- Security gaps are leaving organisations exposed: 42% of respondents say it would be easy for attackers to move laterally across their organisation, a lot higher than the global average (31%).
- Current cloud security tools are not good enough: 100% are now storing sensitive data in the cloud, yet 70% respondents believe cloud security is lacking and poses a severe risk to their business operations.
- Zero Trust Segmentation (ZTS) is believed to be the solution but the UAE and Saudi Arabia lag behind when it comes to adoption: Only 33% are using ZTS across both on-prem and in cloud environments, significantly lower than the global average (48%).
Illumio Cloud Security Index 2023: How UAE and Saudia Arabia stack up
Inadequate cloud security practices are leaving organisations in the UAE and KSA susceptible to data breaches, according to new research from Illumio. The Illumio Cloud Security Index found that 54 percent of breaches in the UAE and KSA now originate in the cloud, costing organisations $2.3m USD annually*. This is particularly concerning given that:
- Over three quarters (76%) of respondents are running high-value applications in the cloud.
- 100% of respondents admit to storing sensitive data in the cloud.
- 98% say a cloud breach would impact their operations, with nearly half (46%) admitting a cloud breach would make maintaining normal operations impossible.
- 70% of respondents believe that cloud security in their own company is inadequate and represents a major risk (higher than the global average (63%).
Fears about inadequate security practices are likely down to an inability to see and respond to risks in the cloud; 97 percent say they need better visibility of connectivity with third-party software. This lack of visibility is impacting organizations' ability to respond to attacks, with 97 percent saying they need to improve their reaction time to cloud breaches. 98 percent are also concerned that the connectivity between their cloud services and on-prem environments increases the likelihood of a breach.
Respondents are also concerned about the consequences of attacks via the cloud. Service downtime is deemed to be the biggest risk in the UA (38 percent, a lot higher than the global average of 29 percent), demonstrating the criticality of the cloud for business. This was followed by a loss of productivity (35 percent), and lawsuits (33 percent, a lot higher than the global average of 21 percent). It is, therefore, no surprise that improving cloud security is a high priority for 89 percent of respondents in the coming year.
Zero Trust Segmentation (ZTS) is believed to be the solution with 89 percent believing it has the potential to significantly improve their own cloud security, yet only 33 percent use ZTS across both on-prem and in cloud environments, a lot lower than the global average (48 percent).
Comments from Ashraf Daqqa, Regional Director for META at Illumio:
“We’re seeing rapid adoption of the cloud in the UAE and KSA, but as cloud adoption increases, so do the risks,” said Ashraf Daqqa, Regional Director for META at Illumio. “As the attack surface becomes larger and more complex, it’s critical that organisations have real-time visibility over their applications and workloads, as well as the ability to rapidly contain threats in the cloud. By introducing ZTS as a part of a proactive Zero Trust security strategy, organisations can significantly improve their cyber resilience and reduce the cost and impact of cloud breaches.”
Notes: *Low base size (17 Middle East respondents whose organization experienced a breach in the past year). Results are indicative only.
This research was conducted independently by Vanson Bourne, among 1,600 IT decision-makers with responsibility for security across nine countries, 100 of them from the UAE and KSA. All respondents are responsible for IT security in their company or are at least heavily involved in this topic and work in upper management.
Associate Communications Consultant