Oracle has been present in the United Arab Emirates (UAE) for more than three decades, and we have recently expanded our presence with the availability of the Dubai Cloud Region—the first of two planned regions in the UAE.
Cloud services are helping support the UAE’s rapid digital transformation and having an Oracle Cloud Infrastructure (OCI) region in the UAE has created opportunities not just for businesses in Dubai, but all the Emirates.
When using the Dubai cloud region, customers in the UAE can enjoy the following benefits:
-
Security: Built-in, on by default, no extra charges
-
Network performance: Low latency, high performance
-
Data residency: Data kept within the UAE
-
Cost savings: Best performance at lower costs than other cloud service providers
Though one in-country Oracle cloud region brings plenty of advantages, we know that customers are also looking forward to the launch of the second UAE cloud region. This second region provides UAE customers with an expanded cloud infrastructure within the UAE and supports the following needs:
-
Disaster recovery: Run workloads across fully independent cloud regions for disaster recovery purposes.
-
Compliance requirements: When using the second Oracle cloud region, customers no longer need on-premises or alternative data centers for regulatory requirements.
We’re also aware that some customers have other regulatory requirements that aren’t satisfied by simply adding another cloud region. To support customers with regulated workloads, the Oracle Dubai cloud region offers our standard suite of compliance attestations, including SOC 2, ISO 27001, and PCI DSS. We’ve also completed UAE-specific third-party assessments and drafted guidance to remove barriers to cloud adoption in the UAE.
Supporting the UAE’s critical infrastructure sectors with IAR
One of the primary regulatory requirements that customers have in the UAE is complying with the Information Assurance Regulation (IAR). The UAE Telecommunication Regulatory Authority (TRA) issued the IAR to provide minimum cybersecurity requirements for the critical infrastructure sectors in UAE. TRA-designated critical entities are required to implement the IAR framework and apply its requirements to the use, processing, storage, and transmission of information and data. The following infrastructure examples are considered critical:
-
Energy
-
Government
-
Finance and insurance
-
Health services
-
Food and agriculture
-
Information and communications technology
-
Electricity and water
-
Transportation
OCI was formally audited by a third-party auditor against the requirements of the IAR framework and was found to have the required IAR controls implemented. The completion of this assessment enables UAE critical infrastructure customers to move workloads to Oracle Cloud, including OCI and its applications. So, customers subject to IAR can use the complete suite of integrated cloud applications and a next-generation cloud infrastructure platform.
Enabling Abu Dhabi’s public sector to use the cloud
Besides the UAE-wide IAR regulation, some customers must also comply with the Abu Dhabi Information Security Standard (ADISS). The Abu Dhabi Systems and Information Centre (ADSIC) issued the ADISS to provide minimum cyber security requirements for the Abu Dhabi government entities. Abu Dhabi government personnel, contractors, or other third-party organizations are required to implement the ADISS framework and apply its requirements to the creation, handing, storage, transmission, and destruction of information or data.
An independent third-party assessed the compliance of Oracle’s information security management system with the United Arab Emirates (UAE) framework ADISS v2.0 issued by ADSIC and found OCI to have the required in-scope controls implemented. Like the IAR assessment, OCI and Oracle Cloud applications have both successfully completed the ADISS assessment.
Providing guidance for customers subject to the health data law
The UAE Federal Law No. 2 of 2019 on the use of information and communication technology in health fields (health data law) is another regulatory requirement impacting cloud adoption in the UAE, which requires healthcare data be processed and stored within the country.
Key aspects of the Health Data Law must be considered when a regulated entity evaluates use of OCI services to support healthcare workloads. Oracle has published an advisory document intended to provide you information to help determine the suitability of using OCI services in the context of the health data law requirements. The document also provides a description of several OCI services and practices that can help you address your regulatory obligations.Oracle enables UAE healthcare entities to become more agile, collaborative, and insightful while meeting their obligations under the Health Data Law. Oracle’s data centers, security policies and practices, and cloud services can accelerate innovation for healthcare entities operating in the UAE.
Want to know more?
We’re deeply committed to making our customers successful in the cloud. If you want more information on how to use Oracle Cloud in the UAE, contact one of our representatives. To request a copy of the IAR and ADISS reports, use the compliance documents in the Oracle Cloud Infrastructure Console.