Despite the enormous values Cloud brings to enterprises globally, it is undeniable that Cloud security has been the biggest barrier preventing technology teams from adopting Cloud at a rapid scale.
According to a recent survey by Cybersecurity Insiders, 75 per cent of respondents stated they were ‘very concerned’ or ‘extremely concerned’ about public Cloud security.
Their concerns are largely driven by data residency and security reasonings, as sensitive data will be stored off-shore due to the absence of local region. Data residency refers to where a business, industry body or government specifies that their data is stored in a geographical location of their choice, usually for regulatory or policy reasons. Data Sovereignty refers to the laws of the country in which the data is stored. Data residency and sovereignty are extremely important when considering Cloud services. Malaysian key/strategic data resides on Malaysian soil safeguarded by a national provider.
However, over recent years, cloud security is getting debunked. Many are now realising that perhaps Cloud, especially the public model, provides the best and most innovative security solution any enterprises can obtain. With such knowledge, the adoption of public Cloud has increased globally across legacy enterprises and this trend is forecasted to continue within the next 36-48 months.
By 2025, the digital economy will contribute 22.6% of the Malaysian Gross Domestic Product (GDP). In the recently announced MyDIGITAL Digital Economy Blueprint, the Prime Minister provided the assurance that “the Government will monitor the information security of data management to avoid any future cyber threats. He also mentioned that “cybersecurity and data security will be one of the main focus of the Government in realising the vision of a digitally technological nation. The data of the citizens will be managed based on the security policy provided by National Cyber Security Agency (NACSA) as the implementation agency”.
With reference to the previous article, Cloud can be divided into three (3) models – private, public and hybrid Cloud. Private Cloud stores data in a private environment exclusive to the enterprise and allows them to fully manage their Cloud security. Public Cloud, on the other hand, stores data in a shared environment, where enterprises surrender Cloud security management to the Cloud provider. Hybrid Cloud falls in between both models, allowing flexibility in storage and management.
Although private Cloud ensures data locality and sovereignty, there remain to be pitfalls from migrating data to this model. Three (3) of the key reasons are as follows:
Private Cloud is the most expensive model. The use of private Cloud requires enterprises to maintain a considerable budget for comparable personnel, administration and technology infrastructure on top of security. Often times, due to varying costs and a self-governance model, enterprises are able to only allocated a limited budget to secure their Cloud; denying their access to top-notch innovative solutions. Although private Cloud maintains the exclusivity for enterprises, it can result in poorer protection, as a result of higher cost with a limited budget which can be detrimental to the business.
The use of private Cloud is largely dependent on dedicated in-house resources to ensure frequent testing and maintenance. However, this can lead to inefficiency due to common roadblocks such as bandwidth issues, redundant testing or narrowed coverage and the need to have the right personnel with the right skills in place to keep up with evolving technology and cyber threats. As a result, the security of the Cloud is at risk despite a private infrastructure.
Although enterprises are given the option to outsource hardware and infrastructure in a private Cloud model, the biggest issue is the high reliance on a service provider. Private Cloud is a service delivery technique where enterprises are forced to continue with the same service provider, thus preventing them to migrate to another vendor. On the security front, it can be a challenge as options to improve Cloud security such as multi-Cloud adoption and new solutions integration become more rigid as enterprises would need to seek permission from the service provider and ensure compatibility of solution.
Contrary to private Cloud, public Cloud operates in a shared infrastructure model – which means data from various enterprises are stored in the same stack. However, it does not account for data being accessed by unauthorised personnel. In fact, it is quite the contrary. Public Cloud, though widely misconstrued as unsafe, offers one of the best security options to its users. Below are the key reasons:
In the public Cloud model, enterprises big and small pool together billions of dollars in security budgets for public Cloud providers to constantly discover and deliver best in class innovative solutions. Through this, enterprises’ data are well protected and secured by solutions that are often times beyond their range of affordability, if done in solitary.
Public Cloud providers’ top priority is to ensure data security. With that in mind, renowned global providers conduct round-the-clock surveillance on their hardware and software to ensure any malicious attempts is addressed and eliminated.
In Southeast Asia, talent crunch is the huge barrier barring enterprises from securing their Cloud. Most of these top security talents have an unspoken preference to build their career with leading public Cloud hyperscalers. This preference could be driven by the learning opportunities and global access public Cloud providers offer. Henceforth, new security solutions are constantly being created, further securing their Cloud technology.
How did Cloud gain negative sentiments? Unfortunately, due to notable incidents of cyberattacks and security breach in the region, it led to a sense of doubt in Cloud security amongst enterprises and governments. For instance, back in February 2021, Singtel, Singapore’s biggest telecom provider, reported a data breach resulting in 130,000 of customer data stolen by hackers.
However, security in Cloud, especially public, is often underestimated and misunderstood. Despite a data centre sharing model, leading global providers have made it a point to invest billions to secure the data of their customers with innovative automation. These providers often set a much higher bar than most enterprises when it comes to this. That said, the vulnerability to attacks sometimes lies in the migration to the Cloud process, which is managed by service partners, but it is not at the processing and storage end. A notable example is the cyber-attack on SingHealth, where IHIS was faulted for mishandling of the data causing security breaches. While on the Cloud itself, there are often limited security mishaps especially with mature providers. Therefore, Cloud security is more secure than many have perceived.
Cloud and cybersecurity must come hand in hand for any enterprises which are considering or in the midst of digital transformation.
The selection of partners and providers is important. Enterprises should value the service vendors who practice a rigorous protocol and invest in innovative security solutions. They should place security at the centre stage of their infrastructure, to ensure the same is delivered to the customers.
TM One, the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) offers a comprehensive suite of solutions covering connectivity, Cloud, data centres and cybersecurity where TM One’s Cloud & Cybersecurity ecosystem is portrayed in the establishment of its Klang Valley Core Data Centre (KVDC) in Cyberjaya.
Meanwhile, TM One CYDEC Professional Services offers a complete set of cybersecurity posture assessment, consulting and advisory services that transform and enhances an organisation’s risk management capabilities by analysing and identifying the existing cyber risks in different environments (IT, OT, Cloud, IoT, etc.) and offers the solution to mitigate that risks, which best meets the customers’ needs.
A key factor that differentiates TM One’s full cloud capabilities delivered through TM One Cloud α from other Cloud services is the comprehensive offerings and multiple deployment models that align with its customer’s Cloud adoption strategy and business objectives. The innovative digital solutions are set to accelerate the digital transformation journey of our enterprise and public sector customers, and this perfectly fits our role as part of TM Group as the enabler of Digital Malaysia.
Find out how to build digital trust and cybersecurity resilience for Malaysian businesses operating in a digital ecosystem. Detect, protect and respond to your business cost-effectively, easily and flexibly. Click here to download the IDC Managed Security – Building Trust for Digital Business Success.