Cloud policy in ME: The road to adoption

Lack of strong data protection laws and regulations is a significant inhibitor to cloud service adoption in the Middle East, with users in the region believing cloud computing is intrinsically insecure.

Tags: Cloud computingCyber crimePinsent Masons
  • E-Mail
Cloud policy in ME: The road to adoption
By  Diane Mullenex Published  May 20, 2017

As Middle East markets strive to meet the high demand for newer and faster ICT services, the legislative and regulatory frameworks supporting these solutions often do not evolve at the same speed as the increasing ICT penetration.

A lack of robust data protection regulations and laws which prohibit governments, their contractors and financial institutions to house their data overseas is a significant inhibitor to cloud service adoption in the Middle East. Moreover, user perception of the risks associated with cloud computing in the region has stalled widespread adoption. In fact, a 2014 study by Danaher & Chong suggested users in the UAE believe cloud computing is intrinsically insecure and there was a clear lack of trust in the ability of cloud providers to keep customer’s data secure and private.

Indeed, GCC governments have imposed strong measures to maintain control of their own information space and IT infrastructure and are yet to develop regional and international cooperation models. As such, aligning international adoption models and benchmarks with issues specific to the Middle East presents certain challenges, especially from a regulatory perspective.  While countries like the UAE and Qatar have yet to implement data protection regulations, both have recently published stringent cyber-crime regulations. This demonstrates the real concern for national sovereignty and centralised control ahead of consumer concerns for data protection. This measured approach reflects the drive to implement a framework, which is consistent with the competitive values of the region, balanced with a need to combat cyber threats and vulnerabilities.

As we’ve seen, many successful cloud adoption deployment models have included pooling regional resources and infrastructure sharing. The private sector in the Middle East has been instrumental in creating business partnerships and localizing what was once a foreign resource. Historically, internet traffic in the GCC came from Asia or Western Europe. Now however, there has been significant investment to create local networks in most Middle Eastern countries. In fact, a significant increase in data centre facilities has led to measured growth in the cloud services market in the ME region.

In the private sector, we have recently seen Middle East organisations adopt both private and public cloud models. For instance, the UAE’s Gulf General Investment Company recently deployed Microsoft Dynamics in the Azure Cloud.  Significant partnerships to invest in IT infrastructure and provide access to the latest cloud based technologies include the recent partnership between du and Equinix in the UAE, which is run as a colocation site for carriers, content providers, cloud providers, financial services and enterprise customers. In a big push to leverage the latest technological innovation to facilitate the delivery of city data and services, the Smart Dubai Office and du recently entered into a strategic partnership and announced an initiative to design, build and operate the Smart Dubai Platform.

This ground-breaking initiative will be a comprehensive exchange point for government and private sector services; uniting city services, Internet of Things, cloud services, big data and digital identity. The Smart Dubai Platform is a great example of the Dubai government’s goal to meet the needs of its constituents while meeting market demands for diverse streamlined and efficient services. Moreover, recent regulatory developments such as the Dubai Data Law and open data initiatives will foster increased data sharing between the public and private sectors and the individuals they serve, creating enhanced opportunities for engagements thanks to the cloud.

These developments serve as valuable lessons for the public sector, showing that some of the initial fears of moving systems to the cloud can be overcome when resources are pooled together to improve efficiency.

Other government bodies in the UAE have recently made a push towards utilizing cloud services. The Telecommunications Regulatory Authority (TRA) recently deployed ‘Khadamati’, the first one-stop-shop smart portal for federal entities seeking access to government services.

This represents the first smart application to be hosted and made available through the cloud computing project, an initiative which was launched by the Federal Electronic Network, the region’s first-ever cloud service to utilise Cisco technology infrastructure to provide high-speed connectivity and integration across and between e-Government systems of various UAE government departments.

Despite inhibitors to cloud adoption such as security concerns, complexity of new technologies compared to legacy systems, and cost, the Kingdom of Saudi Arabia’s government encourages public sector organisations to utilise information technology systems in the economy. As a result, most public sector organisations have invested heavily in ICT-related products. While this does not amount to a ‘cloud-first’ policy, it does represent a shift in thinking towards market demand and the creation of efficiencies in government systems. At a recent conference in Saudi Arabia hosted by EMC, a recent study of public sector bodies revealed that nearly half of respondents had already implemented or planned to implement a cloud computing model.  
As ME’s largest IT market, this signifies huge cost savings, increased productivity, a rise in centralised services and greater organisational focus.

It is clear that when discussing public sector adoption of innovative technologies, the Middle East’s unique cultural, economic, and political landscape sets it apart from other jurisdictions. Indeed, unique legislative and regulatory frameworks, competitive economies and legacy systems all come in to play when faced with the decision to invest in and implement new IT service models. Cloud computing represents a catharsis to important policy decisions in the Middle East. Governments will need to decide how best to serve their people by pooling resources, investing in infrastructure and developing technology-neutral laws, regulations and policies in relation to data protection, cloud, data classification and cloud first initiatives, which will invigorate economies and meet the increasing demand for streamlined and efficient services.

Late adopters of cloud platforms have the advantage of cherry picking from the best-of-breed cloud frameworks. This is now, more than ever, very true for governments in the Middle East, who have an appetite for innovation and a need to build integrated, responsive and efficient government services for a fast-growing population with high expectations of their governments and the services they provide. Cloud-based solutions will certainly be a part of this transformation.

Governments in the region can follow the lead of the UK and enable such technology by (1) endorsing the use of cloud-based solutions, (2) creating a rigorous data classification framework for properly allocating IT resources and leveraging cloud services where appropriate, and (3) implementing security and privacy requirements based on international standards that allow for the use of qualified cloud services.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code