Cloud security must be treated as an ongoing operational discipline rather than a one-time migration exercise. (Image: Datacentrix) For years, cloud adoption was positioned as a fast track to agility, scalability and digital transformation. Today, as organisations operate increasingly distributed environments, many are entering a new phase of cloud maturity, one that requires them to rethink accountability for security across public cloud, private cloud and on-premises infrastructure.According to the World Economic Forum’s Global Cybersecurity Outlook 2026, cloud technologies are ranked as the second most significant technology expected to affect cyber security over the coming year, after only AI. This finding suggests that, while many businesses are well advanced in their cloud journeys, cloud security and governance remain high priorities.This also reinforces the need to treat cloud security as an ongoing operational discipline rather than a one-time migration exercise.“Businesses moved quickly into cloud environments without fully understanding how their security obligations would change and are now reassessing the cloud decisions they made during these periods of rapid digital adoption,” explains Kyle Pillay, Security as a Service Manager at Datacentrix, which positions itself as a leading hybrid ICT systems integrator and digital transformation partner.“And as organisations continue to expand their cloud adoption, the challenge has moved well beyond deciding whether to use cloud or not, towards understanding how to secure increasingly distributed environments while maintaining visibility, resilience and control.”“One of the biggest misconceptions we’re still seeing is the assumption that the cloud provider takes care of all levels of security, but this is not necessarily the truth. Depending on the cloud delivery model selected, the provider might secure certain portions of the environment, but customers remain responsible for many of the controls that ultimately protect their applications and data,” he adds.For instance, with infrastructure as a service (IaaS), providers supply compute resources and underlying infrastructure, but responsibility for securing applications, access controls and data remains largely with the customer.Kyle Pillay, Security as a Service Manager at Datacentrix. Platform as a service (PaaS) reduces some operational burden but still requires organisations to manage configuration, access control and data security.Even software as a service (SaaS), often viewed as the most provider-managed option, does not remove the requirement for companies to secure their own business data.“There’s a cloud shared responsibility model, but often businesses don’t spend enough time checking and understanding the fine print. Governance, risk management and compliance don’t disappear because workloads move into someone else’s environment, these obligations still apply.”Besides this, Pillay notes that public cloud can also increase exposure if security controls are not configured correctly. “The risk isn’t public cloud itself, but rather from using public cloud without enabling the security controls designed to protect it. This is because public cloud environments make infrastructure more accessible and easier to discover, meaning that threat actors can identify technologies, configurations and software versions rapidly, reducing the effort required to locate exploitable weaknesses.”Even with these security realisations, rather than abandoning cloud, organisations are simply becoming more deliberate in its use. According to Pillay, many businesses are now adopting hybrid architectures, keeping critical workloads on premises while moving less sensitive workloads into cloud environments.Private cloud is also attracting renewed interest in South Africa due to more predictable locally based cost structures and increasing access to security as a service models.“Regardless of how a business is consuming cloud, security needs to exist across every layer – from infrastructure through to applications and data,” he says. “Many organisations underestimate that complexity until they’re already operating in production.“All of this means that companies need to realign their data security strategies,” Pillay continues. “The landscape has changed and what worked during the initial cloud adoption phase may no longer be fit for purpose. “This evolution means security strategies must evolve to incorporate factors such as data classification, compliance requirements, encryption policies, recovery objectives across environments and more,” he concludes. “In the next phase of cloud maturity, accountability may prove just as important as adoption.”To learn more about Datacentrix’s cyber security services offering, please visit https://www.datacentrix.co.za/cybersecurity-services.html.DatacentrixDatacentrix is a leading, African-born systems integrator and managed services provider that operates in Africa and the Middle East. The company’s mature portfolio incorporates intelligent hybrid cloud solutions, security services, data management and resource augmentation.As an industry forerunner with a prominent track record since 1994, Datacentrix leverages advanced technologies to help customers realise smart operations, competitive advantage and strategic business outcomes. The company partners with its customers to reshape their organisations through technology, paving the way to a sustainable future in an artificially intelligent, data-driven world.Datacentrix has a noteworthy empowerment history and has held a Level One Broad-based Black Economic Empowerment (B-BBEE) Contributor rating since 2017. The company is 100% Black owned, 72.88% Black women owned and is esteemed as a Designated Supplier, which enables 135% procurement recognition for our customers.For more information, please visit www.datacentrix.co.za