A company can no longer shy away from the responsibility that comes with the security of customer data. Laws such as the recently passed Protection of Personal Information (PoPI) act won't let them get away it, which means an organisation's service level agreements (SLAs) need to be water-tight. And many will be surprised to realise this doesn't just apply to cloud services.

"IT security remains the responsibility of the board and is delegated to the CIO/CISO, whether the IT services that you consume are in the cloud or not," says Pink Elephant's operations manager Andre van der Merwe.