Data location, security key concerns
CLASSIFICATION: Other issues of concern in Arab region are cybersecurity and privacy
The security of data is one of the prime concerns in the Arab region, besides cybersecurity, says Ebrahim Alhaddad, the Regional Director, International Telecommunication Union (ITU).
The questions usually asked are, “Where is the data? Where is the server located?”
“The other issues of concern are privacy along with artificial intelligence and its impact on people and the provision for 5-G services,” he said at the Sixth Regional Cybersecurity Summit.
Dr Salim al Ruzaiki, CEO of Information Technology Authority (ITA), said the concern should be on not where the data is located, but on the classification of data.
“Data classification is not clear. If we have the right classification, then we can define which data should be in Oman, while other data can be hosted outside in any other cloud. If we do not have the classification, then we have to keep it within the country and protect it with all our efforts,” he told the Observer.
Having data outside the country hinges on the relations between the nations. “Relations between nations can change. Public and private sectors need to work together to classify the data which is important for us.”
According to Dr Ruzaiki, confidential data, people’s data, and the data relating to economy/ sovereignty of the country has to be within the country.
Data centres are coming up in the private sector; they will be setting up cloud too. “The important point is confidential data should reside in Oman,” he said.
Mike Yeah, Assistant General Counsel, Microsoft, in his keynote speech titled ‘Cyber Resiliency – Best Policy and Regulatory Practices’ outlined the steps that governments can take to ensure secure technology is used in critical industries, particularly as technology moves to cloud-based solutions.
“We want to know where the data is and where the server is. When it comes to data classification, be very smart how you classify data.”
Common policy and regulatory pitfalls, according to him are, “Waiting to update, more stringent security requirements for cloud services, network separation requirements for sensitive data and data residency requirements.”
ITA, meanwhile, is working on a set of criteria for security that has to be met by the private sector.
“We are encouraging the private sector to play larger role in delivering cybersecurity services and at the same time ensuring it meets the criteria,” said Badar al Salehi, Head of ITU Regional Cybersecurity Centre, and DirectorGeneral, Oman CERT.
“Think what is on your computer that is most valuable. It could even be holiday pictures that you cannot replace. If you have a company, then you might have information that distinguishes yourself from your competition so you have to identify that information and make sure it is safe to access. End users must have internet hygiene by ensuring their systems are all up-to-date, have strong passwords and back-up. With those things in place, I think you are pretty secure. Global companies that provide free or low cost email and data storage services have professional infrastructure engineers and security staff so the data is safe.
Of course, governments have to think of another strategy but most of the commercial clouds are quite safe,” said Dr Serge Droz, VicePresident, OS – CERT, Board Director, Forum of Incident Response and Security Teams (FIRST), Switzerland.
On the second day of the summit, the focus was on current challenges facing critical infrastructure sectors such as banking, healthcare and education as well as recruitment challenges in cybersecurity.
It also emphasised the need for building capabilities in cybersecurity and employing right expertise by defining the right hiring processes.