Securing the cloud remains a challenge in APAC

Despite widespread cloud adoption in APAC, security concerns continue to hold back increased cloud adoption, with 84% of APAC IT professionals confirming that they would migrate more workloads to the cloud and to the edge if they could guarantee data safety.

Cloud adoption in Asia Pacific (APAC) continues to gain momentum as businesses look to embrace emerging technologies to improve their productivity and efficiency. While most organizations are taking a hybrid multi cloud approach, securing the cloud remains a challenge in the region.

According to SUSE’s Securing the Cloud APAC 2024 report, generative AI and edge computing are having a big impact on how businesses manage their cloud security. The report revealed that while APAC IT decision makers have a unique set of opportunities in adopting emerging technologies, there are challenges that make it harder for them to prioritize the pace of their adoption.

Despite the opportunities in generative AI, the report revealed that organizations feel generative AI is quickly emerging as a significant threat in cloud security. This is driven by risks to privacy and data security and of AI-powered cyberattacks, which are the top concerns. Indonesia, Singapore, China, South Korea and Australia view privacy and data security as the biggest risks in the cloud while India and Japan are more concerned on AI-powered cyberattacks.

Interestingly, even before generative AI, the enthusiasm towards cloud migration is rather conditional. 84% of organizations show a high willingness to migrate more workloads to the cloud or edge if data safety can be guaranteed. While this indicates a strong potential for increased cloud adoption, the enthusiasm is heavily contingent on the assurance of robust security measures, indicating that security remains a critical barrier to broader cloud adoption in the region.

Increasing cloud security incidents

In the past year, there has been a high level of cloud and edge-related security incidents reported across the APAC region. The report revealed that on average, IT decision makes in the APAC region experienced 2.6 cloud-related security incidents with India and Indonesia being the most affected and Australia and Japan being the least.

Apart from cloud security incidents, 62% of organizations also reported at least one Edge-related security incident in the past year, with India and Indonesia reporting five or more Edge related security incidents.

The report also indicates that there is a strong divergence in security practice in different markets. The most common current security practices include security automation (39%), DoS or DDoS protection (36%), or cloud (CPSM, CWPP, or CNAPP) solutions (34%). Interestingly, China and Singapore are focusing more on Kubernetes network policies, which is a less popular solution in general across the APAC region.

Ransomware remains highest concern

At the same time, ransomware attacks remain the highest concern in cloud adoption. This is followed by attacks exploiting zero-day vulnerabilities, as well as visibility controls to sensitive data being accessed in the cloud. Ransomware attacks are rated a considerably higher risk in South Korea (48%) and Australia (44%) compared to only 20% in China.

For managing and securing data at the edge, China and Singapore identified different set of challenges. In China, integrating edge solutions with existing IT systems (37%) and implementing automated security mechanisms management and distribution (37%) were considered the two most important challenges. Meanwhile, in Singapore, implementing zero-trust security measures (44%) is considered a top challenge.

Another concern on cloud adoption is the software supply chain. 33% of IT decision makers intend to review their software supply chain to increase security, given that in-house auditing or vendor software being critical to mitigating software supply chain attacks.

Organizations in APAC are prioritizing leveraging vendor-backed software and certifying software build process to mitigate supply chain risks. The study showed that one in four IT decision makers believe that government-recognized supply chain related security certifications will become a priority over the next 12 months.

According to Vishal Ghariwala, Chief Technology Officer for SUSE Asia Pacific, the report highlights the growing complexity of the digital landscape, fueled by rapid changes brought by generative AI and edge computing. This is creating new and unprecedented security challenges for organizations across APAC and underscores the need for continuous investment and tailored security strategies in the region.

“We also saw how regulatory and technological differences are influencing how security risks are perceived and prioritized. SUSE remains committed to supporting businesses with tailored open-source solutions to ensure security in this new digital landscape. By leveraging open source, organizations can be on the front foot to protect and advance their cloud security practices across the dynamic market of APAC,” said Ghariwala.