Home Technology Cloud Veritas recommends two essential steps to safeguard enterprises against cyberthreats Companies relying more on native security tools are hit harder by ransomware than organisations that rely less on native security tools, and more on purpose built solutions by Gulf Business April 23, 2023 The UAE has outlined a strategy to make Dubai the digital economy capital of the world. What role will data compliance play as part of this process? The UAE has indeed been leading the region in digital transformation, and as the report from our recent international cloud survey reveals, organisations here have made strong progress in the transition to cloud – so much so that the UAE now ranks as the second-highest adopter of public cloud services globally. However, one key area organisations need to think about as they go on their cloud journey, that sometimes is an afterthought, is compliance. Today, the number of data streams has grown significantly, with the pandemic accelerating data generation. To leverage this enormous volume of data, which goes hand-in-hand with digitalisation, it is important to have data compliance strategies in place. This starts with the ability to visualise, secure and manage this data, while purging whatever data is not relevant or essential. To be successful on a country-wide digitisation strategy, consumers need to feel confident their data is protected as they move to more cloud services, and that there is true governance surrounding all their private data. Think about it in terms of providing a frictionless experience for consumers from both in terms of usability as well as data protection and compliance. Having a strong data compliance regime that addresses these strategic priorities is important, especially as this is central to achieving the trust of consumers. The UAE’s laws regarding data protection and privacy emphasise the importance of protection of customer rights, with the Personal Data Protection Law (DPL) of 2021 also setting an integrated framework for ensuring confidentiality and protecting the privacy of individuals. As organisations adopt solutions and standards that meet the framework and the DPL requirements, compliance will be achieved and digitalisation accelerated. What are the biggest threats to a business’s digital infrastructure posed from the increased digitisation of business operations? A digital infrastructure and increased digitalisation have many advantages for businesses such as less infrastructure to manage, easier usability, quicker and more efficient consumption of the services provided, the list goes on. However, it does create challenges as well, such as increased cyberthreats and compliance and regulatory issues. One key challenge is that many organisations have poor visibility of their data. As our recent research revealed, more than half (53 per cent) of UAE organisations do not have full visibility of their data. You cannot protect the data you cannot see, and this is both a data protection and a data compliance issue. The opaque understanding of where data is stored is further impacted by the adoption of a multi-cloud provider strategy. An average UAE business currently uses three different public cloud providers to meet their storage needs. This is fracturing data protection and makes it challenging to meet compliance regulations. To address this challenge, organisations must secure their data, understand where all their data resides and have visibility into the context of the data. Organisations must also have the tools to do this, in a muti-cloud and a hybrid world. While we are talking about digitalisation, it does not happen overnight, it is a phased approach, and bad actors will try to take advantage of this situation. Organisations are most vulnerable when migrating data, when they are freshly adopting cloud solutions, when they are in a hybrid environment, and when they are using multiple solutions. When organisations have a clear data compliance strategy, with full visibility of their data, and are using the right solutions, they can protect their data and their client’s data from such threats. As we continue towards this fully digitised way of working, which industry sector do you see the increasing compliance affecting the most? Of course, every industry must keep up with and follow compliance standards as increased compliance is not a challenge but an opportunity to unlock the value of data. But if we were to hone-in, there are three sectors in particular that stand out: One is finance, given the highly sensitive nature of the industry and the regulations it must follow, and the requirements for storing a specific set of data for specific periods of time. Healthcare is another sector that requires a robust compliance framework, given the sensitivity of patient information. Hospitals and care providers must ensure they are complying with the appropriate regulations and putting in place measures to protect vital patient data. A third sector where data compliance is crucial is energy, given the sensitive nature of their work. We only have to look at the recent example of the Colonial Pipeline ransomware attack, and the impact this had, to understand the potential repercussions of data that is not adequately secured. What would be your top three tips for businesses as they begin to plan for compliance readiness? The first priority is to understand all streams of data, visualise it and have a process to manage it and secure it, usually in an archive or a protected preservation store. They must put in processes and procedures to provide guidance to employees on using reliable data platforms to protect against any vulnerabilities. Secondly, the data stored must be classified, supervised, and follow a framework that can make data management seamless and not cumbersome. And finally, a simple, yet often overlooked step of the planning process is employee training and readiness. Ensuring that all employees within the business are equipped to adapt to newer ways of working securely must be top of mind for all c-suite and IT leaders. How do you expect these changes around security management and compliance to impact governmental agencies? The UAE is laser-focused on making Dubai the digital economy capital of the world. Backed by the UAE Digital Economy Strategy, launched in April 2022 with the aim of doubling the contribution of the digital economy to the UAE’s GDP from 9.7 per cent in 2022 to 19.4 per cent by 2031. The UAE digitalisation plans are already underway, and the government has already successfully implemented significant milestones including Dubai being the first government to go paperless. Given the enormity of personal information that many government agencies have, stronger compliance standards will help secure their data, and allow them to conduct their business more efficiently. As mentioned, the strategic priority must be to ensure data visibility and efficient data management. The UAE government is making the right moves by working alongside several leading IT solution providers to ensure this journey towards a digital government and a digital economy are organised with the most secure, compliant, and reliable platforms. We will see more partnerships form between these agencies and IT providers, as the reach, knowledge and capabilities of the right providers will help ensure the right solutions and processes are put in place to support UAE’s digitalisation goals. When it comes to vendors and customers using your software, do you think businesses need to put in place digital security compliance checks before selecting external partners as well? Undeniably, having digital security compliance checks on external partners is critical, more so because businesses use multiple clouds. IT decision-makers must learn how to architect a unified data protection strategy across multi-clouds. Having a framework that promotes continuous backup, pursuing a zero-trust policy, multi-factor authentication and role-based access control are critical to ensure digital security. Organisations must also have complete endpoint visibility and implement immutable storage, automated recovery processes and regular recovery testing. We’ve seen increasing ransomware attacks regionally and globally over the past few months and years. What are two things you recommend enterprises do to protect their organisations from potential attacks? As our international cloud research study revealed, companies relying more on native security tools are hit harder by ransomware than organisations that rely less on native security tools, and more on purpose built solutions. Over half of UAE respondents using only their cloud provider security tools (52 per cent) said they were exposed to ransomware attacks because of relying on such cloud security backups, and 40 per cent of organisations had lost data as a result. Continuously scaling up the level of expertise to implement best practices is crucial for securing against potential attacks and mitigating risk. Organisations must work with trusted partners that have the right know-how. A data compliance strategy with greater visibility over company and customer data must be at the heart of any organisation’s digital strategy. And secondly, every employee is responsible for contributing to the success of a data protection strategy, and there must be clear guidance and training on the type of data that can be shared across various communication tools. Sam Elbeck is the global leader of Digital Compliance at Veritas Technologies Read: What’s in store for the tech industry in 2023? Tags Cloud Compliance cybersecurity Interview Veritas 0 Comments You might also like Piece of You’s Amreen Iqbal on the appeal of personalised jewellery Novartis Gulf’s Mohamed Ezz Eldin on the region’s key healthcare trends Thales’ Elias Merrawe on shaping the future of flight Efficio’s Adam Forgács on local content’s role in economic diversification