Cloud and Application Security a High Priority for UAE Organizations
Palo Alto Networks®, the next-generation security company, today announced the results of its 2017 cloud security survey, coinciding with the Palo Alto Networks Cybersecurity Summit 2017 in Dubai. Surveying over 1,000 IT decision-makers in the United Arab Emirates and Saudi Arabia, the survey explores the state of cloud adoption and security amongst organizations in the region. As a result of automation and cloud services integration advancements, effective next-generation security measures can now be easily applied, without causing administrative friction; and the notion that security is a bottleneck to embracing any cloud model is a thing of the past.
UAE-based CIOs agree: cloud security is a top priority. On a scale of 0-10, with 10 being “very important”, cloud security ranked as an 8 or higher by the majority of UAE CIOs (56 percent), according to the Palo Alto Networks survey. Market figures back this up, with research firm IDC forecasting information security spend across the Middle East, Turkey and Africa to reach a record high of US$2 billion in 2017.
Organizations are rapidly adopting cloud technologies, and moving applications and data into a diverse set of cloud offerings, spanning public cloud, private cloud, hybrid cloud and SaaS. In the UAE, a shift towards digitalization, Internet of Things and cloud computing is boosted by ambitious mega-projects and initiatives, such as UAE Vision 2021, that are expected to have positive impact on the country’s IT services market.
The Palo Alto Networks survey found that more than two-thirds of respondents (70 percent) in the UAE indicated that they have 1 to 10 cloud-based applications, with 15 percent and 9 percent stating that they had 11 to 20 and more than 21 applications, respectively. Private cloud is the most popular cloud computing solution amongst enterprises in the UAE, with 26 percent of respondents stating their company has adopted this. Fifteen percent of respondents preferred the public cloud, and a further 16 percent stated that they did not have any cloud computing solutions deployed, but they planned to make the shift to the cloud in the near future.
“As more organizations move to the cloud to take advantage of increased operational efficiencies and lower costs, security needs to keep pace with the new dynamic environments in which businesses operate. Customers need a holistic, integrated and automated approach across their entire architecture from the network and data center to the cloud,” comments Ercan Aydin, regional vice president of Emerging Markets at Palo Alto Networks.
With 46 percent of respondents admitting to having experienced a security incident, or being unsure if an incident has taken place, security vigilance needs be a top priority when it comes to the cloud. Of those surveyed, more than 50 percent stipulated that firewall (60 percent) and password protection (63 percent) were among the top security systems that their companies deploy to protect themselves against security breaches, indicating that there is a lack of understanding when it comes to securing applications and data in the cloud. Regardless of the size of the organization, a prevention-focused, natively engineered security platform that is simple to deploy and scalable to meet future growth demands is ideal.
“Security breaches and vulnerabilities make the headlines too often these days, and this could threaten trust in the digital age. With workloads and data increasingly distributed across physical and cloud computing environments, organizations need to have security in place that provides visibility, control and prevention of known and unknown threats, and which protects data, regardless of where it resides,” concludes Aydin.
Three key considerations when adopting cloud services:
1. Who’s really responsible for your data?
In public cloud environments, as the data owner, customers are responsible for securing their data – not the cloud service provider (CSP). Although the CSP will secure the underlying infrastructure, the safety of applications and data is a customer organization’s responsibility, so the CSP needs to consider this.
2. Who has access to applications and data?
A role-based access policy can help mitigate the risk of data loss. Although the CSP will have authorization messages in place, it’s important that customer organizations decide who should have access and whether additional assurance is required.
3. What happens if there’s a security breach?
What kind of support will the CSP give if there’s a breach? It’s important to understand this before launching a cloud strategy.
The Palo Alto Networks Next-Generation Security Platform provides a comprehensive and consistent policy across an organization’s architecture, including its cloud footprint. By automating deployment and policy updates, and integrating with cloud services, the platform can operate at the speed of the cloud; and organizations can build scalable, secure and resilient cloud architectures. As data becomes more and more distributed across a diverse mix of physical data centers, private and public clouds, and software as a service, having complete and unified visibility and consistent security measures becomes increasingly important to protect data no matter where it resides.
To stay protected, organizations should have consistent security policies across physical and virtualized environments. It’s essential to fully maximize the use of computing resources to control traffic between workloads, while preventing the lateral movement of threats, and centrally manage security deployments and streamline policy updates.