Cloud

Mitigating risk and compliance

GRC leads in ICT strategy as companies look to protect operations.

01 April 2025

Lee Syse, Director of Product & GTM of Routed.

Governance, risk and compliance (GRC) is a top priority for business leaders. However, operating in a digital economy means organisations will be impacted by multiple elements; they must adapt quickly or face falling behind or even closure.

This is the warning from Routed, a specialist VMware cloud builder and operator focused on enterprise private cloud, business continuity and data resilience.

The business serves as a cloud provider and places a premium on compliance with GRC to clear the path towards cloud enablement.

It’s all about mitigating risk and ensuring compliance, says Lee Syse, Director of Product and GTM at Routed. The common gaps identified in a risk assessment include when a company runs its own datacentre facilities, or runs aged infrastructure, while also trying to evaluate and use business continuity solutions and data recovery.

Routed is perfectly poised to assist and guide businesses as they dabble in the cloud and ‘experiment’, but insists on having a guardrail in place –compliance with GRC.

“There are many elements to consider when doing a risk or governance assessment, one of which is the impact of governance frameworks like the International Organisation for Standardisation (ISO). It’s important to bear in mind the risk factor in running on-prem datacentres and ageing infrastructure,” says Syse.

From a risk point of view, Routed’s core business is to help plug specific areas with the specialised service use cases. Syse says in terms of risk analysis, there are four areas to address.

1. Organisations running their own datacentre facilities. Routed offers a solution that addresses many of the challenges of running your own infrastructure and facilities, including cost, skills availability, resource management and maintenance.

2. Aged hardware. Decision-makers are often left to digitally transform, but are stuck with old or outdated technology. Routed manages capital to constantly refresh equipment, leaving customers assured that they are always up-to-date.

3. Secondary site for disaster recovery and/or business continuity. This secondary site is required as part of a disaster recovery strategy, to offer a credible alternative during a disaster situation. Routed offers Disaster- Recovery-as-a-Service; the company charges 10%-20% of compute as a reservation during replication.

4. Offsite or cloud data backup. Routed offers cloud backup repositories that are protected if the client’s on-prem infrastructure is affected by ransomware.

Syse says Routed is experienced in risk management, which gives the company an edge in the market. He believes companies that run their own facilities that house IT infrastructure for immediate rollout of business apps are exposing themselves to risk.

Syse says the market has moved on from the days of organisations being lauded because they had their own infrastructure. Today, the market is focused on streamlining, ownership and control of what belongs to the company, and shared responsibility between service providers and businesses.

“Banks have sold off their datacentres; telecommunications providers are outsourcing infrastructure specialists to help manage risk and governance,” he says. “Smaller organisations that choose to run their own facilities face a significant risk of exposure.”

Routed has built its platform with an emphasis on sovereignty. “While addressing the above risks, you can also have the comfort that your data is on a South African-owned, run and built cloud platform,” Syse says.

Who takes on the responsibility of managing response to threats, and compliance with regulation?

Syse says it’s imperative that there must be uniformity across the entire C-suite; everyone must be on the same page regarding GRC strategy and execution.

“We specialise in helping businesses address any gaps in their ICT infrastructure and facilities, and guide them so they can drive their own strategies with the right infrastructure at the right time. We know from experience that decisionmakers continue to use outdated legacy systems, often because they do not have the budget or don’t have a viable infrastructure growth strategy; that is exactly where we come in,” Syse concludes.