Return to Webmag Home
Technology
05 minutes

Why resilience, not cost, should shape your digital strategy

Cloud strategy is shifting from cost optimisation to resilience and risk management. Multi-cloud architectures are enabling insurers to enhance uptime, meet regulatory requirements and strengthen cybersecurity, making digital resilience a critical priority for long-term sustainability.
Written by
Tony van Niekerk
Published on
April 23, 2026
Copy link

Every so often, a conversation cuts through the technical noise and reframes a topic in a way that makes it immediately relevant to business. My recent discussion with Allan Juma, Lead Cybersecurity Engineer at ESET, did exactly that.

We set out to talk about multi-cloud architecture and cybersecurity, topics that, for many executives, still sit firmly in the realm of IT. But what emerged was something far more strategic: A view of cloud not as infrastructure, but as a foundation for resilience, compliance, and long-term sustainability.  

At its simplest, the cloud is often described as “someone else’s server.” It is infrastructure accessed via the internet rather than housed on your own premises. But that simplicity hides a growing complexity. Organisations today are no longer choosing between on-premise and cloud: They are navigating a spectrum, public cloud, private cloud, hybrid models, and increasingly, multi-cloud environments.

“Multi-cloud is about choice and distribution. Rather than relying on a single provider, organisations spread their workloads across multiple platforms, AWS, Azure, Google Cloud, and others. On the surface, this looks like a technical decision. In reality, it is a strategic one. Because the real value of multi-cloud lies in risk management” states Juma.  

Too often, cloud adoption is framed as a cost discussion. How do we reduce infrastructure spend? How do we scale more efficiently? These are valid questions, but they miss the bigger picture. The cloud is not just a cost centre; it is a resilience mechanism.

Consider the impact of a major outage at a single cloud provider. If all your systems are tied to that provider, your business effectively goes offline. Revenue stops. Clients cannot transact. Reputational damage follows. But in a multi-cloud environment, that risk is distributed. If one provider fails, another can carry the load – often without the client even noticing.

This is redundancy in its most practical form. And in an environment where downtime translates directly into financial and reputational loss, it is invaluable. The same logic applies to compliance. In markets like South Africa, regulations such as POPIA require that certain types of data, particularly personal identifiable information, be stored within the country. Multi-cloud architectures allow organisations to meet these requirements while still leveraging global infrastructure for less sensitive workloads.  

In other words, the cloud becomes not just a storage solution, but a compliance enabler. But with these benefits comes a familiar concern: Security. There is a persistent perception that moving to the cloud means losing control. That data is somehow more exposed, more vulnerable. Juma challenges this thinking directly. The reality is more nuanced.

Cloud environments operate on what is known as a shared responsibility model. The provider is responsible for securing the underlying infrastructure, the physical servers, the data centres, and the uptime. The client, however, remains responsible for how that environment is configured and accessed.  

This is where many organisations fall short. They assume that security is “handled” by the provider, when in fact it is a collaborative effort. The analogy Juma uses is a simple but effective one: Driving a car. The road offers speed, flexibility, and control. But it also introduces risk. The solution is not to avoid driving, but to manage that risk through insurance, responsible behaviour, and proper safeguards.

Cloud is no longer about reducing costs, it is about building resilience that keeps your business running when it matters most.

Tony van Niekerk
Editor, COVER

In a cloud context, those safeguards include strong identity and access management, encryption, multi-factor authentication, and endpoint protection. But perhaps most importantly, they include backup. Because no matter how sophisticated your security measures are, the possibility of failure remains.

The example of the Colonial Pipeline ransomware attack in the United States illustrates this starkly. Faced with an operational shutdown, the company paid a ransom for a decryption key, only to find it ineffective. What ultimately enabled recovery was not the ransom but their backup systems.  

It is a powerful reminder: Resilience is not about preventing every incident. It is about ensuring you can recover when incidents occur. And recovery depends on preparation. Too often, backup is treated as a checkbox, something that exists but is rarely tested. Yet an untested backup is little more than a false sense of security. Organisations need to validate not only that backups are being created, but that they can be restored quickly and effectively when needed.

This brings us to perhaps the most important takeaway from our conversation: The importance of foundation. Technology implementations often fail not because of poor tools, but because of poor sequencing. Security is added as an afterthought. Systems are layered on top of weak architectures. Complexity grows faster than control.

Juma’s advice is clear: “Security must be ‘baked in’ from the start. It must form part of the design, not the decoration. That means involving security expertise early, adopting secure-by-design principles, and continuously monitoring and adapting as systems evolve. It also means recognising that cloud strategy is not an IT project. It is a business decision”.

For insurers, banks, and other data-intensive industries, this is particularly relevant. These are sectors where trust is paramount, where downtime is costly, and where regulatory scrutiny is high. In such environments, the ability to maintain service continuity, protect data, and respond quickly to disruption is not optional; it is fundamental.

And this is where the conversation comes full circle. Multi-cloud is not about chasing the latest technology trend. It is about building a business that can withstand shocks, adapt to change, and continue to serve its clients, no matter what happens behind the scenes. Because, in the end, clients do not care where your data sits or how your systems are configured. They care that when they log in, transact, or submit a claim, everything works.

And that is the real promise of a well-executed cloud strategy: Invisible resilience, quietly enabling the business to deliver on its commitments, every single day.

20 Years of Covering the Gaps That Matter

At X’S Sure, we believe insurance should feel lighter. That’s why, for two decades, we’ve been specialising in Value-Added Products (VAPS) that remove the unexpected excess burden — on vehicles, buildings, and contents. Our solutions are designed to give clients peace of mind when life happens. With our trusted broker network and direct client division, we’ve built a reputation for being innovative, reliable, and always one step ahead.

XS Sure (Pty) Ltd is an authorised financial service provider, FSP number 21101.

Get a quote now

Dashboard mockup