Gulf Region Accelerates Adoption of Zero Trust

Zero-trust security adoption will increase tenfold in the Gulf region by the end of 2025, with critical infrastructure industries such finance and oil and gas leading the way.

Nader Henein, vice president and analyst with Gartner, predicts that 10% percent of large enterprises in that region will have a "comprehensive, mature, and measurable" zero-trust program in place within the next two years, up from less than 1% in 2023.

A zero-trust strategy works like this: Any user or device trying to access the company's resources must be verified each time they request access to applications and the network, even if they were validated previously. Everything is considered untrusted until it is verified.

Many Gulf organizations are just beginning their cybersecurity journeys, Henein says, so they are able to build their infrastructure around zero trust rather than "ripping and replacing" existing systems.

"The [Gulf region] is a younger market compared to some western regions … it's more open to evolve and grow," Henein says.

Rob Andrews, director product management at Sophos, explains how zero trust is still in the early adoption cycle in the Gulf region. "Regional vendors and cybersecurity practitioners are still defining what zero trust is and what products and solutions fit within its framework. Zero trust is a framework; no single product or service will achieve it," he notes.

Zero-trust adoption in the Gulf overall is mainly driven by regulated industries, such as banking and finance, as well as oil and gas — which is heavily targeted by cyberattacks, Gartner's Henein says.  

UAE Leads the Way

As cloud adoption continues to grow in the UAE in particular, zero trust take-up is set to follow, according to experts. In 2021, nearly 43% of organizations in the UAE adopted cloud computing, compared to 49% in Western Europe and North America, according to a report published by Telecom Advisory Services.

IDC estimates that total spending on public cloud services in the UAE is expected to grow by 26% over the next five years, reaching $3.2 billion in 2026.

Cloud technology adoption will add $181 billion in economic value to the UAE over the next decade, according to Telecom Advisory Services. That's equivalent to 2.5% of the Emirates' economy.

More than 55% of the Middle East's cloud security managers plan to prioritize zero-trust strategies this year, according to the Future of Cloud Security in the Middle East report. In the study of 584 professionals, led by the UAE government's head of cybersecurity, Dr. Mohamed Al Kuwaiti, nearly 43% of survey respondents said security was the most important factor when choosing a cloud provider.

Michael Adjei, director of systems engineering, EMEA at Illumio, says while UAE organizations recognize the importance of zero-trust strategies for strengthening security and resilience, local firms are still struggling to implement it fast enough.

"Before companies can get to a stage where zero trust is a realistic concept, they must first achieve full visibility within their organizations, which is proving [to be] a sticking point for some," he notes.

According to Adjei, UAE organizations urgently need visibility into their hybrid and multi-cloud environments. "They are searching for the right technologies to help them gain oversight over their entire estate," he says. "Once companies can see what's going on in their environment, then they can start to add the right security controls."

Channeling Zero Trust

But while it may be early days for the UAE's zero-trust journey, the region is home to a strong base of international vendors, which could help propel adoption.

"Channel partners are set to play a key role in bringing widespread zero-trust awareness and adoption to the region," Adjei says. "Security vendors and partners must provide a practical path towards zero trust implementation, with minimal disruption to organizations, for clients to reap optimal benefits."