Cloud security and adoption in the APAC region
Thu 21 Sep 2017 | Dr Lee Hing Yan

Ahead of his appearance at Cloud & Cyber Security Expo Asia, Dr Lee Hing Yan, executive vice president, APAC at the Cloud Security Alliance, discusses the major trends in cloud security, its impact on cloud adoption, and developments in the APAC region
On the broad trends for cloud security in the coming year, Hing Yan believes that cloud computing will help to secure all other forms of computing: ‘That is, cloud computing will be at the back end, with the Internet of Things as the endpoint. In that scenario, compute is everywhere but you would not know where anything is.
‘While compute will grow say 10,000 times, humans will not. The only way to sustainable security is automation. Self-driving information security is our future. Humans will remain vital but will move to the edge, observing operational systems.’
Cloud security, or its perceived lack of, has from the early days been a major impediment to cloud adoption
The scaling ability of cloud will provide the foundation for security systems, according to Hing Yan, who argues that this new automated system of security will be assembled from blockchain, software-defined networks, DevOps, autonomics, and artificial intelligence (AI).
AI is becoming more prevalent each day and in more and more industries. Hing Yan notes that machine learning is primarily data-driven and tends to be computationally intensive. Many machine learning algorithms are cloud-based in order to take advantage of the massive computation and storage resources provided by CSPs. As AI takes off, we can expect to see the demand for cloud services to increase.
Cloud security
One of the major issues that businesses have with cloud adoption is the fear of moving their data and processes to an outside source. This sentiment certainly applies in the APAC region. Hing Yan notes that cloud security, or its perceived lack of, has from the early days been a major impediment to cloud adoption.
Recently, that concern has reduced to an extent, with better education and understanding as well as attention now focused on other issues like regulation and compliance, data protection and data sovereignty, perceived loss of control, performance and uptime, as well as cloud service provider (CSP) lock-in.
The fear of cloud adoption is particularly pronounced in enterprise. As large businesses seek to adopt cloud computing, Hing Yan argues that they are looking for CSPs that are prepared to show that their cloud services adhere to recognised cloud security standards and well-established frameworks in a transparent manner. While ISO 27017 and ISO 27018 have been released for the cloud domain, the fact that they are codes of practice poses a challenge for CSPs seeking to be certified.
Cloud adoption in APAC
The increase in cloud adoption in APAC across the past six years, however, is well acknowledged, with Australia, Japan and Singapore leading the way in terms of Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) adoption. Hing Yan argues that cloud adoption is on the rise, slowly but surely. In Singapore specifically, the demand for cloud services remains strong with the results showing cloud spending of S$1.4 billion (approx. £770 million) in the enterprise, a figure which is expected to rise up to S$2.2 billion by 2020.
In strictly regulated sectors such as financial, government and healthcare, Hing Yan believes that clarity in the form of explicit statements from sector regulators and efforts to develop cloud security guidelines will go a long way to assure businesses that cloud computing does not violate any of these sectors’ directives or policies.
In Singapore, it is a requirement that CSPs should be certified to the Multi-Tier Cloud Security (MTCS) standards in order to be able to provide public cloud services to government agencies for information systems handling classified data. The Singapore Ministry of Health insists on MTCS level 3 for health care systems with personal information, and MTCS level 2 for healthcare employee data.
More broadly, Hing Yan notes that in several APAC countries, several financial regulators are making progress to develop and introduce cloud security guidance so that banks and financial institutions can adopt public clouds confidently.
He argues that ultimately, there are four principles key to cloud security. They are; risk mitigation, transparency, trust and security assurance. Through adherence to these principles as a basic requirement, businesses can put themselves on the right path to a secure cloud environment.
Dr Lee Hing Yan will be speaking at the forthcoming Cloud & Cyber Security Expo Asia Singapore, 11th and 12th October 2017 at the Marina Bay Sands Expo and Convention Centre. To hear from Walker and other industry experts from around the world, register today for your FREE ticket.