Exploring Key Changes in APAC’s Cloud Security Terrain
Tenable®, the Exposure Management company, unveils critical shifts in cloud security for 2024, which emphasise the evolving dynamics significantly influenced by technological advancements in generative AI and a widening threat landscape. This period is crucial for organisations, particularly in the Asia Pacific (APAC) region, to reassess and enhance their cloud security frameworks.
The potential shifts in cloud security identified are based on observations by Tenable research and most recently, findings from the APAC edition of “Old Habits Die Hard: How People, Process, and Technology Challenges Are Hurting Cybersecurity”, a comprehensive report based on a 2023 commissioned survey conducted by Forrester Consulting on behalf of Tenable.
Five Critical Shifts in Cloud Security for 2024:
Evolution Towards Identity-Centric CNAPP:
-
The transition to identity-centric cloud security signifies a pivotal change in the deployment of Cloud Native Application Protection Platforms (CNAPP), with a notable focus on advanced identity and access management features. This shift is particularly vital for organisations navigating diverse and multifaceted cloud ecosystems, where identity-based security becomes paramount.
Intensification of Hybrid and Multi-Cloud Threats:
-
The APAC region, known for its rapid technology adoption and digital transformation, is on high alert for an upsurge in sophisticated attacks aimed at hybrid and multi-cloud infrastructures. This is also reflective of the finding from the Forrester study that 70% of APAC cybersecurity teams consider cloud infrastructures their most significant cybersecurity risk.
-
These hybrid and multi-cloud threats exploit vulnerabilities such as misconfigurations and inadequate identity protections, underscoring the urgency for enhanced visibility and vigilant monitoring across diverse cloud platforms.
-
To safeguard their interconnected cloud infrastructures, APAC organisations must implement robust detection and mitigation strategies against these advanced threats.
Convergence of Security Tools Across Cybersecurity and DevOps:
-
The complexity of managing security across expanding hybrid and multi-cloud environments is driving firms in the region towards the convergence of security tools to automate manual processes. Especially as firms increasingly demand integrated risk management and threat intelligence capabilities in their operations platforms. This shift towards integrated solutions that offer such capabilities is critical for facilitating collaboration across security and DevOps teams.
-
This trend underscores the necessity for companies to adopt integrated tooling that enables efficient threat prioritisation, process automation and minimisation of false positives.
Advancements in Platform Engineering Practices:
-
Tenable research previously noted organisational gaps in cloud service selection and deployment processes within the region, underscoring the value to be gained from leveraging standardised platforms. This was previously a difficult task due to the lack of options.
-
With hyperscale cloud providers such as Microsoft releasing open source application platforms, a degree of standardisation and community support has been brought to the platform engineering space. Organisations that embrace standardised application development platforms will cut their deployment cycle times by reducing complexity and consolidating their technology stacks.
Cloud Security will Merge with Enterprise-Wide Exposure Management:
-
Effective cloud security strategies now require a holistic, enterprise-wide approach to risk management. The integration of advanced cloud security practices, such as zero-trust models and continuous configuration monitoring, into overarching exposure management frameworks is becoming the norm.
-
By incorporating cloud telemetry into comprehensive exposure management strategies, organisations can derive actionable insights for security remediation and improvement, enabling informed decision-making and a more resilient security posture.
“The cloud security dynamics in APAC are set for a transformative shift in 2024, driven by both emerging technologies and the evolving threat environment,” said Nigel Ng, Senior Vice President, Tenable Asia Pacific and Japan. “Successful enterprises will be those that proactively expand their exposure management strategies to reinforce their cloud defences.”