As the UAE accelerates efforts around food security, landfill diversion and circular economy infrastructure, Dubai-based sustainability business The Waste Lab is strengthening its operations across the Emirates to meet growing demand for practical, measurable food waste solutions across the hospitality, corporate, education and F&B sectors.

Founded by Lara Hussein and Ceylan Uren, The Waste Lab has grown from a startup into a licensed end-to-end food waste management and composting platform working with organisations including Accor, Jumeirah, Hyatt, Emirates Flight Catering, Dubai Holding, Expo City Dubai and Dubai World Trade Centre.

The business provides segregation-at-source systems, food waste collection, composting, sustainability reporting and impact tracking through a fully managed model designed to help businesses reduce landfill waste and better understand their environmental footprint. Food waste collected from hotels, offices, schools, restaurants and communities is processed at The Waste Lab’s composting facility in Al Ain, where it is converted into locally produced compost and regenerative soil solutions. It is the only operator in the UAE that closes the full loop – from bin to compost to soil.

The company says momentum around sustainability regulation and ESG accountability is rapidly changing how businesses approach food waste management in the UAE, particularly as landfill diversion and operational reporting become increasingly important across major sectors.

The UAE’s Federal Decree-Law No. 11 of 2024 on the Reduction of Climate Change Effects marks a turning point for businesses operating across the country. The first of its kind in the MENA region, the law shifts climate accountability from voluntary commitment to legal obligation, requiring businesses across designated sectors to measure, report and reduce their greenhouse gas emissions, with penalties of up to AED 2 million for non-compliance. Critically, integrated waste management is explicitly named as an approved emissions reduction pathway, meaning food waste is no longer just an operational afterthought, it is a regulated liability. The Waste Lab was built for exactly this moment. Its end-to-end model, covering segregation at source, collection, composting and verified impact reporting, gives businesses a single, fully managed pathway to meet their legal obligations and demonstrate measurable progress. What was once a sustainability choice is now a legal one and The Waste Lab makes compliance straightforward.

According to The Waste Lab, nearly 40% of food in the UAE still ends up in landfill despite the country importing the majority of its food, while around 90% of compost used locally is imported, highlighting a significant gap between food waste generation and local resource recovery. With the UAE importing most of its food and almost all of its compost, locally produced alternatives are not just an environmental benefit, they are a food security and supply chain priority. The business believes composting will play a far bigger role in supporting local food systems, soil regeneration and circular economy goals in the years ahead.

Alongside its operational growth, The Waste Lab is developing a proprietary mobile application that will bring automation, AI-enablement and end-to-end data capture across the full waste management chain. The platform is designed to give clients deeper, real-time visibility into their food waste footprint, providing granular reporting on waste volumes, contamination rates and sustainability impact to help businesses track and report ESG performance and identify operational inefficiencies with greater precision.

A locally produced B2B compost product is also planned for commercial launch by end of 2026, completing the circular loop of its operations. Food waste collected from UAE businesses is composted and returned to UAE soil creating a traceable, locally produced alternative to the imported organic compost that currently dominates the market, and supporting the kind of soil regeneration the country’s agricultural and landscaping sectors urgently need.

Lara Hussein, Co-Founder and CEO of The Waste Lab, said: “Food waste is one of the UAE’s most urgent environmental challenges, yet composting remains one of the most practical and underutilised solutions available today. Businesses are increasingly looking for systems that are measurable, compliant and operationally realistic, especially as sustainability targets become more closely tied to reporting, regulation and long-term business strategy. The UAE’s National Food Loss and Waste Initiative, ne’ma, has set a target to reduce food loss and waste by 50% by 2030, and achieving that requires local infrastructure and scalable solutions that work in the real world. Our role is to make food waste diversion simpler, traceable and commercially viable while helping create healthier soil, stronger local food systems and long-term environmental impact.”

Beyond its commercial operations, The Waste Lab also works alongside ne’ma, Dubai Municipality, Emirates Foundation and Dubai Chambers on wider sustainability and environmental awareness initiatives across the UAE.

As part of its next phase of growth, the business is expanding operations across additional emirates while progressing plans for Saudi Arabia through a joint venture model. The company is also currently raising its seed round to support infrastructure, technology development and regional expansion.

