Market analysts from leading agencies such as Gartner and IDC have estimated an exponential growth of the cloud market with predictions estimating it to reach a value of $72.9 billion by 2015. Companies in the Middle East are increasingly venturing into the ‘cloud’ to boost revenues, reduce costs and operational complexities and store valuable business data online. As we reach the end of 2012 and head into the next year, George DeBono, General Manager of Red Hat, Middle East and Africa, makes some predictions on what Middle East enterprises can expect in the cloud computing space in 2013: If you pay any attention whatsoever to tech press coverage and IT industry analyst reports, you know that security concerns about “the cloud” (however that term is being used at the moment) consistently top the list of adoption concerns. Even if naïve cloud safe/unsafe arguments have mostly been retired in favor of more subtle discussions, there’s still a lot of complexity and uncertainty. The IT industry is often dealing with new approaches to computing and delivering application services that don’t have clear historical antecedents and established approaches to mitigating associated risk. As a result, dealing with security and associated concerns in the cloud sometimes seem to require true experts in the field, who are almost by definition in fairly short supply. Organizations like the Cloud Security Alliance (CSA) are making concerted efforts to promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure additional forms of computing. While the CSA’s work benefits everyone, its most important role may be “democratizing” the process of securing and running clouds so that organizations operating and using clouds don’t need security rocket scientists on hand. Expect to see tools for more easily and systematically securing clouds gain more attention in 2013. At one level, protecting against data breaches in the datacenter is a fairly straightforward security problem without many new wrinkles relative to the practices that IT professionals have been following for decades. However, in many respects, we are in a place that’s different in kind from times past. Some of this difference is about connectedness and scale. While security models have been shifting from walled perimeters to defense-in-depth since the early days of the web and e-commerce, cloud-based applications made up of composable services from multiple sources vastly increase potential attack surfaces. It’s a vastly more complicated security problem than setting the ports correctly on a firewall. BYOD is one of the trends that some like to cite as a key cloud security issue given that it takes control away from IT and puts it in the hands of users. IT professionals often comment along the lines of “Just you wait. Enterprise IT departments are going to come to their senses and take the iPads out of those darned kids.” (Or something along those lines) The thing is that those “darned kids” probably include the CEO and other senior executives. And look around any organization that’s not part of the government or in a highly regulated industry and, chances are, most of the smartphones you see aren’t company-issued and provisioned. In most cases, BYOD is going to require IT departments to do some combination of rolling out new products, educating users and adopting new processes. At the very least, they need to understand potential exposures and come up with a plan for dealing with them. From Gulf Today