The Inevitability of Cloud
When it comes to cloud and its role in an organisation’s IT architecture and roadmap, definitions vary, but the inevitability is inarguable. A fully cloud-based environment is still not a necessity, and organisations that seek to invest today in future resilience are continuously navigating their ideal hybrid architecture. A number of questions still exist in the minds of IT decision makers, however, slowing down the adoption rate in a number of industries.
During a recent webinar organised by the International Exhibition for National Security and Resilience (ISNR Abu Dhabi), 70 per cent of participants, representing IT leaders from the public and private sector, cited security as a concern, hampering the rate at which they transition to cloud-based system and solutions. These concerns are potentially higher among decision-makers in sensitive sectors such as Government and public administration, banking and financial institutions, and similar others.
At present, governments and companies with hybrid platforms prefer to retain critical work on-premise, and move non-critical work streams to the cloud.
As Hybrid and Multi-cloud environments become solutions of choice across many Governments and enterprises across the globe, priority is placed on integration capability, robust security control framework, and efficient service development.
As these fully-custom-built solutions grow in importance, Sunil Peer, Regional CTO & Business Development Director, Huawei Cloud & AI, believes that enterprises will look at the greater value that cloud can deliver—especially when it comes to enabling future innovation. Government enterprises are looking for a Cloud platform to accelerate digital strategy implementation and help improve Return On Investment (ROI).
“With all the benefits that could be accessed by organisations in different sectors and of varying sizes, there is no single blueprint architecture or solution that can work for all. What is uniform, however, is the need for solid planning, and a practical approach that’s customized to the nature of the organisation,” Peer said.
Sultan Al-Owais, CIO & CISO at a UAE Government entity, maintains that in order to succeed when adopting cloud and following the planned, practical approach, organizations need to identify and highlight their priorities. “Ideally, organisations should progressively migrate workloads to the cloud by order of criticality. Put simply, if for some reason the endeavour was to fail, the business impact can be limited and the project re-started until success is achieved. Once successful, it opens up new technological innovations to benefit the users and all stakeholders.”
“The resistance to adopting cloud-hosted services is not unique to the Middle East, but the trend of the commoditization of IT is likely to continue to grow in the region,” said Sultan Al-Owais. “There is a major factor to keep in mind – Government organizations are unsure, not uninterested. Faced with the complexities of shared custody of data, they take a principle-based decision. In many cases this decision is clear cut and strongly justified, but in many cases it is not.”
With the need for ‘trusted advisors’ called into focus, the ISNR Webinar focused on the adoption of cloud solutions in the public sector, with specific attention to security, data sovereignty, and scalability. There is no question about the timeliness and contextual relevance of the topic. As tech pundits have pointed out recently, COVID-19 will go down in history as the single largest driver of digital transformation.
Moataz Mohammed, Head of Cloud Advisory at Injazat, has seen growing demand for new technology-powered business models. The pandemic prompted mass requirement for immediate Work-From-Home solutions, including for Government departments and workers. In a situation like this, where features and functionalities just have to be switched-on and accessed overnight, cloud is clearly the way to go.
Government departments that operated strict ‘No BYOD’ policies had to allow employees remote access to central systems from personal devices. This has brought the debate around policies to the fore in a very real-world setting – no longer a rhetorical topic but a critical business need.
Governments in the GCC region have been quick to include emerging technology areas in their regulatory policies and outlook. UAE’s TRA issued the Information Assurance Regulation, which covers security controls related to cloud. Saudi Arabia outlined the Essential Cybersecurity Controls by the National Cybersecurity Authority, designed to regulate government and private sector organisations that own, operate, or host critical national infrastructure. Bahrain issued a law in 2018 pertaining to the processing of personal data, which also factors data stored in the cloud.
“We have worked with a lot of governments across the region to tailor their policies, give feedback and counsel, and share what we are seeing in other countries as well,” said Aydin Aslaner, Head of Cybersecurity Public Sector Team, at Microsoft MENA.
A number of regional regulations shows a siloed approach to cyber security and data protection, including the requirement for specific types of data to be stored or processed locally. Hadi Hosn, CEO of Axon Technologies, says: “Our recommendation is for the GCC to have a more balanced regional approach to cyber security and data protection regulations that is also risk based, focusing on the entities and activities that pose the highest risk to the public well-being. GCC regions have an opportunity to create a new regional cybersecurity policy and regulation that combines the successes of foreign policies.”
Today’s globalised world brings learning from all around the globe, and the quickest path to success is to follow tried-and-tested approaches. In the United Kingdom, for instance, many public sector services have moved to the cloud, including databases from the Ministry of Justice, driving license data, the weather, and more. While most are moved due to advantages in scalability and costs, there are some services that have not yet moved, due to security reasons.
“One of the things that we've done in the UK is provide clear guidelines to individuals, boards, and government ministries about the kind of things that they need to be thinking about when they're moving services towards the cloud. This information and guidance is all available online, through an organization we set up called the National Cyber Security Center (NCSC),” said Simon Hosking, Cyber Security Industry Representative to the Gulf, UK Government DIT – British Embassy Dubai.
“There are 14 principles that the government has laid out, to guide people’s thinking and provide a check-list for when they move services to the cloud. These principles cover Data in Transit and keeping data secure, Supply Chain robustness and intactness, and more.”
Moving to the cloud is inevitable, however it is something that should not be mandated or forced upon organizations. In order for it to succeed and for organizations to benefit from the cloud, decision-makers need to be visionary, and have a clear view of the requirements, conduct their due diligence, and draw-up a workable roadmap.
“A controlled transition to the cloud – or percentage increase in a hybrid model – is achievable for government agencies in a safe and secure manner, bringing with it heightened levels of productivity and efficiency”, concluded Meline Soulie, Group Events Director – National & Cyber Security Portfolio (ISNR Abu Dhabi), Reed Exhibitions Middle East. “This strategic market trend will remain a key focus and central theme of ISNR Abu Dhabi in the future months, by sharing latest best practice and facilitating relevant connections to support our community.”