DUBAI — Organizations in the United Arab Emirates (UAE) and Saudi Arabia are increasingly relying on cloud computing to enhance their operations, improve efficiency, and reduce costs. However, the rapid adoption of cloud technologies has introduced new security challenges. Inadequate cloud security practices are leaving organizations in these regions vulnerable to data breaches and other cyberattacks.
New research by Illumio found that 54 percent of breaches in the UAE and Saudi Arabia now originate in the cloud, costing organizations an average of $2.3 million USD annually. This is particularly concerning given that:
- Over three-quarters (76 percent) of respondents are running high-value applications in the cloud.
- All respondents admit to storing sensitive data in the cloud.
- 98 percent say a cloud breach would impact their operations, with nearly half (46 percent) admitting a breach would make maintaining normal operations impossible.
- 70 percent of respondents believe their company’s cloud security is inadequate and represents a major risk, higher than the global average of 63 percent.
This research was conducted independently by Vanson Bourne among 1,600 IT decision-makers responsible for security across nine countries, including 100 from the UAE and Saudi Arabia.
At A Glance Increasing Reliance on Cloud Computing: UAE and Saudi Arabian organizations are increasingly using cloud computing for operational efficiency but face new security challenges. High Incidence of Cloud Breaches: Illumio's research shows 54% of breaches in the UAE and Saudi Arabia originate in the cloud, costing an average of $2.3 million USD annually. Vulnerabilities in Cloud Security: A significant number of respondents (76%) run high-value applications in the cloud, yet 70% believe their cloud security is inadequate. Impact of Cloud Breaches on Operations: 98% of respondents say a cloud breach would impact operations, with 46% stating it could halt normal operations. Need for Better Risk Visibility and Response: 97% of organizations need improved visibility and faster response to cloud security risks. Concerns Over Cloud Connectivity: 98% worry about increased breach likelihood due to cloud connectivity with on-premises environments. Service Downtime as a Major Risk: Service downtime is considered the biggest cloud attack risk in the UAE, higher than the global average. Adoption of Zero Trust Segmentation (ZTS): While 89% believe ZTS can improve security, only 33% have implemented it across environments. Common Cloud Security Misconfigurations: Issues include default passwords, lack of strong authentication, excessive permissions, and unencrypted data. Steps to Enhance Cloud Security: Recommendations include developing a comprehensive security strategy, implementing strong access controls, encrypting data, monitoring cloud activity, and training employees.
Fears about inadequate security practices are likely due to an inability to see and respond to risks in the cloud; 97 percent report needing better visibility of connectivity with third-party software.
This lack of visibility hampers organizations” ability to respond to attacks, with 97 percent acknowledging the need to improve their reaction time to cloud breaches. Additionally, 98 percent are concerned that connectivity between their cloud services and on-premises environments increases the likelihood of a breach.
Respondents are also worried about the consequences of attacks via the cloud. Service downtime is deemed the biggest risk in the UAE (38 percent, significantly higher than the global average of 29 percent), underscoring the critical importance of the cloud for business. This concern is followed by a loss of productivity (35 percent) and lawsuits (33 percent, much higher than the global average of 21 percent). Consequently, it’s no surprise that improving cloud security is a high priority for 89 percent of respondents in the coming year.
With the attack surface expanding and growing more complex, it’s critical that organizations have real-time visibility over their applications and workloads, as well as the ability to rapidly contain threats in the cloud.
Ashraf Daqqa, Regional Director for META at Illumio
Zero Trust Segmentation (ZTS) is believed to be a key solution, with 89 percent believing it has the potential to significantly improve their cloud security. Yet, only 33 percent use ZTS across both on-premises and cloud environments, considerably lower than the global average of 48 percent. “We’re seeing rapid adoption of the cloud in the UAE and Saudi Arabia, but as cloud adoption increases, so do the risks,” said Ashraf Daqqa, Regional Director for META at Illumio.
“With the attack surface expanding and growing more complex, it’s critical that organizations have real-time visibility over their applications and workloads, as well as the ability to rapidly contain threats in the cloud. By introducing ZTS as part of a proactive Zero Trust security strategy, organizations can significantly enhance their cyber resilience and reduce the cost and impact of cloud breaches,” Daqqa added.
Common cloud security misconfigurations
Several common cloud security misconfigurations are leaving organizations in the UAE and Saudi Arabia vulnerable to data breaches. These include:
Retaining default passwords and access controls: Attackers often target cloud environments using default passwords, which are easy to compromise.
Not enabling strong authentication: Implementing multi-factor authentication (MFA) for all cloud accounts is crucial to add an extra security layer.
Granting excessive permissions: Limit user access to only the necessary data and resources for their job functions.
Not encrypting data at rest and in transit: Encryption is vital for protecting sensitive data stored in the cloud.
In addition to misconfigurations, a lack of cloud security awareness and expertise within organizations is also a contributing factor. Many organizations lack the skills and resources to effectively manage their cloud security posture. This can result in inadequate security controls and delayed detection and response to security incidents.
Steps to enhance cloud security in the UAE and Saudi Arabia
Organizations in the UAE and Saudi Arabia can take several steps to enhance their cloud security posture and protect against data breaches. These include:
Developing a comprehensive cloud security strategy: Organizations should develop a cloud security strategy that aligns with their overall cybersecurity strategy. This strategy should identify cloud security risks, define security controls, and outline incident response procedures.
Implementing strong access controls: To prevent unauthorized access to cloud resources, organizations should use strong passwords, enable multi-factor authentication (MFA), and limit user access to only the necessary data and resources.
Encrypting sensitive data: It’s important to encrypt sensitive data both at rest and in transit to protect against unauthorized access.
Monitoring and auditing cloud activity: Regular monitoring of cloud activity for suspicious behavior and auditing of cloud environments are essential to identify and remediate security misconfigurations.
Training employees on cloud security: Educating employees on cloud security best practices can significantly reduce the risk of human error.
These steps are crucial for organizations in the UAE and Saudi Arabia to safeguard their cloud environments and ensure robust protection against emerging cyber threats.