Riding The Cloud

Cloud computing is really making inroads in the UAE – and not just the public cloud environments. Customers are also starting to explore the benefits of modern compute and application environments, which private and public cloud deliver.

It is expected that the UAE public cloud market will reach a $290 million by 2020. Major technology vendors including AWS, Microsoft, Alibaba, and SAP have been quick to recognise the region’s cloudreadiness and have begun investing in Middle East-based cloud data centres.

All of this is intriguing and the numbers staggering, but we are still in the early days of cloud - particularly when it comes to cloud security. I am often surprised to find that regional enterprises either believe that the cloud is secure by default, or that the native controls delivered by cloud providers are good enough. Therefore, we continue to see higher levels of security investment being made to secure legacy environments.

Unfortunately, cloud and the applications we deploy there are not secure by default – in fact security in the cloud is as complex, and as much of a requirement, as in any traditional data centre infrastructure.

Organisations need to build competence and understanding of cloud related security challenges, meaning we currently find ourselves with a competence gap – especially as cloud platforms and the attacks against those are often very different. For example, growing cloud adoption is causing attackers to focus more intently on client-side attacks and phishing, as the lack of a natural perimeter means that our user, endpoint and authentication are the new perimeters.

From a security perspective, this means that endpoint-security, identity control and user awareness are now becoming increasingly critical elements in a robust security strategy.