Businesses across Asia Pacific & Japan (APJ) are increasingly embracing the cloud, with predictions that 74% of growth in tech spending in the next four years will be driven by cloud adoption. It is critical however, that implementation is not rushed.
To ensure a smooth and secure migration to the cloud, businesses must not forget associated cybersecurity requirements and the need to be proactive in prevention and response planning. Cloud migration is a complex process and by keeping cybersecurity top of mind, businesses can make the move without tripping themselves over.
Challenges of cloud migration
Racing to the cloud can come at the cost of failing to plug security gaps. While the first-mover advantage is enticing, as the first to adopt the cloud reap the benefits earlier, there are more complexities to the process than many realise.
For example, legacy applications must be modernised and migrated to the cloud in a smooth and secure manner. Employee training is also crucial to equip staff with the know-how in following new security protocols, as cloud migration comes with its unique security risks. Overlooking employee training can increase the risk of human error -one of the most common causes of data breaches.
Further, in the age of hybrid working, businesses must ensure they have a robust remote working security infrastructure to prevent issues such as shadow IT, where devices outside of the corporate security network access company data. As businesses move to the cloud, shadow IT can open up more risks, as data saved on devices outside of the company network may not be adequately secured and backed up.
Recent economic uncertainty is also proving a challenge for businesses wanting to migrate. Markets less willing to invest in the cloud as a result of this, such as Thailand, Japan and Taiwan, may be inclined to leverage lower-cost and low-entry cloud platforms. These cloud solutions may not incorporate strong cybersecurity strategies and can leave businesses vulnerable, especially when it comes to a response and recovery plan.
Another common pitfall in cloud migration is that businesses rely on their cloud provider to provide strong security measures and a recovery strategy. As a result, cybersecurity and data protection becomes an afterthought. In APJ, we are seeing companies suffer from preventable, low-sophistication attacks, such as the recent distributed denial-of-service (DDoS) attack on the Home Affairs Department website in Australia. Businesses are learning the hard way that securing data and ensuring recoverability are important, even when they are working with a cloud provider.
Businesses must take ownership of cybersecurity
Implementing an end-to-end security strategy is key to executing successful migration to the cloud.
This starts with proactive planning within the business to ensure stakeholders are informed of security protocols and roles and responsibilities. An end-to-end security strategy enforces guidelines on cyber best practice (e.g. patching systems, employee education, training, etc.) – the foundation for a robust response and recovery strategy. According to the latest Veeam Ransomware Trends Report, cybercriminals attempted to attack backup repositories in at least 93% of cyberattacks in APJ, stressing the need to have immutable backups to ensure data is recoverable. While cyberattacks will always cause some shock to a business, minimising ambiguity in the response plan and ensuring data recovery can prevent the difficult situation of being held at ransom and suffering from significant business disruption.
While IT leaders are responsible for creating and implementing a cybersecurity strategy, a shared responsibility model should be promoted to empower employees to contribute and give feedback.
Taking advantage of threat intelligence
Continued awareness and ongoing action in line with real-time cyber updates is one of the most effective methods of strengthening a business’s security and response plan, such as activating live notifications for vulnerabilities to ensure these are patched promptly. All businesses should invest in threat intelligence and stay aware of information shared from credible sources, such as cybersecurity vendors and the government.
Many APJ businesses operate across multiple markets, making it more challenging from a security perspective, as data and cybersecurity policies must align with varying requirements across the region. This also increases the number of networks across markets. While this puts businesses at a greater risk of exposure, there is also an excellent opportunity to learn from other markets. Through shared threat intelligence, companies can learn from the experiences of different markets and achieve economies of scale.
Going fast has its dangers, but if you know what to look out for and plan ahead, it is possible to migrate efficiently without sacrificing security. Asia is still somewhat the new Wild West. Proactivity and planning are vital to data protection and recovery in the cloud. As businesses migrate to the cloud, they must not forget that the cloud is subject to the same level of digital hygiene as other technology solutions.
Dave Russell is Vice President of Enterprise Strategy at Veeam
Rick Vanover is Senior Director Product Strategy, Veeam
