Governance, Cloud, and Cybersecurity: How Dubai Balances Opportunity with Risk

H.E. Amer Sharaf, CEO of Cybersecurity Systems at the Dubai Electronic Security Center, discusses Dubai's approach to embracing cloud technologies that rely on a robust cybersecurity strategy.

Reading Time: 6 min 

Topics

  • Globally, governments are accelerating digital transformation to be more efficient, transparent and plan for tomorrow. 

    In Dubai, digital transformation towards a smart government powered by disruptive technologies has taken the government from “click here” to one-click to, in some cases, zero-click operation. Citizens can safely zip through signing up for services without dealing with paper forms. 

    Dubai’s efforts are marked by ongoing collaboration between public and private sector players in cybersecurity, smart city initiatives, and cloud infrastructure. To discuss the scope and scale of Dubai’s ambitions in the age of the cloud, MIT Sloan Management Review Middle East spoke to H.E. Amer Sharaf, CEO of Cybersecurity Systems at the Dubai Electronic Security Center (DESC), on the sidelines of the Global Government Cloud Forum, held at the Museum of the Future in Dubai. 

    The Intersection of Cybersecurity and Cloud 

    Dubai’s technological landscape will be shaped by multilayered security in 2025 to combat increasing cyber threats. Sharaf emphasizes that “global government cloud security is a popular area of interest.” So, the Global Government Cloud Forum is a platform for learning from different countries about their challenges and solutions. 

    Gaining global insights and exchanging learnings is central to defining Dubai’s digital security strategy and facilitating the emirate’s delicate transition to the cloud. “[In Dubai] everything stems from our cybersecurity strategy, launched by Sheikh Hamdan in 2023 and is already in its second iteration.”

    He stresses that Dubai’s approach to embracing cloud technologies relies on its robust cybersecurity strategy, which includes policies and a technological roadmap to define and raise the bar for secure cloud developments. 

    These efforts are backed by measured partnerships with cloud service providers that ensure consistent, high-level security controls across all government operations.

    However, striking and sustaining the delicate balance between cloud innovation and costs is an ever-evolving global challenge. Sharaf says that Dubai has tailored its outlook to the “economics of saving” to tackle this particular pressure point.

    Like Sam Altman, who acknowledged OpenAI’s for-profit transition to attract more capital to innovate in 2024, Sharaf warns about the likelihood of “no [cost] savings” when government departments transition from the edge to the cloud. 

    As a discerning cybersecurity stakeholder on the cloud, Dubai leverages strategic partnerships with vendors from the private sector or telecom industry leaders. In Dubai’s dynamic govtech universe, “the full stack, which includes security, embedding the finer elements of cybersecurity controls, patches, and updates, is taken care of.” Thus, Dubai tallies the balance sheet of incurred costs while embracing cloud infrastructure.

    Data Privacy and Protection 

    In a cloud-first world, collaboration is the norm. As cloud platforms amplify their storage and processing capabilities each year, ensuring data privacy while enabling collaboration between departments has become imperative. 

    To embrace and capitalize on this unfolding reality, Sharaf says Dubai’s approach begins with clear data classification policies. “We established a clear policy for categorizing sensitive, critical, shareable, and public data,” Sharaf adds. “This classification helps us [government departments] understand what data can be shared globally and what must remain within strict privacy boundaries.”

    This approach is strengthened by the Dubai Data and Statistics Center (DDS), which governs the certification of cloud services providers to ensure they adhere to stringent security standards. In doing so, Dubai ensures that government departments can confidently adopt cloud services, with the awareness that these entities fully comply with data protection.

    “Through the cloud security policy, all cloud providers ensure they meet our specific security requirements before they can store government data,” Sharaf adds. “This makes it easier for departments to adopt certified services without ambiguity, ensuring that security is never compromised.”

    To foster sustainable collaboration between Dubai’s public entities and private players, the Cloud Service Provider (CSP) Security Standard produced by DESC forms a timely bedrock for data security. The CSP program eliminates ambiguity through its simplified and segregated user interface when public departments deliberate their appetite for DESC-certified cloud services. “With a necessary level of autonomy [for private players], we ensure regulated collaboration” in govtech developments in Dubai, says Sharaf. 

    Future Cybersecurity Threats

    As Dubai continues to innovate, the government is vigilant about the mutating nature of cyberattacks. Sharaf identifies phishing, ransomware, and DDoS attacks as some of the biggest risks facing government cloud systems in the years to come.

    “We’re working with a global perspective on cybersecurity because it’s a global issue,” Sharaf says. “To tackle these threats, we launched the Dubai Cyber Index, which links all government departments and monitors security traffic in real-time. This system enables us to quickly identify potential threats and coordinate an immediate response.”

    The index ensures that departments adhere to predefined KPIs, creating a transparent and competitive environment where government entities are incentivized to improve their cybersecurity practices. This scoring system is also integrated into Dubai’s Government Excellence Rewards Program, which motivates departments to prioritize security and rewards timely threat detection and elimination. 

    “We want the departments to compete positively, striving to be number one in cybersecurity performance,” Sharaf explains. “The faster they respond to threats, the better their score…”

    Balancing Speed and Security 

    Balancing innovation goals with robust cybersecurity is essential. Acknowledging the tension between wanting to innovate quickly and the need to ensure security protocols are implemented, Sharaf says, “Security by design is at the core of all our cloud platforms. Cloud providers continuously innovate, and security is embedded into their services from the start.” This model allows for rapidly deploying new solutions without compromising security.

    Dubai’s government has also introduced a simplified Web Security Policy that enables departments to develop new applications quickly while ensuring that essential security measures are not overlooked. “This policy ensures that developers can innovate without getting bogged down by complex regulations. It allows them to launch apps quickly but within a secure framework.”

    Moreover, Dubai’s commitment to education and training is key in mitigating human error — one of the most common cyberattack vectors. The Dubai Cyber Innovation Park, in partnership with local institutions, provides training for professionals to stay updated on the latest cybersecurity developments.

    Embedding Cybersecurity in Smart Cities and Future Tech

    While futuristic technologies like AI and Big Data define Dubai’s digital government services, Sharaf spotlights key initiatives like the Dubai Pulse platform, which provides a cloud-based hub for innovation while embedding strong cybersecurity practices into its core infrastructure.

    “Platforms like Dubai Pulse and UAE Pass are crucial for securing smart city initiatives,” Sharaf says. “We work closely with these projects, ensuring that cybersecurity is not an afterthought but a core component of their design.”

    The UAE Pass, for instance, allows citizens and residents to access government services securely without the burden of managing multiple passwords. This project demonstrates how cybersecurity can be seamlessly integrated into daily digital interactions, making the UAE’s digital ecosystem both interactive and secure.

    “Security is always embedded within these projects,” Sharaf adds. “We work as partners to ensure that these innovative solutions are built with the highest security standards and are monitored 24/7.”


    MIT Sloan Management Review Middle East is hosting the GovTech Conclave—a high-level gathering of government leaders, ministry officials, policymakers, and industry experts. This event will explore the latest technological advancements shaping the future of governance. Join the conversation. Register here to be part of the conclave.

    Topics

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.