The Security Myth Keeping African Enterprises From Owning Their Internet Identity

For many African enterprises, the fear of being visible on the internet has become a barrier to becoming properly routed on the internet.

Banks, universities, government agencies, hospitals, fintech platforms and large enterprises increasingly depend on digital infrastructure to serve customers, move data, process payments, host applications and maintain operations. Yet many of these organisations still do not have their own Autonomous System Numbers, or ASNs. They are online, but they remain hidden behind internet service providers and upstream networks.

One reason is technical capacity. Another is awareness. But at the West Africa Peering Forum, Behu Abba Brice, Stakeholder Development Manager at AFRINIC, pointed to a more subtle barrier: the belief that public internet resources create security exposure.

According to Brice, some large companies, banks and industries in Africa still believe that using public addresses makes them more vulnerable to hacking. As a result, they prefer to remain behind upstream operator addresses because they believe they are “hidden” and therefore safer. He described this as part of the “myth of public addresses,” and said it contributes to Africa’s low number of visible networks on the internet.

That misconception is a disservice to the continent’s digital transformation progress. ASNs are not decorative technical assets. They are the identity numbers that allow networks to be recognised, reached and routed across the internet. During the WAPF session, Temitope Osunrinde, Director, Africa Hyperscalers framed ASNs as online identity numbers for networks, explaining that they allow networks to be identified, reached and routed. Yet ASN adoption across Africa remains concentrated among ISPs and infrastructure companies, while enterprises, banks, universities, government systems and other traffic-generating platforms still depend heavily on upstream providers for routing, visibility and redundancy.

The result is a continent where many institutions are digitally active but not independently visible in the internet routing system.

Africa’s routing gap is already stark. The continent has roughly 2,800 ASNs, representing about 2.2% of globally assigned ASNs. West Africa’s share is even smaller, at around 0.5% of global ASNs, despite a population that exceeds 400 million and growing digital demand.

This gap is not only caused by security fears. Brice also identified other barriers: the dominance of large operators in many African markets, the tendency of companies to obtain internet access only through ISPs, limited technical capacity to manage routing tables and filtering, and weak awareness of the Regional Internet Registry system. Some organisations that need IPv4, IPv6 or ASNs do not know they can approach AFRINIC directly for number resources.

But the security misconception is particularly damaging because it turns visibility into a threat.

For many enterprise IT teams, the instinct is understandable. Public exposure appears risky. Cyberattacks are rising. Regulators are asking harder questions. Boards are worried about data breaches. In that environment, hiding behind private addressing or NAT can feel like a safer position.

But hiding is not the same as being secure.

A network can be hidden behind another provider and still be poorly defended. It can use private addressing and still suffer from weak access control, poor segmentation, insecure applications, bad monitoring, misconfigured firewalls, weak incident response and poor governance. Conversely, a network with public resources and an ASN can be professionally secured if it has the right architecture, policies and operational discipline.

The real question is not whether an enterprise is visible. The real question is whether it is visible in a controlled, governed and resilient way.

This is where the security conversation needs to change. Public IP resources and ASNs do not remove the need for cybersecurity. They raise the standard of network management. They force an organisation to think properly about routing policy, filtering, monitoring, DDoS protection, segmentation, peering, redundancy, incident response and operational accountability.

Olawale Owoeye, Chief Executive Officer, Cedarview Communications in Nigeria made a related point during the panel. He said ASN adoption has often been framed as a technical issue, and that myths such as “if I have a private IP address, I am more secure” remain common in the marketplace. He argued that forums like WAPF are important because they put the right knowledge in front of the right stakeholders.

This knowledge gap has real economic consequences. Owoeye said that among Nigerian universities, only a small number had ASNs and IP resources, despite universities being expected to lead technical knowledge. He argued that poor routing makes internet access more expensive for everyone because traffic that could be exchanged locally may be carried to another hub before returning. Better routing would make institutions more visible to Internet Exchange Points and local cache providers, reducing transport costs and improving performance.

The same applies to banks and enterprises. A bank that stays hidden behind upstream providers may still meet a basic connectivity requirement, but it may lose routing control, weaken redundancy and increase dependence on others. If it has multiple operators but no independent routing identity, it may need to reconfigure infrastructure whenever it adds or changes providers. It may also struggle to optimise traffic between branches, data centers, cloud platforms and customer-facing applications.

