Companies believe cloud security is priority but one-third admitted to a breach


Around 51 percent of Saudi CIOs agree that cloud security is a top priority and more than two-thirds indicated they had one to ten cloud-based applications in use in their organizations, according to a recent study by security company Palo Alto surveying more than 1,000 IT decision-makers.

8 percent said they had 11 to 20 applications while 9 percent stated they had more than 21 applications.

Palo Alto, that provides security solutions to all government sin the region, revealed that private cloud is the most popular cloud computing solution among Saudi enterprises as 30 percent had adopted it in their organizations.

Public cloud comes in second, while 14 percent do not have any cloud computing solutions deployed but planned to make the shift to the cloud in the near future.

The study also revealed that more than one-third of companies, 39 percent, in the Kingdom admitted to having experienced a security breach.

Of those surveyed, more than 50 percent said that firewalls and password protection were among the top security systems their companies deployed to protect themselves against security breaches, indicating a lack of understanding when it comes to securing applications and data in the cloud.

As the Kingdom is undergoing digital transformation in its public sector such as moving towards e-services and interconnectivity between government agencies, the government has encouraged the adoption of cloud computing among other technologies.

As a result of automation and cloud services integration advancements, effective next-generation security measures can now be easily applied without causing administrative friction, and the notion that security is a bottleneck to embracing any cloud model is a thing of the past.

Organizations are rapidly adopting cloud technologies, and moving applications and data into a diverse set of cloud offerings, spanning public cloud, private cloud, hybrid cloud and SaaS.

In Saudi Arabia, the shift towards digitalization, Internet of Things, and cloud computing is boosted by ambitious mega-projects and initiatives, such as Vision 2030, that are expected to have a positive impact on the country’s IT services market.

Experts revealed that organizations are coming to realize that an increased reliance on cloud computing brings with it enhanced security concerns, especially in light of the recent high-profile cyber attacks targeting Saudi government ministries.

“Cloud solutions provide efficiency, speed, and wider distribution but CTOs need to be equipped with countermeasures in return,” says Ehab Derbas, general manager at Palo Alto Networks in Saudi Arabia. “Otherwise it will make it easier for hackers to attack.”

He added: “Today, cloud is a reality. There is immense opportunity in the region for organizations to increase operational efficiencies and drive agile business models. With workloads and data increasingly distributed across physical and cloud computing environments, organizations need to have security in place that provides visibility, control and prevention of known and unknown threats, and which protects data, regardless of where it resides.”

Commenting on the coming trends this year, he says many organizations are continuing to invest and move towards cloud services.

“Saudi Arabia is the largest economy in the region so it’s expected it will be increasingly prone to cyber threats”, commented Tarek Abbas, systems engineering director of emerging markets at Palo Alto. Abbas revealed that the public sector in addition to the financial and education sectors are among the company’s largest consumers in the Kingdom.

Regardless of an organization’s size, a prevention-focused, natively engineered security platform that is simple to deploy and scalable to meet future growth and provide consistent protection across network, endpoint and cloud environments is ideal, say Palo Alto experts.

Adopting Cloud Services

Three key considerations when adopting cloud services are:

1. Who is really responsible for your data?

In public cloud environments, as the data owner, customers are responsible for securing their data – not the cloud service provider (CSP). Although the CSP will secure the underlying infrastructure, the safety of applications and data is a customer organization’s responsibility, so the CSP needs to consider this.

2. Who has access to applications and data?

A role-based access policy can help mitigate the risk of data loss. Although the CSP will have authorization messages in place, it is important that customer organizations decide who should have access and whether additional assurance is required.

3. What happens if there is a security breach?

What kind of support will the CSP give if there is a breach? It is important to understand this before launching a cloud strategy.