By Yazen Rahmeh, a Cybersecurity Expert at SearchInform

Digital transformation across the UAE and Saudi Arabia brings new opportunities and prospects for enhancing efficiency and growth. However, it also causes new challenges to data protection. As digital environments expand, data spreads across endpoints, cloud storage, and internal environments, escaping oversight by security and compliance teams.

This is shadow data, and it may be one of your organization’s most underestimated risk.

What Is Shadow Data?

Despite all efforts, some business data can be stored and processed outside official IT systems. As a result, a company won’t even know that such datasets exist.

There are a lot of reasons behind the creation of shadow data. Basic examples are:

• Files stored in personal accounts. An employee can send important files to personal email or cloud storage “just in case.”
• Access to corporate data from personal devices. A person can log in to corporate cloud services from a personal tablet or laptop. As a result, sensitive documents can be downloaded to a personal device.  This usually happens when someone is working overtime or wants to keep important files readily available.
• Unaccounted copies of sensitive data. An employee can simply copy and paste records from a CRM system or a customer spreadsheet into a file on their workstation. As a result, sensitive data may bypass security controls, increasing the risk of data leakage.
• Some business units can adopt SaaS services without oversight. Employees usually do it to boost their productivity or if whitelisted tools are perceived as slow or bulky.
• Test datasets and temporary databases. Sometimes confidential data can duplicate during migration from one service to another or if developers use production data for test or development environments.

These examples may seem abstract, but the recent Cybersecurity and Infrastructure Security Agency (CISA) data leak shows that shadow data is a real-world threat.

The leak reportedly originated from a contractor’s GitHub repository, which was being used as a working scratchpad. The repository exposed various sensitive records, including AWS keys and plaintext passwords for internal CISA systems. An individual had simply copied sensitive data to make their work more convenient. To do so, the contractor disabled GitHub’s default security setting that prevents users from publishing secrets in public repositories.

Why Shadow Data Is a Business Risk

Increased Risk of Data Leaks

Consider a common scenario: an employee stores confidential data on a personal laptop or cloud service. As a result:

• Sensitive records could be stolen via phishing or malware, as the laptop isn’t protected by enterprise-grade security controls.
• An employee could share the laptop with other individuals. Shared devices increase the risk of data exposure.
• Unauthorized cloud backups. An employee may configure automatic file backups to a cloud service. As a result, sensitive data can leave the protected perimeter and be duplicated in cloud storage, increasing the risk of unauthorized access or data leakage.

That’s how a small and seemingly irrelevant piece of ungoverned data could lead to a major incident. In fact, in 2024, one in three data breaches involved shadow data, according to IBM’s Cost of a Data Breach 2024 report.

One of the most recent cases of data leaks, involving shadow data, is the Abu Dhabi Finance Week exposure. An independent researcher discovered unsecured cloud storage with ID details.

Event representatives stated that only the researcher accessed the data and that the incident affected a limited number of participants. According to them, the issue was caused by a misconfigured cloud storage system managed by a third-party provider.

The incident is the perfect example of shadow data, as the data was copied outside of secured corporate infrastructure and had been left unmanaged.

Regulatory Pressure

Shadow data also presents compliance risks. When using a cloud service, it is essential to verify the geographic location of the data center where the data is stored. Data could be stored at a data center in a different country if you didn’t specify a server location.

As a result, if shadow data includes confidential records such as customer details or transaction records, it will be transferred and stored abroad. From a legal perspective, such misconfiguration is a cross-border transfer and lead to regulatory fines for violations of data protection regulations.

Saudi Arabia’s Personal Data Protection Law dedicates a lot of attention to data residency and cross-border transfers. Organizations, especially in regulated sectors, such as financial institutions, may be required to store certain categories of data within the Kingdom. Companies may need regulatory approval before transferring data to foreign data centers to avoid penalties.

Emirati businesses have less strict conditions for cross-border data transfers. However, there are limitations for banking, payments, healthcare, and telecom organizations and governmental entities. Companies from these industries must store confidential data, such as health records, payment transactions, and customer data, within the country.

Lack of visibility equals lack of control, and regulators do not accept invisibility as an argument.

