A new report on The Future of Cloud Security in the Middle East highlights the importance of sovereign cloud, hybrid cloud, and talent as key challenges and trends facing organisations in the region.
The survey of cloud and cyber security professionals and decision-makers in the region, was commissioned by Cyber magazine, Technology magazine, and Business Chief.
The results of the survey were then analysed and discussed at roundtable events in Dubai and Abu Dhabi in the United Arab Emirates, sponsored by Huawei, with expert speakers and an invited, select audience of leading cloud security professionals.
Key findings of the cloud security survey
The key findings of the research report are:
- Sovereign cloud is trending due to rapid deglobalisation and new barriers of entry as a result of geopolitical tensions. These have motivated the need to be self-sufficient and for data to be kept within geographical boundaries of nation states. It provides local industry support and safeguards the growth and development of fledgling local (cloud) companies in order to nurture more tech unicorns and evolve the region into a global digital hub. Sovereign cloud benefits development to deliver long-term self-sufficiency of the local ICT ecosystem and applications in search of a new killer mega app.
- Hybrid cloud is featured prominently, driven by rapid digital transformation needs. Increased maturity in cloud usage allows flexibility of choice of on-premise, off-premise, public or private cloud options based on the data, its classification and usage patterns – thereby reducing costs, minimising risk and better assimilation to support the demands of digital transformation.
- Cybersecurity is the key concern when choosing a cloud provider. From another perspective, organisations on the cloud are experiencing regular and accelerated cyber attacks as we pivot towards the case that cyberspace is cloud computing and cybersecurity is cloud security, paving the way for a new era of the Metaverse.
- Cloud computing adoption driven by a cloud-first strategy is gaining traction fast in the Middle East, with the United Arab Emirates and Saudi Arabia leading the way. These nations are also the most matured entities when it comes to leveraging the cloud to meet digital transformation demands.
- The study discovered a direct relationship between cloud adoption rate and the availability of cloud security professionals, where organisations are finding it hard to find talent to fill their open positions. This indicates that capacity building in the area of cloud security is extremely challenging today and should be tackled by creating local pipelines of talent to arrest this in the long run.
The Rise of the CISO
Traditionally, the Chief Information Security Officer (CISO) has always been seen as a back-office role or one filled only when there was an audit issue or a need to find IT support. They were seen and not heard, and rarely featured within the executive management team, let alone as a permanent agenda item in the boardroom.
As the cloud and cyber threat landscape becomes even more disruptive, cloud security professionals are clearly being listened to, and heard.
Two-thirds of those surveyed say they have an increased voice in the boardroom, almost three-quarters say cloud security is taken seriously enough, and a similar number say they are included in strategic decision-making at their organisation.
This is welcome news for security professionals and suggests a change in perception for a role that was seen as functional rather than strategic – and integral to the sustainability and success of the organisation.
“We need to usher in the new Golden Age of the CISO,” commented Dr Aloysius Cheang, Chief Security Officer Huawei Middle East and Central Asia, who took part in both roundtables.
“In order that we appear among the other members of the board, you really have to talk business, and security as a business enabler. The only way out of troubled waters is with the CISO as the captain of the ship.”
Talent is clearly a key challenge in cloud security, with an estimated 4.5 million vacant cyber security roles globally. This survey says 83% of organisations struggle to fill positions with skilled, qualified security professionals.
“I see attracting and retaining good talent, when it comes to managing security and looking after security for an enterprise, as being very difficult,” said roundtable speaker Dragan Pendić, Director - Cloud Security, G42.
Security is a top priority when choosing a cloud provider
More than two-thirds of cloud professionals believe that government regulation has improved the quality of cloud provision, but the fact that a third say it has not means there is clearly more work to be done as the challenges increase.
Governments – especially in the UAE and Saudi Arabia – have enforced regulation on cloud and continue to add layers of protection for their citizens and their sovereign data.
Reassuringly, security is the number-one factor when it comes to choosing a cloud provider. According to the survey, 43% say it is the most important consideration, ahead of cost on 19%.
“This leads me to believe that this region is very security focused,” said Shivani Jariwala, Director – Cloud Services, CPX and President Cloud Security Alliance UAE Chapter. “They have a maturity and acceptance towards security. When it comes to security versus cost – in this region – security comes first.”
For the purposes of this research report, we surveyed cyber security and cloud security business leaders and experts from the following countries:
- United Arab Emirates
- Saudi Arabia