The IT team at Dubai International Financial Centre (DIFC) has a big task on its hand. As well as looking after its own infrastructure, the free zone also serves 30 of its clients, which happen to be some of the region’s biggest financial organisations. This isn’t an easy vertical to please, but DIFC has a secret weapon; it’s the only organisation outside of the telcos to own, manage and operate its infrastructure.
Financial organisations are a sensitive bunch. With all that money to handle, there’s little wonder why they are ranked as one of the top industries when it comes to security and data-privacy concerns.
In the UAE, no organisation is more aware of this fact than DIFC, a financial free zone which occupies 110 acres of Downtown Dubai.
The centre is naturally the financial heart of the UAE, and provides a platform for institutions to reach into and out of the emerging markets of the region. As well as offering the necessary business and legal requirements for operating in this market, it also provides the physical infrastructure for its clients to set up shop quickly and easily.
Amongst this infrastructure are four data centres, which operate on a space of about 1,000 square metres and are dedicated entirely to DIFC’s clients. Each client has the option to leverage DIFC’s data centres to host their systems, with 30 big names currently taking advantage of this service.
The centre also offers an IT support service — telephones, Internet, printing, hosting etc. — for those in the region to explore the market and see if it will fit into their bigger plans, making it easier for them to come in and start working straight away.
With uptime of paramount importance for financial organisations, DIFC delved into a unique project to develop a dedicated infrastructure, meaning it owns, manages and operates it by itself.
“It is not owned by Etisalat or du — it is owned and managed by DIFC, and we can plug in any operators that we want,” says Raja Al Mazrouei, Head of IT, DIFC, who has led the centre’s IT team for three years.
Currently, DIFC has both Etisalat and du providing services to its clients. “That’s unique to DIFC,” Al Mazrouei says. “Everybody else’s infrastructure was built by either Etisalat or du, not by them.
“This provides our clients with high redundancy and resilience because if any of the telecom providers go down for any reason, they are covered. Also, the master telecom ring covers all of DIFC’s own buildings and third-party buildings, and it has full diversity to each building.”
Furthermore, DIFC manages more than 370 telecom rooms between its buildings that it also manages, and it has created a standard called ‘Meet Me Points’ (MMPs), which the client can plug their cables into, instead of pulling the whole thing back to the telco.
The initiatives have been a success, with a record of zero downtime since inception around 10 years ago. Quite a feat, considering DIFC’s IT team operates at a lean 12 staff, set to rise to 14 next year. However, an outsourcing model — for example with Boeing for cabling — helps reduce the head count, whilst security is taken care of by the infrastructure facilities’ team.
“It was not much of a challenge,” Al Mazrouei says of the dedicated infrastructure. “DIFC didn’t want to rely on a certain service provider, and they wanted to create something different than what’s available in the UAE, and also so that we maintain the highest standards of the infrastructure and ensure availability to our clients.”
Whilst DIFC’s clients are given the freedom to opt for a different service provider, Al Mazrouei says they prefer the proximity of the data centres onsite.
“They want to be close to their data centres as they are running their banking and financial systems and they don’t want to risk putting data anywhere else,” she says. “They like us to be here. But we have spoken to Equinix and are trying to explore options with them and other providers to create a managed-services platform in DIFC for the DIFC clients.
“But with managed services, as you know, the location does not matter. If you want to host your systems on the cloud, you don’t really care where it is. But I think our clients prefer to keep it within DIFC because they are protected by the data protection law that we offer here, and they have a proximity to the data centres.”
Indeed, DIFC’s unique position as a federal free zone gives it independent jurisdiction to a range of areas including corporate, commercial, civil, employment, trusts, and securities law matters.
In a world where CIOs worry about the relevant regulations and trusting others with their data, such a position affords DIFC a large advantage over other infrastructure providers.
“In DIFC, we are dealing with mainly banking and financial service companies,” Al Mazrouei says. “They’re people that do not trust the cloud easily.
“I have been going to hundreds of sessions on the cloud because I wanted to be convinced to put my systems on the cloud, but my limitation was data protection.
“In terms of savings, it really would work for bigger organisations, but we’re about 180 people so the saving will not be significant compared to somebody with a lot more staff.”
On the inside
Speaking internally, in 2011, DIFC re-did its whole infrastructure set-up, reducing 195 servers to 59 with virtualisation.
In terms of cloud, despite looking at different options, the only thing it hosts on the cloud is its website.
“In terms of Big Data, it is not much relevant to DIFC because we are the landlords and regulators for the financial centre, so we don’t maintain a lot data that is related to the businesses — we just enable them,” Al Mazrouei adds.
With regards to its own security, Al Mazrouei says the first thing she did when she joined DIFC three years ago was set up a dedicated team.
“There was no such department and the IT security was not known as a topic to a lot of people,” she says. “So I had to go and educate them about what information security is, why it is important, and how important and involved they are in terms of IT security, governance, standards and policies.
“We do have a lot of external access from different parties that are working with us on different implementations and we need to make sure that we have a very secure channel so that people aren’t able to access things they are not supposed to.”
DIFC is also working on signing an MoU with aeCERT to make sure that it is up to date with all the security updates that are happening.
This year has seen Al Mazrouei and her team work on DIFC’s business continuity plan, which was enhanced with the creation of a disaster recovery (DR) site in Al Ain.
“The IT part is ready in terms of infrastructure and set-up,” Al Mazrouei says. “We’ve done three tests this year, we’ve switched off all the systems and all information was up to date and accurate.”
And looking forward, the centre’s biggest IT project for next year is creating a mobile-friendly client portal.
“We want a mobile portal which they can access and do all of the services that they actually do right now in DIFC through their mobile devices,” Al Mazrouei says. “This is in alignment with a Sheikh Mohammed initiative to have all the services available 24/7. I have the management’s support and we’re looking at different solutions.”