CrowdStrike’s recent technical glitch, which caused a massive global IT outage, has highlighted the importance of localising proprietary solutions in Qatar, offering a significant opportunity for the country’s tech startup ecosystem.
Sofiane el-Abdi, cybersecurity practice leader at KPMG Qatar, also said Qatar’s approach to data sovereignty and localisation had minimised the impact of the incident.
CrowdStrike’s software update glitch had brought about havoc on computer systems worldwide, affecting banks, airlines, and other service-oriented sectors.
He noted that Qatar, including other countries, “is not yet open” to export the country’s data or utilise the cloud beyond its borders. “This strategy helped ensure that most of the operations in Qatar continued smoothly, even as systems elsewhere were affected,” el-Abdi told Gulf Times in an exclusive interview on Wednesday.
El-Abdi emphasised that there is potential for startups in Qatar to capitalise on this strategy, citing most solutions are being offered by the US and other countries in the region. “But you don’t have any Qatar security solutions, which presents a clear opportunity for local startups to develop and offer security solutions tailored to the needs of Qatari organisations,” el-Abdi pointed out.
“CrowdStrike has handled the incident well. But at the same time, it’s also an opportunity for Qatar to invest in their own solutions,” el-Abdi stated, adding that this investment could attract new startups and drive innovation within Qatar, reducing dependency on international vendors.
El-Abdi also emphasised the role of the Qatari government in providing support to tech startups in the country. At the same time, he also acknowledged the need to bring in expertise from outside the country to develop these technologies.
According to el-Abdi, the ability to market these solutions internationally is crucial for their success. “Even if Qatar serves as an initial market, these solutions need a lot of research and development (R&D). And this R&D will need investments from companies,” explained el-Abdi, who also emphasised that a healthy company needs access to international markets to sustain growth and development.
Asked about the impact of the CrowdStrike incident on future discussions during upcoming Web Summit Qatar conferences, el-Abdi said the summit is “a good opportunity” to focus on resiliency.
“What happened earlier was an IT incident and not a cyberattack,” clarified el-Abdi, who emphasised that focusing on resiliency could help prepare organisations for future incidents, ensuring continuity of operations even in the face of IT outages or cyberattacks.
Some of the key lessons from the CrowdStrike incident to enhance Qatar’s resilience against similar threats include enhanced testing, including local developer testing and fault injections, el-Abdi further explained, adding that “we need to have local testing with some on-site developers when it is needed.”
He also recommended improving deployment strategies to avoid widespread impact and ensuring robust monitoring and error-handling processes. El-Abdi also underscored the importance of user involvement in cybersecurity measures. “The users also need to be involved in those controls,” stated el-Abdi, who also called for validation checks and customer controls to ensure that updates do not negatively affect individual systems.
For supporting the digitalisation of Qatar’s small and medium-sized enterprises (SMEs), el-Abdi called for strategic platform development to ensure segregation between companies.
“We need to ensure that we differentiate the platforms and to differentiate the architecture to keep some kind of isolation between all companies and all SMEs,” el-Abdi explained, adding that this approach would prevent widespread impact from any single incident affecting the entire ecosystem.
Sofiane el-Abdi, Cybersecurity Practice Leader at KPMG Qatar.
