By 
By Allan Juma, Lead Cyber Security Engineer, ESET
As organisations across South Africa navigate fragile global markets, currency volatility, rising fuel costs and tightening interest rates, technology investments are facing unprecedented scrutiny at board and executive levels. Yet, amid this pressure, multicloud strategies are emerging not as discretionary IT upgrades, but as critical enablers of compliance, resilience and long-term competitiveness.
RELATED: Orchestrating multicloud: Implementing a strategy that works
“In multicloud environments, security should be about preserving an organisation’s ability to operate and innovate,” says Allan Juma, Lead Cyber Security Engineer at ESET.
Beyond Cost: Why Multicloud Is a Strategic Imperative
Allan Juma, Lead Cyber Security Engineer, ESET
In many C-suites, cloud and multicloud initiatives are still viewed narrowly as cost centres—line items to be delayed, trimmed or negotiated. This approach is increasingly risky.
Across high-growth and systemically important sectors such as banking and fintech, education, healthcare, retail and telecommunications, multicloud adoption is proving to be a strategic asset. When designed correctly, it supports regulatory compliance, strengthens operational resilience, accelerates innovation and improves customer experience.
The real question, experts argue, is no longer whether organisations can afford multicloud—but whether they can afford to ignore it.
Multicloud as a Compliance Enabler
South Africa’s Protection of Personal Information Act (POPIA) creates a powerful incentive for multicloud architectures. Regulations are explicit: certain categories of personally identifiable information must be stored and processed within South Africa. This is a legal obligation, not a guideline.
Multicloud allows organisations to strike the right balance:
- Sensitive and regulated data can be securely hosted in South Africa-based cloud or private cloud environments configured for compliance.
- Less sensitive workloads—such as analytics, testing environments and anonymised datasets—can leverage global hyperscalers to access advanced tools and scalable innovation.
This hybrid approach enables compliance without sacrificing performance or innovation.
It’s Not Private Cloud vs Public Cloud—It’s Both
A common executive question is whether a robust private cloud alone is sufficient. South Africa has the skills and infrastructure to build private clouds that rival global standards, and when well-architected, they offer deep control over the entire security stack.
However, for sectors where downtime represents an existential risk, a single-cloud model is insufficient. Multicloud architectures provide:
- Built-in failover and redundancy
- Improved service continuity during outages
- Lower latency for pan-African and global customers
The strategic decision is not AWS versus Azure versus private cloud, but which combination delivers the optimal balance of compliance, resilience, performance and cost control.
Cloud as a Catalyst for Speed and Innovation
One of cloud computing’s greatest advantages is its impact on time to market. Traditional infrastructure required weeks or months to procure, deploy and configure hardware—often dictating product timelines.
Multicloud environments eliminate these bottlenecks. Organisations gain the ability to:
- Test and deploy new services rapidly
- Scale on demand across multiple platforms
- Optimise workloads without dependency on a single provider
In competitive markets, this agility becomes a decisive advantage.
Cybercrime Is Real—But Fear Is Not a Strategy
Ransomware and cybercrime remain persistent threats, but decision-making driven by fear leads to either paralysis or rushed implementations—both of which increase risk.
A more effective approach focuses on prevention-first, intelligence-driven security, supported by:
- Endpoint-based ransomware remediation
- Continuous monitoring
- Secure, regularly tested backup and recovery processes
When organisations can restore clean data quickly, cybercriminals lose leverage, and business continuity is preserved without funding criminal networks.
Security Must Be Built In, Not Bolted On
Expanding cloud environments without integrated security is equivalent to building on unstable ground. In a cloud-first world, security must be embedded from day one.
Best practices include:
- Involving security and compliance teams early in architecture and product discussions
- Investing in centralised, cloud-based security operations rather than fragmented tools
- Treating configuration, monitoring and incident response as continuous disciplines
The same cloud and AI technologies that accelerate growth can also amplify mistakes if governance is weak.
Multicloud as a Foundation for Resilient Growth
Organisations that frame multicloud purely as an IT refresh risk missing its true value. Those that embrace it as a tool to ensure compliance, maintain uptime and enable continuous innovation—while embedding security from the outset—will be best positioned to withstand economic shocks and remain competitive.
Security should not exist to scare organisations into buying tools. It should exist to preserve their ability to operate, adapt and innovate—even when incidents occur.
