Thales Blog

How COVID-19 is Transforming the Security Landscape in Asia Pacific

September 17, 2020

Rana Gupta Rana Gupta | APAC Regional VP, Data Protection More About This Author >

The business landscape is fluid and presents new challenges for all industries. The adoption of emerging digital, transformative technologies seems like the only way to mitigate these obstacles successfully and thrive in this changing environment. This has been apparent during the ongoing COVID-19 pandemic whereby businesses have been forced to adapt to a new normal and all emergency plans seems to be inadequate. Organisations invested in modern security, IoT and 5G technologies that helped to support remote working requirements at short notice.

The state of digital transformation in the Asia Pacific region

According to the 2020 Thales Data Threat Report-Asia-Pacific Edition, businesses in this region are racing towards digital transformation with 26% of the surveyed organisations saying they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater enterprise agility. And when it comes to digital transformation, there is a wide range of maturity in the Asia Pacific region with Japan, South Korea and Singapore at 31%, India at 26%, while Indonesia (18%), Malaysia (12%), and Australia/New Zealand (8%) are significantly lower.

Complexity and misperception are barriers

Meeting today’s safety requirement to support an increasing number of people working remotely has increased the amount of data stored in the cloud. Asia-Pacific organisations are approaching a tipping point as 45% of their data is stored in the cloud, while 42% of that data is sensitive. Coupled with the fact that most Asia-Pacific organisations are adopting multi-cloud environments, the level of data security complexity has increased and are considered to be a barrier to securing today’s data environments.

Despite the significant sensitive data exposure, the report found that APAC organisations are not implementing sufficient processes and investing in technologies required to appropriately protect against their increased data risks. In addition, rates of data encryption and tokenisation are low. In fact, 99% of Asia-Pacific respondents say at least some of their sensitive data in the cloud is not encrypted. Only 52% of sensitive data stored in cloud environments is protected by encryption and less than half (42%) is protected by tokenisation. The root problem is that most companies incorrectly look to their cloud providers for the company’s portion of the shared responsibility model.

Data security still represents a small share of the overall security budget. While 47% of Asia-Pacific organisations plan to increase security spending in the next year, the focus of this increased spending is on network security and not on data security. This trend could be explained by the fact that survey respondents are more concerned about cyber criminals breaching their corporate infrastructure than about issues that may actually be a greater threat and that they have more control over, like partners with internal access and privileged user access.

The COVID-19 factor

Coping with the post COVID-19 world means adapting your plans to the new reality. In IDC’s COVID-19 Impact on IT Spending Survey, 45% of APAC respondents said that their organisations would exceed their original 2020 budget on security because of the work from home migrations. In addition, the pandemic has affected the staff needed to implement security. When IDC asked, “What will be the most important IT skills your organisation needs to build/re-build/hire in the first wave of economic recovery?” cybersecurity was most noted among Asia-Pacific respondents.

Smart security solutions for the post COVID-19 world

According to IDC, when it comes to cybersecurity in the post-COVID-19 era, there are three key questions Asia Pacific organisations need to ask themselves:

  • What are the foundational changes in my IT environment?
  • How do these changes affect risk?
  • What changes do I need to make to my cybersecurity posture and control environment?

As Asia-Pacific organisations face expanding and more complex challenges, they need smarter ways to approach data security. This includes applying the security where it matters the most by encrypting (or tokenizing or masking) data wherever it resides (whether in the public cloud or private cloud or physical machines). Organisations are encouraged to considering Bring Your Own Encryption (BYOE) along with centralized key management as a way to have a single pane of glass view to their keys. In addition, it is recommended to adopt zero trust access mechanisms with adaptive access management to authenticate and validate users and devices that tap into corporate applications and networks.

For key findings and security best practices, download a copy of the 2020 Thales Data Threat Report – Asia-Pacific Edition.