Freely subscribe to our NEWSLETTER

Cloud computing has been a dominant trend in the Middle East and North Africa (MENA) in recent years and leading IT research firm Gartner projects that the cloud services market for the region will grow 18.3% to reach $879.3 million in 2016. However, even as the uptake of cloud continues to increase, security, which has always been a major hurdle to cloud adoption, remains a challenge. According to the SANS survey, 62% of respondents said they are concerned that unauthorized outsiders could access data stored on public cloud services, representing a 20% increase over the previous year.

“IT professionals in the Middle East clearly understand the host of benefits that cloud offers, but their concerns arise due to the lack of visibility and control over data in the cloud,” said Ned Baltagi, Managing Director, Middle East & Africa at SANS. “Business dynamics have necessitated IT scalability and flexibility and cloud computing presents a convincing and cost-effective solution. But IT teams need to work with line of business managers to find new technologies and policy approaches to reduce the risk.”

The survey also found that organizations believe their ability to identify and remediate cloud data breaches has reduced. In 2015, 33% of respondents said they lacked the tools and low-level access to usage data that would allow them to identify a data breach or do forensic analysis that would make incident response effective. This figure that has risen to 56% this year.

InfoSec professionals seem to have accepted the on-going migration to the cloud as inevitable, however, and are doing what they can to secure sensitive data and applications in the public cloud.

Overall, 48% of respondents’ organizations store employee data in the cloud, and 24% store customer financial data there. In addition, 27% use cloud-based email and messaging and 17% use collaboration or document management services in the public cloud.

Baltagi continues, "Cloud providers do offer more security tools for their own platforms, and some have expanded support of industry standard security frameworks and reporting methods to increase visibility and integration with customers’ existing security tools."

For InfoSec professionals, however, the greatest challenges are still the limited ability to access data controls built into cloud platforms, integration with existing tools and the slow progress toward APIs or services to bridge the gap between internal and external security.

"By this time next year, we hope to see a lot more support for third-party solutions, better access for forensic analysis, and more openness about the security controls and processes cloud providers use," Baltagi says. "Cloud providers are improving, but they’re not moving fast enough to address the needs of enterprises that continue to migrate sensitive data into the public cloud."