Cloud security challenges haunt firms in UAE and KSA

6 min read
Haboob, a leading cybersecurity service provider in Saudi Arabia, recently partnered with Google Cloud to deliver Chronicle CyberShield to the Kingdom. (SPA File)
  • Rapid cloud adoption in the two GCC countries is accompanied by increased security risks, leading to costly data breaches, reveals a latest study by Illumio.
  • Organizations have been advised to adopt robust security measures, including Zero Trust Segmentation, to protect against emerging cyber threats.

DUBAI — Organizations in the United Arab Emirates (UAE) and Saudi Arabia are increasingly relying on cloud computing to enhance their operations, improve efficiency, and reduce costs. However, the rapid adoption of cloud technologies has introduced new security challenges. Inadequate cloud security practices are leaving organizations in these regions vulnerable to data breaches and other cyberattacks.

New research by Illumio found that 54 percent of breaches in the UAE and Saudi Arabia now originate in the cloud, costing organizations an average of $2.3 million USD annually. This is particularly concerning given that:

  • Over three-quarters (76 percent) of respondents are running high-value applications in the cloud.
  • All respondents admit to storing sensitive data in the cloud.
  • 98 percent say a cloud breach would impact their operations, with nearly half (46 percent) admitting a breach would make maintaining normal operations impossible.
  • 70 percent of respondents believe their company’s cloud security is inadequate and represents a major risk, higher than the global average of 63 percent.

This research was conducted independently by Vanson Bourne among 1,600 IT decision-makers responsible for security across nine countries, including 100 from the UAE and Saudi Arabia.

Fears about inadequate security practices are likely due to an inability to see and respond to risks in the cloud; 97 percent report needing better visibility of connectivity with third-party software.

This lack of visibility hampers organizations” ability to respond to attacks, with 97 percent acknowledging the need to improve their reaction time to cloud breaches. Additionally, 98 percent are concerned that connectivity between their cloud services and on-premises environments increases the likelihood of a breach.

Respondents are also worried about the consequences of attacks via the cloud. Service downtime is deemed the biggest risk in the UAE (38 percent, significantly higher than the global average of 29 percent), underscoring the critical importance of the cloud for business. This concern is followed by a loss of productivity (35 percent) and lawsuits (33 percent, much higher than the global average of 21 percent). Consequently, it’s no surprise that improving cloud security is a high priority for 89 percent of respondents in the coming year.

With the attack surface expanding and growing more complex, it’s critical that organizations have real-time visibility over their applications and workloads, as well as the ability to rapidly contain threats in the cloud.

Ashraf Daqqa, Regional Director for META at Illumio

Zero Trust Segmentation (ZTS) is believed to be a key solution, with 89 percent believing it has the potential to significantly improve their cloud security. Yet, only 33 percent use ZTS across both on-premises and cloud environments, considerably lower than the global average of 48 percent. “We’re seeing rapid adoption of the cloud in the UAE and Saudi Arabia, but as cloud adoption increases, so do the risks,” said Ashraf Daqqa, Regional Director for META at Illumio.

“With the attack surface expanding and growing more complex, it’s critical that organizations have real-time visibility over their applications and workloads, as well as the ability to rapidly contain threats in the cloud. By introducing ZTS as part of a proactive Zero Trust security strategy, organizations can significantly enhance their cyber resilience and reduce the cost and impact of cloud breaches,” Daqqa added.

Common cloud security misconfigurations

Several common cloud security misconfigurations are leaving organizations in the UAE and Saudi Arabia vulnerable to data breaches. These include:

Retaining default passwords and access controls: Attackers often target cloud environments using default passwords, which are easy to compromise.

Not enabling strong authentication: Implementing multi-factor authentication (MFA) for all cloud accounts is crucial to add an extra security layer.

Granting excessive permissions: Limit user access to only the necessary data and resources for their job functions.

Not encrypting data at rest and in transit: Encryption is vital for protecting sensitive data stored in the cloud.

In addition to misconfigurations, a lack of cloud security awareness and expertise within organizations is also a contributing factor. Many organizations lack the skills and resources to effectively manage their cloud security posture. This can result in inadequate security controls and delayed detection and response to security incidents.

Saudi Minister of Communications and Information Technology Eng. Abdullah Al-Swaha at the inauguration of Google Cloud’s new cloud region in Dammam in November. (SPA File)

Steps to enhance cloud security in the UAE and Saudi Arabia

Organizations in the UAE and Saudi Arabia can take several steps to enhance their cloud security posture and protect against data breaches. These include:

Developing a comprehensive cloud security strategy: Organizations should develop a cloud security strategy that aligns with their overall cybersecurity strategy. This strategy should identify cloud security risks, define security controls, and outline incident response procedures.

Implementing strong access controls: To prevent unauthorized access to cloud resources, organizations should use strong passwords, enable multi-factor authentication (MFA), and limit user access to only the necessary data and resources.

Encrypting sensitive data: It’s important to encrypt sensitive data both at rest and in transit to protect against unauthorized access.

Monitoring and auditing cloud activity: Regular monitoring of cloud activity for suspicious behavior and auditing of cloud environments are essential to identify and remediate security misconfigurations.

Training employees on cloud security: Educating employees on cloud security best practices can significantly reduce the risk of human error.

These steps are crucial for organizations in the UAE and Saudi Arabia to safeguard their cloud environments and ensure robust protection against emerging cyber threats.