Carl Aniambossou, Chief Executive Officer, Sud Telecoms, explained that banks and universities are large consumers of connectivity and often have content or applications that users need to reach. He noted that banks are increasingly online and may be required by regulation to use more than one operator. Without their own address block and ASN, they can lose the economies of scale that come from speaking directly to multiple operators across regions and managing traffic more efficiently.

This is why ASN adoption should not be seen as a cybersecurity risk. For the right enterprise, it is part of resilience planning.

A serious digital enterprise should not depend entirely on one upstream provider to determine how it is reached. It should not be invisible to local peering ecosystems. It should not assume that private addressing is a substitute for proper security architecture. It should not allow fear of exposure to prevent it from building a more resilient network.

The irony is that the fear of public resources can create other forms of risk.

It can increase dependence on a small number of providers. It can make outages harder to manage. It can limit multi-homing. It can reduce visibility to CDNs and cloud platforms. It can keep local traffic from staying local. It can make a market look smaller than it really is. It can weaken the business case for local caches, cloud nodes and edge infrastructure.

Aniambossou made this investment signal point clearly. He said that when major content providers or CDNs evaluate a market, they look at the number of active networks, and in practice, that means looking at ASNs. For those providers, ASNs and address blocks help define who is visible in the market. Countries with very few ASNs can therefore appear less mature or less attractive than they actually are.

This makes the enterprise security myth a broader infrastructure problem. When banks, universities, public platforms and enterprises remain hidden, they are not only reducing their own routing control. They are weakening Africa’s visibility to the global internet economy.

The solution is not to tell every enterprise to get an ASN immediately. Not every organisation needs one. A small business using basic broadband may not require independent routing resources. But major traffic-generating institutions should at least evaluate the case.

The relevant candidates include banks, payment processors, large fintechs, universities, research networks, public digital platforms, hospitals, data centers, cloud service providers, large campuses, major retailers, telecom-adjacent platforms and enterprises connected to multiple network providers.

The test should be direct. Does the organisation host critical services? Does it connect to more than one provider? Does it need resilience during outages? Does it generate significant traffic? Does it want more control over routing? Does it want to peer locally? Does it want cloud and CDN providers to see its demand clearly? Does it need to prepare for IPv6? If the answer is yes, then ASN and IP resource planning belongs on the enterprise infrastructure agenda.

The policy and ecosystem response should also be direct.

The industry must separate visibility from vulnerability. Being publicly routed does not mean being careless. It means being accountable.

Enterprises need practical training on ASNs, IPv4, IPv6, BGP, routing policy, filtering, peering and security architecture. Bryce’s closing recommendation was that more African companies should become AFRINIC members, obtain their own resources and manage their routing policies autonomously, while the ecosystem invests in training to break myths and correct misunderstandings.

Regulators, IXPs, operators and industry associations must bring enterprise leaders into the conversation. ASN and IPv6 adoption cannot remain a discussion among network engineers alone. It affects cost, resilience, cloud readiness, data sovereignty, cybersecurity, digital public infrastructure and enterprise continuity.

Lastly, the message to boards should be practical: an ASN is not a badge of exposure. It is a tool for control.

Africa’s digital transformation cannot be built on invisible institutions. Enterprises that run critical services need to be seen by the internet, but they also need to be seen safely. That requires stronger architecture, not permanent dependence on upstream providers.

The next phase of enterprise internet maturity in Africa will not be defined only by who has connectivity. It will be defined by who has control, who has resilience, who can peer locally, who can route intelligently and who can participate visibly in the internet economy.

For too long, many enterprises have treated public internet visibility as something to fear. The better question is whether they are ready to manage that visibility professionally.

Because in the modern internet, hiding behind someone else’s network is not security. It is dependent.

You Might Also Like

Airtel Africa appoints Dinesh Balsingh as CEO Airtel Nigeria following Carl Cruz’s move to Globe Telecoms

Nigeria launches Broadband Alliance, targets 70% internet penetration by 2026.

Three UK addresses broadband gaps with the first OpenRAN base station on CCTV poles, others

Africa Data Center News, Cloud & Connectivity Insights