How to Bring Shadow Data Under Control

Eliminating shadow data entirely is unrealistic. The goal is to make it visible and manageable without slowing down the business.

A Practical Starting Checklist

1. Discover regulated data, especially data subject to local PDPLs requirements, cybersecurity frameworks issued by National Cybersecurity Authority in the KSA, and Information Assurance Regulation by TDRA in the UAE. It is essential to identify all information that qualifies as confidential and valuable, incl. unaccounted copies of such data.
2. Map where this data is actually stored and shared, not just where it should be. Sensitive data can be stored on-prem or in cloud environments. Look for data discovery solutions. Ideally, choose a solution that combines data discovery and data classification, like DCAP software.
3. Classify files & distribute access rights. Use specialized tools to analyze file content and classify it in accordance with a local classification scheme. The next step is to assign user access rights to sensitive data based on employees’ roles and responsibilities.
4. Control data transfer channels, including cloud storage, SaaS tools, and USB-devices. Use DLP systems to prevent unauthorized spread of sensitive data. Advanced DLP solutions monitor cloud services, as well as traditional channels, such as email or web browsers.

Conclusion

Data protection is not a one-time initiative. It is an ongoing discipline. Security achieved today must still hold tomorrow — and next year.

Organizations that treat data security as a strategic investment, rather than a compliance obligation, build resilience, regulatory confidence, and long-term business stability.

Shadow data may be invisible. But its consequences are not.

Orange Business is seeing a growing number of enterprises across MEA reassess their resilience and disaster recovery strategies as geopolitical uncertainties and infrastructure dependencies put business continuity under pressure during prolonged disruptions. 

Traditional resilience strategies focus on recovery after an incident. But during a systemic crisis, businesses also need an architecture that keeps critical operations running while conditions remain unstable. CIOs are seeking a more dynamic and agile approach to adapt to changing conditions, mapping technology dependencies and planning for operational continuity in periods of instability. 

This iterative resilience includes strengthening backup and recovery architectures, adopting multi-site and cloud-based redundancy, automating failover processes and continuously stress-testing recovery readiness to maintain services under adverse conditions.  

“Recent escalations have made enterprises realize they need to be more proactive and flexible when it comes to resilience, but this is not easy with the complexity and distributed nature of modern interconnected infrastructures,” explains Sahem Azzam, President of IMEA and Inner Asia at Orange Business. “As a trusted partner with a local and international footprint, we are uniquely placed to help CIOs right-size their resilience strategy and do what is necessary in terms of disaster recovery based on current risks to ensure they can continue operations during periods of turbulence”. 

CIOs steering through an increasingly volatile digital landscape must treat business continuity management as a continuously evolving capability rather than a one-time plan. 

Building resilient, future-ready operations

By leveraging the scalability and geographic diversity of cloud infrastructure, enterprises can ensure that data remains accessible – even in the event of catastrophic failure.  

Orange Business helps organizations address this through hybrid cloud resilience with secure replication in its sovereign offer, Cloud Avenue, and provides co-location support in secure data center environments. Data can be segmented and mirrored based on business requirements.

A regularly tested resilience plan should be reinforced with real-time monitoring automation and embedded cybersecurity controls to enable rapid detection, response and recovery – ensuring uninterrupted operations in the most volatile situations. Orange Business works closely with Orange Cyberdefense, which is skilled at strengthening resilience through continuous security oversight and threat expertise.  

Platformization: a unified and trusted digital foundation 

In addition, platformization remodels disaster recovery from static backup plans into a dynamic, automated resilience solution. Where security, compliance and recovery are built into the same operational fabric. 

Building on its platformization announcement in the region last year, Orange Business is also highlighting its modular approach to cloud, connectivity and cybersecurity to support continuous operations as part of a business continuity management strategy. 

Evolution Platform’s modular and composable architecture allows customers to select and link together network and security functions as required, for example. It includes backup integration and dynamic SD-WAN failover to re-route critical traffic. 

Across the MEA region, the conversation has shifted. The real challenge is no longer whether to accelerate digital transformation, but how to build trusted cloud and platform foundations that give organizations the confidence to innovate while maintaining secure, continuous operations in an unstable environment.