SUSE has released its inaugural Asia Pacific trend report titled Securing the Cloud. The industry report explores cloud security challenges in the Asia Pacific region, focusing on the impact of generative AI and edge computing on cloud security.
The report polled stakeholders across China, Singapore, India, Japan, South Korea, Indonesia, and Australia. It sheds light on the pressing challenges faced by IT teams in securing increasingly complex cloud and edge environments and identifies key challenges to cloud adoption. The report recognises that IT decision-makers in the region face a unique set of opportunities and challenges and highlights significant differences in priorities and concerns across Asia Pacific countries.
Key findings include:
-
Privacy and data security concerns around Gen AI: 57% of IT decision-makers are worried about privacy and data security in GenAI cloud security;
-
High incidence of cloud and edge security breaches: 64% and 62% of teams have confirmed a cloud or edge security incident over the last 12 months, respectively, highlighting the pervasive nature of security challenges in the Asia Pacific region;
-
Conditional enthusiasm for cloud migration: The high willingness (84%) to migrate more workloads to the cloud or edge if data safety can be guaranteed indicates a strong potential for increased cloud adoption. However, this enthusiasm is heavily contingent on the assurance of robust security measures, indicating that security remains a critical barrier to broader cloud adoption in the region;
-
Highest concerns around ransomware attacks: 34% of respondents cite ransomware attacks as their top security concern, followed by attacks exploiting zero-day vulnerabilities (27%), as well as visibility controls to sensitive data being accessed in the cloud (23%); and
-
Focus on supply chain security: 33% of IT decision-makers intend to review their software supply chain to increase security.
“As the report highlights, the growing complexity of the digital landscape, fueled by rapid changes brought by GenAI and edge computing, is creating new and unprecedented security challenges for organisations across the Asia Pacific,” said SUSE CTO Vishal Ghariwala. “This underscores the need for continuous investment and tailored security strategies in the region. We also saw how regulatory and technological differences are influencing how security risks are perceived and prioritised.”
“SUSE remains committed to supporting businesses with tailored open-source solutions to ensure security in this new digital landscape,” he said. “By leveraging open source, organisations can be on the front foot to protect and advance their cloud security practices across the dynamic Asia Pacific market.”
Gen AI revealed as key security concern among IT decision makers across APAC countries.
The report indicates that the priorities and concerns of different APAC countries diverge significantly. While Gen AI has rapidly emerged as a key threat across the region, 25% of Japanese stakeholders believe there to be no Gen AI-related security risks.
-
According to the report, privacy and data security (57%) and AI-powered cyberattacks (55%) are the top concerns in Gen AI cloud security;
-
Overall, markets diverged in their perceptions of the strongest risks. Privacy and data security were the biggest risks in Indonesia (79%), Singapore (66%), China (62%), South Korea (55%), and Australia (52%), whereas AI-powered cyberattacks were the primary concern in India (63%) and Japan (39%); and
-
Younger IT professionals demonstrate the greatest awareness of GenAI-related security risks. Only 4% of respondents in the 18-54 age group did not believe there to be any risk, compared to 10% amongst those older than 55;
A high level of cloud and edge-related security incidents was reported across the APAC region – with investment in security matching challenges.
On average, IT decision-makers in the Asia Pacific region experienced 2.6 cloud-related security incidents in the last year, with India (4.4) and Indonesia (3.8) being the most affected, and Australia (1.2) and Japan (1.8) the least.
-
64% of respondents confirmed a cloud security incident over the last 12 months, while most respondents (62%) reported at least one edge-related security incident in the past year;
-
India and Indonesia were the most severely affected, with 35% and 31% of respondents reporting five or more edge-related security incidents, respectively;
-
The report indicates strong divergences in the security practices of different markets. The most common current security practices include security automation (39%), DoS or DDoS protection (36%), or cloud (CPSM, CWPP, or CNAPP) solutions (34%);
-
Kubernetes network policies are a popular solution in China (33%) and Singapore (32%) but are a less popular solution in general (15% across the APAC region); and
-
The substantial portion of IT budgets allocated to cloud-native security (30.9%) reflects the prioritisation of security in operational strategies.
Reflecting a similar trend in other global markets, ransomware attacks are the top cloud security concern for Asia Pacific countries.
Ransomware attacks were identified as a key security issue by 34% of IT professionals. This is followed by attacks on running services using unknown vulnerabilities (zero-days) at 27%.
-
Concerns around different security issues vary considerably by market. Ransomware attacks are rated a considerably higher risk in South Korea (48% of respondents identifying it as one of their biggest security concerns) and Australia (44%) compared to only 20% in China; and
-
Chinese and Singaporean IT stakeholders identified different sets of challenges in managing and securing data at the edge. In China, integrating edge solutions with existing IT systems (37%) and implementing automated security mechanisms management and distribution (37%) were considered the two most important challenges. In Singapore, implementing zero-trust security measures (44%) is considered a top challenge.
In-house auditing of vendor software is considered most critical to mitigating software supply chain attack risks, underscoring the importance of securing the software supply chain.
One in four IT decision-makers believe that government-recognised supply chain-related security certifications (24%) will become more of a priority for them over the next 12 months.
-
To mitigate supply chain risks, APAC IT decision makers prioritise leveraging vendor-backed software (44%) and certifying software build processes (39%); and
-
Significantly diverging from other markets, a quarter of Japanese IT professionals (24%) indicate they have not taken any measures against supply chain risks.
The trend report’s results reveal the unique and diverging security challenges faced by Asia Pacific countries in the adoption of cloud and edge technologies, including threats from ransomware attacks, privacy and data issues related to generative AI, and AI-powered cyberattacks.
You can read the full report here.
