Tackling middle east cybersecurity threat to meet data sovereignty rules

Throughout the Middle East, the influence of digital transformation on social infrastructure, public services and the financial sector has transformed citizen’s lives, but the flipside to this is an increased exposure to cyberattacks. In June of last year, the UAE’s National Computer Emergency Response Team repelled more than 100,000 cyberattacks against Federal Government entities in the month of June alone. Several governments in such areas have focused on keeping citizen’s data within their national borders and introduced data sovereignty laws authorizing both national and global organizations to store data locally.

The pandemic has only served to exacerbate the situation mainly for executives forced to work outside the country in which their organization is headquartered. The oil and gas industries in Middle Eastern countries have been particularly hard hit. To help manage this, many companies have turned to Virtual Desktop Infrastructure (VDI). And that is a popular choice for delivering granular control over secure remote access to virtual desktops, applications and data when employees are outside the corporate. VDI utilizes a secure gateway (such as Citrix NetScaler, VMware UAG or F5) that provides multi-factor authentication and proxies the session traffic to the backend systems. This works well to ensure companies are not at risk of attack or breaching data sovereignty rules.

The most significant threat to data is from screen scraping and keylogging malware, and worryingly any hacker adept at writing code can capture confidential data. While VDIs do deliver a high degree of security, and remote access environments in general are not disproportionately vulnerable to risk, this depends very much on the devices that they are being connected to.

The main issues arise from the lack of control. In an effort contain risks and remain compliant with data sovereignty guidance, organizations are providing secure corporate laptops for employees to use when accessing VDI platforms. While endpoint compliance checks generate support overhead and require additional licensing, they can add value. Additionally, companies can use bootable USB devices with thin operating systems that can provide a secure environment to access the VDI. Organizations working in Middle Eastern countries can successfully reinforce their VDI platforms if they use solutions designed precisely to protect endpoint devices.

With the right kind of security solution in place, companies will also find they benefit from constant updates, which means that browser and VDI client compatibility issues are addressed. The cybersecurity threat in the Middle East is growing, and with it the increased focus on enforcing data sovereignty regulations. Protecting VDI deployment with solutions that are fit-for-purpose creates armor that is difficult to penetrate and puts companies on the right side of the law.