New insights from the 2020 Thales Asia-Pacific Data Threat Report reveal Asia-Pacific (APAC) organisations companies are increasingly racing to digitally transform and move more applications and data to the cloud. A quarter (26%) of Asia-Pacific organisations stated they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater enterprise agility. A key aspect of this transformation is the cloud becoming the leading data environment. Nearly half (45%) of all data from Asia-Pacific organisations is now stored in the cloud, and with under half of that data (42%) in the cloud being described as sensitive, it is essential that it is kept safe.
Thales will host a webinar, “Cloud Security Trends and Strategies in the Asia-Pacific region on 23 September 2020 to discuss the report in more detail. To join, please visit the registration page.
This comes as APAC businesses are becoming more vulnerable to cybersecurity threats with nearly half (45%) of the 500 executives surveyed in APAC, admitting to suffering a breach or failing a compliance audit in 2019 with two-thirds (66%) seeing themselves as vulnerable to internal data security threats. The findings come as workers across Asia-Pacific are working from home due to COVID-19, often using personal devices which do not have the built-in security office systems do, significantly increasing risk to sensitive data.
As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that nearly all of respondents (99%) say at least some of their sensitive data in the cloud is not encrypted. On top of this, only half (52%) of sensitive data in cloud environments is protected through encryption, with even less (42%) secured by tokenisation.
Multi-Cloud Adoption Complicates Data Security
Despite the multitude of threats, businesses feel that the complexity (37%) of their environments is the biggest challenge for implementing data security. Multi-cloud adoption is the main driver of this complexity. Three-quarters (75%) of Asia-Pacific organisations are using more than one IaaS vendor, just under three-quarters (73%) have more than one PaaS vendor and one fifth (20%) have more than 50 SaaS applications to manage. Businesses also identified problems like lack a staff to manage (44%), budget (37%) and organisation buy-in/low priority (28%) as other top blockers.
“With the race towards digital transformation, businesses are continuing to innovate in complex cloud environments. As a result, data is more at risk than ever, but the most progressive companies are meeting this challenge head on with a zero-trust strategy,” commented Rana Gupta, APAC Regional Vice President for Data Protection solutions at Thales. “In a world where working remotely is now an essential part of business, this strategy enables organisations the flexibility for employees to work from anywhere, whilst also securing their data effectively.”
Quantum(fying) the problem
Whilst organisations continue to look at the threat of today, many are starting to turn their attention to the future and the peril that the acceleration of computing power, quantum, could bring. In fact, nearly all (93%) respondents are concerned quantum computing will lead to exploits being created that could expose the sensitive data they store. What is more, three-quarters (75%) of APAC organisations see it affecting their cryptographic operations in the next five years.
As a result, most organisations are reacting, with a third (31%) planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography. Furthermore, a similar amount (30%) plans to implement key management that supports quantum safe random number generator.
“With almost all the executives surveyed in APAC expressing their concerns about data security in their big data, IoT, mobile payments, containers, and DevOps environments, it is clear that organisations are aware of the evolving threats they face and it’s encouraging to see them acknowledging some of the key steps they need to take – such as moving away from static encryption and implementing quantum-proof key management. It’s vital, though, that organisations commit to investing in their cybersecurity processes now as an integral part of their digital transformation,” Rana concluded.