close icon

National Cloud Security Policy

Cloud computing in recent times has brought in rapid advances in the delivery of digital services. It is also a key driving force in future technology breakthroughs, big data analytics, Artificial Intelligence (AI) and the Internet of Things (IoT). While its adoption has seen dramatic changes in providing cost-effective, agile, scalable, on-demand technology services to customers, like any emerging technology, cloud computing has also introduced unique complexities and cyber security challenges. 

The increased adoption of cloud services locally and globally, naturally entails an increase in the threat landscape. Ensuring the security of the UAE’s digital transformation requires a holistic approach, which addresses risks and enables innovation. 

The Council has established this policy to enhance cloud security, aligned with the UAE’s national priority to be a global leader in cyber security; and enhance the security posture of organizations and individuals within the UAE using cloud services. 

This policy aims to strengthen the cloud security posture of the UAE by outlining the principles for the adoption of secure cloud computing practices and addressing the challenges in the current cloud computing landscape. The policy will further provide guidance to the cloud ecosystem in the UAE, define requirements for cloud security and outline the oversight and enforcement of cloud security mandates.

The policy will help ensure Cloud Service Providers (CSP) achieve a set of security requirements and ensure all Cloud Service Consumers are well protected when procuring and using said services. The policy also aims to avoid the potential negative impacts of implementation, such as inhibiting investment and stunting the growth of the cloud computing sector due to overly stringent requirements.