Covid-19 may have accelerated the pace of uptake, but remote and flexible working in the Middle East is now here to stay.
According to one of the Gulf region’s most popular job websites, Bayt.com, 90% of Middle East and North African (MENA) professionals expect remote working to keep on increasing, and 74% prefer jobs that give them this option.
While the growth of flexible working was instigated by the need to keep businesses running during the pandemic, organisations have now truly embraced the concept of hybrid working —where employees are split between working remotely and in an office — and made it a critical part of their technology landscape.
In fact, when IDC conducted their COVID-19 impact survey on the ICT market earlier this year, 65% of respondents confirmed that investments in collaborative applications over the following 12-18 months would be a critical part of their ‘future of work’ strategy.
“I think what organisations have been through in 2020 has been unprecedented and I applaud organisations who’ve been able to radically reform their businesses,” said Varun Kukreja, senior program manager, security, IDC Middle East, Turkey and Africa. “We’ve seen some businesses chart a course to digital-only, and the pandemic has pushed many organisations towards adopting cloud in their business processes and helped enable a hybrid workforce for better productivity.”
Risk-averse Middle East embraces cloud
In a region that’s very risk averse, there have been some pretty dramatic changes in a short amount of time, said Claude Schuck, Veeam’s regional manager for the Middle East, pointing out that historically, the region was one of the slowest adopters of cloud due to security concerns.
“The trust wasn’t there and so the big players weren’t either,” Schuck said. “Now that’s all changed, as there’s been a need to take advantage of it. CIOs in the Middle East are starting to trust in cloud more, and build it into their hybrid working approach.”
In the year or so before COVID hit, major cloud providers — sensing a new opportunity — launched a handful of hyperscale data centres in the Gulf region. This provided infrastructure that, once the pandemic spread, businesses could make use of as they went into lockdown and remote work.
Hybrid environments challenge CIOs, CISOs
When COVID made remote working a necessity, the immediate priority for organisations was to secure their employees’ devices — particularly if they began using their own equipment at home — and create policies that support a secure hybrid work environment.
Alongside this, as organisations accelerated their digital transformation initiatives, they had to make sure they were designed in a way that could ensure consistent security.
“CIOs’ and CISOs’ jobs became more stressful as they had to maintain a delicate balance between firefighting and strategizing,” Kukreja said.
With such dramatic changes to working trends and use of technology, hybrid working has broadened the attack surface CIOs and CISOs must protect. For example, mobile computing and IoT devices — increasingly used in network infrastructure for smart cities in the Middle East — present unique challenges for security teams as employees may buy and connect devices to the network without informing them.
In the wake of COVID, restrictions on internet-based communications tools have been eased in some countries, opening up more attack vectors for hackers. COVID has also led some governments to require sellers of essential goods to offer e-commerce services; this has increased online transactions, a trend that creates even more targets for hackers.
It’s vital, therefore, that security plans and strategies are prioritised to protect confidential data.
“The four walls of the data centre have been ripped down and you’ve now got a lot of data sitting with employees, on personal devices…” notes Schuck. “Making sure you have a robust, secure cloud data management system is vital.”
Rethinking security operations centres
A hybrid workforce requires a new mindset, advises Haider Pasha, chief security office at Palo Alto Networks, MEA; one with an identity and policy driven approach. “Authenticating users, provisioning granular access and continuous monitoring of resources accessed after connecting to an application or service.”
He adds that enterprises must rethink how security operations centres (SOC) are run and create unique strategies instead of following a traditional model where SOC products don’t integrate, support automation or are solely being held by the SOC engineers.
With teams working remotely, this is one of the best times to rethink and create new ways to manage your SOC, Pasha said. “Enterprises should look at ways where automation can be incorporated, higher collaboration of SOC teams and SOC products are able to communicate with one another regardless of the location of tools, data activity or employees,” he said.
Unsurprisingly, hackers took advantage of the opportunities that arose from employees adopting a new way of working suddenly, and will continue to do so. The Middle East is a region that until recently has had relatively little experience with remote work and off-premises data storage, and so has been particularly vulnerable to a rising tide of cybercriminality including ransomware.
Enterprises must not only educate their IT teams, but also aim to increase the awareness of all employees on the cybersecurity risks, types of attacks and precautions they need to take. Security experts see this as the only way to ensure the security of an organisation.
With digital transformation projects at the top of the agenda for many businesses, now is the perfect opportunity to design security from the ground up. By doing so they ensure that their hybrid work environment is not only robust, but also secure, and enable staff to work problem-free and productively.