By: Necip Ozyucel, Cloud and Enterprise Solutions Lead, Microsoft Gulf
Emerging technology paradigms such as the Internet of Things (IoT) are expected to add US$14 trillion to the world’s 20 largest economies by 2030. That’s one fifth of current global GDP.
There is no doubt that the future of humankind is digital. But in the Middle East and Africa many businesses are held back from fully realising digital transformation because of a lack of a robust and agile IT security policy.
According to researchandmarkets.com, in 2015, half of all GCC organisations were subjected to distributed denial-of-service (DDoS) attacks, where websites and applications are taken offline by massive volumes of external resource requests. In the same period, 45% of UAE social media users were victims of cyber crime.
This threat climate is expected to lead to a surge in spending, where the GCC cyber-security market will grow to an estimated $10.41 billion by the end of 2022.
The question on many CEOs minds is: How do I bridge the gap between innovation and security?
- Don’t be alarmed by headlines
Headline-grabbing cyber-attacks are on the rise. This trend is deterring some businesses from adopting new technologies like cloud computing that accelerate digital transformation. But, these new technologies are built around safety, security and privacy. Trusted technology brands spend millions of dollars on secure architecture that supports data encryption, both at rest and in transit; identity and access management; and trained security professionals who monitor infrastructure and react quickly and responsibly to events.
Microsoft, for example, spends $US 1 billion on security every year. This is far more than most businesses running a traditional IT server could ever afford. The fact that banks are leading the digital revolution, particularly in the Middle East and Africa, where customers demand innovative and mobile banking services, is a sure sign of trust. In the Middle East, 100% of medium-sized banks are ready to adopt a mobile technology this year. And 65% of banks are implementing private cloud technology now or are planning to deploy it within 12 months.
Sub-Saharan Africa accounts for 53% of all mobile money transfers in the world. In Kenya, US$36 billion in mobile transactions are conducted each year. Among Gulf countries, according to a 2015 report from Ernst & Young, mobile banking usage in the UAE stands at 34%, followed by 27% in Kuwait, 19% in Qatar and 15% in Saudi Arabia.
Gartner estimates that between now and 2020, 95% of cloud security breaches and failures will be the fault of the customer rather than the provider.
- Ready your business for change
It’s not just the IT department that must adapt, but the entire organisation. A new Capgemini report refers not to digital readiness, but digital dexterity. This is an organisation’s capacity to self-organise to deliver new value from digital technologies.
Firstly, consider how the IT department operates. Security should no longer operate as a siloed IT function, but as a fundamental business process that is aligned to business objectives. It’s critical that businesses embed security across their entire network, applications and access points to detect, analyse and block suspicious behaviour.
- Manage employees
Even if you have the most watertight systems and processes in place, a lack of security awareness among employees can be a serious risk.
“Most breaches today are the result of simple mistakes by employees clicking on rogue links in emails, downloading malicious attachments, or simply not following security policies and training lessons,” says Paul Fisher, research director of Pierre Audoin Consultants, which conducted research into the role identity and access management play in digital transformation.
- Update existing infrastructure: cloud helps security meet agility requirements
Digital transformation touches everything. The Internet of Things is a concept in which machines, buildings,tools and other pieces of equipment are fitted with sensors designed to capture real-word data that is transmitted to intelligent software platforms, enabling “things” to learn and adapt with human-like intelligence.
Many industries and companies are adopting this model to gain an edge over their competition. But IoT means infinitely more data being stored, and more employees with access to sensitive information. A planned and secure IT infrastructure will ensure that all this data can be controlled and managed centrally.
Organisations may think that strong security measures through processes and systems mean they have to forfeit agility. This is not true. With an intelligent cloud server you can be both agile and secure. The intelligent cloud is able to follow automated rules that reflect a company’s security policies. Setting regular storage updates and automatic security updates means there is less pressure on human capacity.
More than 80% of attacks target a known vulnerability that could have been prevented with an existing patch. Cloud computing enables the latest patches to be delivered to your IT system every day, or as soon as a new vulnerability is detected. Trusted cloud vendors offer the most up-to-date security. Microsoft’s Global Security Centre, for example, is home to a 24-7 incident-response team and a digital-crimes unit. In addition, we encrypt all data in transit between you and our data centres.
An organisation building its own secure data centre could spend up to US$1 million to set it up, not to mention the number of highly skilled specialists that would be needed round the clock to run such an operation. With cloud, this is all taken care of by the vendor who can afford the best experts in the field, providing customers with a scalable, pay-as-you-go model, without the stress.
- Play a role in educating the public
In addition to managing their own security, companies have a role to play in creating a more trusted Internet environment for everyone. Ultimately a digitally competitive company needs digitally savvy consumers with a high level of trust in the digital world.
Companies have an opportunity to partner with the public sector to educate citizens on policies and legislation affecting cybercrime, in addition to establishing security principles and commissioned studies to identify factors that increase online risks.
Companies should pledge to be transparent with customers’ data, and organisations should share threat intelligence. This is being done by banks, which have a high level of sharing with their competitors.
