Saudi Arabia issues new regulations for cloud services

By Rahul Vaimal, Associate Editor
  • Follow author on
Cloud Services Image
Representational Image

The National Cybersecurity Authority (NCA) of Saudi Arabia has released its Cloud Cybersecurity Controls document.

The controls are aimed at improving the stability of cloud services by providing protection against various threats and ensuring continuity of services to users.

“The cloud” refers to servers that are accessed over the Internet and the software and databases that run on those servers. Cloud servers are located in data centers all over the world. By using cloud computing, users and companies don’t have to manage physical servers themselves or run software applications on their own machines.

The NCA is responsible for issuing, tracking and updating the policies and standards for cybersecurity in the Kingdom.

The paper was developed after comprehensive research into global standards of cybersecurity, frameworks and controls, the NCA said in its statement. The document consists of 37 primary controls and 96 sub controls for cloud service providers, as well as 18 primary controls and 26 sub controls for cloud service tenants.

The NCA also announced its methodology and mapping annex document for cybersecurity cloud controls, which describes the design principles and function of cybersecurity cloud controls and sets out their link to international standards.

The new document is an extension of other NCA-issued controls, including its Essential Cybersecurity Controls and Critical Systems Cybersecurity Controls.

The Authority emphasized that these controls will protect national security and the vital infrastructure of the Kingdom.

Recent reports predict that the cloud market in GCC countries is expected to show more than a double surge in value by 2024, a $956 million growth in this year to reach $2.35 billion at a cumulative annual growth rate (CAGR) of 25 percent.


NCA or the Saudi National Cybersecurity Authority, is a government security entity which focuses primarily on computer security in the Kingdom and is directly linked to the King’s office.