THE SOUTH AFRICAN TREASURER: NEXT GENERATION TREASURY

TMI | THE SOUTHAFRICANTREASURER 29 NEXT GENERATIONTREASURY Notes 1 “The cloud” refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centres situated all over the globe. By using cloud computing, companies do not manage physical servers themselves or run software applications on their ownmachines. companies outside these areas. Many South African companies regularly transact with European residents that own property in South Africa, or that spend a few northern hemisphere winter months in South Africa. Such companies may not be aware of the applicability of the GDPR, or have the internal technology resources to ensure that personal data storage complies with the GDPR. For a company to consult counsel and employ the technological resources necessary to comply with the GDPR on an individual basis is likely to be costly. Other types of regulation that may require cybersecurity capabilities are payment processing, audit confidentiality and financial data reporting. By selecting the right cloud provider, a company will be able to draw on the expertise and experience that the cloud provider has in complying with international laws and regulations for its other customers. Scale and expertise can tip the balance These areas are where the scale of cloud providers and the expertise they employ can push cybersecurity into the ‘pro’ column in any evaluation of whether a company should keep its data and processes on servers in house or move them to the cloud. It remains imperative that in implementing and overseeing a cloud computing solution, a company’s governance structure needs to be on top of the company’s cybersecurity strategies and the laws with which the companymust comply. Those responsible for ensuring compliance with the policies and strategies of the company, as well as the laws to which the company is subject, play an important role in directing and overseeing the company’s cloud providers’ services. Additionally, any applicable regulation pertaining to what may be outsourced to a cloud provider must always be observed. As technology advances, regulation gets more complex and cybercriminals get more sophisticated, it is becomingmore difficult to see how a company’s isolated IT function will be able to keep up with the constantly changing landscape. If cloud providers are able to keep pace with the changes, in the future wemay see not only that cybersecurity is a reason tomove to the cloud, but also that staying out of the cloud becomes perceived as a risk in itself. n In the future staying out of the cloudmay be perceived as a risk in itself.

RkJQdWJsaXNoZXIy MjczOTI1