Quantum-Safe Encryption is no Longer Optional—it’s the Foundation for Future-Proofing Critical Data.
As the Middle East races to cement its position as a global AI hub, the region’s data centers are under more pressure than ever—not just to scale, but to secure. From cloud misconfigurations and identity abuse to the rising risks of generative AI, the attack surface is expanding in ways that demand a smarter, prevention-first approach. In this exclusive feature, Shadi Khuffash, Senior Regional Director, South Middle East at Fortinet, sheds light on how AI and automation are transforming data center security, why digital sovereignty is shaping policy across the Gulf, and what steps organizations must take to prepare for a quantum-driven future.
How is the rise of AI and big data reshaping the design and scalability of data centers in the Middle East?
The adoption of AI tools across industries, such as third-party large language models and AI cloud-based applications, has created new vulnerabilities within organisations. Already, attackers weaponise AI to create sophisticated attacks with the aim to circumvent traditional security measures. Concerns of LLM data poisoning and lack of control over GenAI usage also have been leading to increased security risks.
Cloud environments remain a top target, with adversaries exploiting persistent weaknesses, such as open storage buckets, over-permissioned identities, and misconfigured services. Our cloud-native application protection platform Lacework FortiCNAPP telemetry shows a steady rise in cloud compromises, often involving identity abuse, insecure APIs, and privilege escalation. Reconnaissance remains the most prevalent tactic, with attackers probing APIs, enumerating permissions, and scanning for exposed assets. In 70% of observed incidents, attackers gained access through logins from unfamiliar geographies, highlighting the critical role of identity monitoring in cloud defense and a comprehensive application protection system.
In what ways are AI and machine learning being used within modern data centers—for efficiency, maintenance, or security?
The shift to cloud computing has redefined enterprise security, providing essential agility and scalability but exposing organizations to evolving attack vectors. Cloud environments are now a battleground where adversaries exploit misconfigurations, compromised identities, and insecure APIs. Using Lacework FortiCNAPP, the FortiGuard Labs team analysed 2024 threat telemetry and uncovered a concerning trend: Cloud-focused attacks are becoming more sophisticated by leveraging automation and multi-stage persistence techniques.
Cloud servers, containers, and Kubernetes clusters are increasingly the targets of persistent threat actors. While organisations expect adversaries to focus on external breaches, our Lacework FortiCNAPP analysis shows that attackers often operate within the environment, leveraging legitimate services to camouflage their activities.
To combat these existing and developing threats AI powered security systems are already available with the ability to uncover hidden threats such as unauthorised AI use within an organisation. AI-powered systems are also already proactively and autonomously fixing issues in the data centre environment before they impact users.
With massive volumes of sensitive data being processed, how are data centers in the UAE and KSA evolving their cybersecurity strategies?
Emerging technologies such as AI are expanding the attack surface of organisations, increasing cybersecurity risks. As these systems and applications become more and more essential to our everyday lives and for the provision of essential services, data centres have evolved into pieces of critical infrastructure of our societies. Protecting data centres and ensuring their resilience is therefore of the utmost importance for the Gulf region.
AI is already being harnessed in security operations to ensure secure usage and compliance and real-time prevention of sophisticated new and existing attacks. With the threat landscape becoming more complex and new threats developing ever faster, having a system in place in the data centre environment that can automate security tasks, proactively and autonomously fix issues, trace root-causes of attacks and hunt threats without human input is critical to protect nationally critical infrastructure.
What role does AI play in proactive threat detection and mitigation at the infrastructure level?
We know that as AI evolves, it’s lowering the barrier to entry for aspiring cybercriminals, increasing access to the tactics and intelligence needed to execute successful attacks regardless of an adversary’s knowledge and skills. It can also represent a new threat vector. Attackers are using AI to create sophisticated attacks that can evade traditional measures. AI-powered threats and excessive alerts result in missed threats, slowed response, and human error. The use of AI systems in everyday applications is itself open to threats such as data poisoning and security risks that compromise services.
However, AI and Machine Learning, operating in real time, are also powerful defensive adaptive tools that secure and transform organizations by proactively defending against emerging threats, enabling rapid detection and response to threats, and automating security and network operations.
What are the latest developments in data sovereignty regulations across the GCC?
Data and digital sovereignty are becoming popular technology policies in many regions, such as the European Union, Australia and other jurisdictions. This can mean many things, but generally the objectives of these policies are to address three actual (and sometimes perceived) concerns: 1) Over-reliance on foreign cloud and tech providers, with a near absence of local alternative providers; 2) Lack of control over data, which may be subject to foreign jurisdictions; and 3) Inability or difficulty to enforce the law against foreign-based providers.
Policy makers in Gulf countries are also considering digital sovereignty as an important objective and are implementing tools such as data localization laws, strengthening cybersecurity and fostering regional innovation.
Of course, as Gulf countries develop their digital sovereignty strategy, they should not forget the importance of international collaboration and partnership, especially considering the multi-jurisdictional nature of emerging technologies, the intertwined and complex value chain of cloud, and the importance of ensuring resilience through relying on multiple partners (local and international).
What’s the next frontier in intelligent data ecosystems—quantum processing, generative AI, decentralized storage?
As organisations recognise the risks posed by quantum computing, the need to adopt quantum-safe encryption strategies has never been more urgent. This is an area Fortinet is heavily investing in and is actively incorporating quantum-safe encryption standards into its solutions.
As cyberthreats continue to evolve, ensuring the long-term security of sensitive information is paramount. Quantum-safe encryption offers a proactive approach to mitigating quantum risks and securing critical data against future decryption attacks. By investing in quantum-safe solutions today, organisations can future-proof their cryptographic infrastructure, ensuring resilience in the face of rapid technological advancements. While the transition to quantum-safe encryption is complex, the benefits of securing sensitive data far outweigh the costs.
By implementing a zero-trust mindset, improving identity security, and prioritising cloud workload protection, CISOs can ensure their organisations remain resilient in an era when cloud threats are more persistent and sophisticated than ever.
