also has an interest in fintech, the emerging regulation of cryptocurrency and emerging financial services regulation in Africa.

RkJQdWJsaXNoZXIy MjczOTI1