SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Tue, 22nd Sep 2020
FYI, this story is more than a year old

Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.

This is according to the 2020 Thales Asia Pacific Data Threat Report, which highlights that organisations are increasingly racing to digitally transform and move more applications and data to the cloud.

In fact, a quarter (26%) of APAC organisations stated they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater enterprise agility.

A key aspect of this transformation is the cloud becoming the leading data environment. Nearly half (45%) of all data from APAC organisations is now stored in the cloud, and with under half of that data (42%) in the cloud being described as sensitive, it is essential that it is kept safe, the report shows.

However, at the same time, APAC businesses are becoming more vulnerable to cybersecurity threats with nearly half (45%) of the 500 executives surveyed in APAC, admitting to suffering a breach or failing a compliance audit in 2019 with two-thirds (66%) seeing themselves as vulnerable to internal data security threats.

The findings come as workers across APAC are working from home due to COVID-19, often using personal devices which do not have the built-in security office systems do, significantly increasing risk to sensitive data, Thales states.

As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that nearly all of respondents (99%) say at least some of their sensitive data in the cloud is not encrypted.

In addition, about half (52%) of sensitive data in cloud environments is protected through encryption, with even less (42%) secured by tokenisation.

Despite the multitude of threats, businesses feel that the complexity (37%) of their environments is the biggest challenge for implementing data security, the report shows.

Multi-cloud adoption is the main driver of this complexity. Three-quarters (75%) of APAC organisations are using more than one IaaS vendor, just under three-quarters (73%) have more than one PaaS vendor and one fifth (20%) have more than 50 SaaS applications to manage.

Businesses also identified problems like lack a staff to manage (44%), budget (37%) and organisation buy-in/low priority (28%) as other top blockers.

Whilst organisations continue to look at the threat of today, many are starting to turn their attention to the future and the peril that the acceleration of computing power, quantum, could bring, Thales states.

In fact, nearly all (93%) respondents are concerned quantum computing will lead to exploits being created that could expose the sensitive data they store.

Furthermore, three-quarters (75%) of APAC organisations see it affecting their cryptographic operations in the next five years.

As a result, most organisations are reacting, with a third (31%) planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography.

A similar amount (30%) plans to implement key management that supports quantum safe random number generator.

Thales APAC regional vice president for data protection solutions, Rana Gupta, says, “With the race towards digital transformation, businesses are continuing to innovate in complex cloud environments.

"As a result, data is more at risk than ever, but the most progressive companies are meeting this challenge head on with a zero-trust strategy.

“In a world where working remotely is now an essential part of business, this strategy enables organisations the flexibility for employees to work from anywhere, whilst also securing their data effectively.

Gupta says, “With almost all the executives surveyed in APAC expressing their concerns about data security in their big data, IoT, mobile payments, containers, and DevOps environments, it is clear that organisations are aware of the evolving threats they face and it's encouraging to see them acknowledging some of the key steps they need to take such as moving away from static encryption and implementing quantum-proof key management.

"It's vital, though, that organisations commit to investing in their cybersecurity processes now as an integral part of their digital transformation.