Navigating cloud adoption in South Africa’s regulatory environment

Navigating cloud adoption in South Africa’s regulatory environment

Kevin Wilson, group IT GM at Stefanutti Stocks, Thato Sopeng, VP of digital innovation at Sasol, Nkosenhle Ngongoma, IT director at City Lodge Hotels, and Sihle Mthiyane, CIO of NTP Radioisotopes, discussed cloud adoption in the context of South Africa’s regulatory environment.

As South Africa navigates the complex regulatory landscape towards cloud adoption, industry experts highlight both challenges and opportunities. This was expressed during a panel discussion on ‘cloud adoption in South Africa’s regulatory environment’ last week at the ITWeb Cloud and Data Centre Summit held in Johannesburg. 

The panel was moderated by Kevin Wilson, GM Group IT, Stefanutti Stocks Construction, and included Thato Sopeng, VP of digital innovation enablement at Sasol, Nkosenhle Ngongoma, IT director of City Lodge Hotels, and Sihle Mthiyane, CIO of NTP Radioisotopes.

The panellists emphasised the need to rethink regulation, transforming it from a compliance burden to an opportunity for growth.

The cloud computing market in South Africa is expected to grow at a compound annual  rate of over 26% between 2023 and 2028, reaching R113 billion.

Regulation is like an injection, it’s not nice but it protects us.

Sihle Mthiyane, CIO of NTP Radioisotopes.

Sopeng said compliance with both local and international regulatory laws is non-negotiable, but it should not stifle innovation.

“We (Sasol) have a top list of regulations that we know are non-negotiable, like the GDPR. In South Africa there is also a lot of legislation that we have to adhere to, like the Cybercrimes Act. […] When we implement something in the cloud, we have a checklist that looks at the different legislations as well.”

Mthiyane noted that organisations should view regulation as protection, rather than a barrier to cloud adoption. “Regulations are there to protect us, not limit innovation. Regulation is like an injection, it’s not nice but it protects us.”

Ngongoma stressed the importance of a cloud strategy before migration. “You need to have a cloud strategy before you move to the cloud, not when you are in the cloud. Just like you have a disaster recovery (DR) for your environment because you know that something might happen, the same should happen before you move to the cloud,” he said.

Government’s role in cloud regulation

Wilson asked about the government’s role in regulation. Mthiyane noted that while progress has been made, more effort is needed in infrastructure development and capacity building. “Obviously, a lot has been done and we are not where we were 10 years ago, but I believe that there is still more to be done.”Reskilling and education were highlighted as critical. 

Mthiyane said a common mistake is to assume that everyone knows what cloud is all about and what its benefits are. ““We need to be intentional about building the required skills. Academic institutions must be challenged to provide the skillsets required for the digital economy.”

Sopeng suggested more education around cloud capabilities, emphasising the importance of understanding AI ethics.

South Africa’s national cloud and data policy was published at the end of May to create a secure and compliant data environment while fostering growth in cloud services.

Panellists identified areas for regulatory improvement. Ngongoma cautioned that regulation often lags behind technological advancements. “Regulation in technology and innovation seems impossible because the landscape is moving too quickly. A regulation has never come before technology,” he said.

Mthiyane advocated for consistent and informed regulation.

“I’d like to see consistent regulation. Despite POPIA, I still receive unwanted calls from people I didn’t share my contact information with. Current regulations require sensitive South African data to be stored locally. However, we rarely question cloud providers about their DR locations. They might have servers here, but DR sites abroad, like England. In a DR scenario, data would be accessed from outside South Africa, contradicting local regulations. This highlights inconsistencies in our regulatory framework.”

Originally Appeared Here