Sydney, Australia โ 15 October, 2024 โ SUSEยฎ, a global leader in innovative, open and secure enterprise-grade solutions, today released its first ever Securing the Cloud APAC 2024 trend report. The industry report explores cloud security challenges in the Asia-Pacific region, focusing on the impact of generative artificial intelligence (GenAI) and edge computing on cloud security.
Among its findings, the report reveals a significant gap in Australiaโs approach to cloud security, showing only 26% of Australian IT decision-makers are prioritising independent in-house reviews of vendor software. Instead, many are relying on principal vendor-backed software (32%), certifying processes and tools used to build software (29%), or using third-party curated libraries and container images (20%) to mitigate risks.
This lack of internal software scrutiny creates dangerous security gaps that todayโs attackers are ready to exploit. An over-reliance on third parties makes it easier for potential vulnerabilities within the software supply chain to go unnoticed, increasing the risk of exposure to malicious code, insecure updates, or compromised dependencies.
Additionally, Australia ranked near the bottom for both cloud and edge security incidents, with only 39% of companies reporting cloud-related incidents and 37% reporting edge-related incidents in the past 12 months. By comparison, nations like India, Indonesia, and China, are reporting much higher rates of cloud and edge-related breaches (89% / 91%), (87% / 84%), (59% / 54%), respectively.
While other APAC countries, including China (46%), India (35%), Indonesia (48%), and Singapore (52%) are investing heavily into in-house vendor software auditing to secure their supply chains, Australia’s relatively low engagement amid a comparatively calmer cloud and edge security climate points towards an over-reliance on third-party security rather than conducting thorough internal reviews.
In addition to these challenges, ransomware was identified as the top threat by 44% of Australian IT teams. Other concerns include visibility and control over sensitive data in the cloud (22%), data theft and crypto mining within clusters (22%), attacks on running services using unknown vulnerabilities (21%), and monitoring and alerts for malicious activity (21%).
Privacy and data security concerns also continue to weigh heavily on Australian IT leaders. Over half (52%) express concerns about the risks associated with GenAI in cloud environments. Furthermore, while 78% of Australian organisations show interest in migrating more workloads to the cloud, this enthusiasm is contingent on robust security assurances.
Vishal Ghariwala, Chief Technology Officer for SUSE Asia Pacific, commented on the report results, stating: โAs the report highlights, the growing complexity of the digital landscape, fuelled by rapid changes brought by GenAI and edge computing, is creating new and unprecedented security challenges for organisations across APAC. This underscores the need for continuous investment and tailored security strategies in the region.
โWe also saw how regulatory and technological differences are influencing how security risks are perceived and prioritised. SUSE remains committed to supporting businesses with tailored open source solutions to ensure security in this new digital landscape. By leveraging open source, organisations can be on the front foot to protect and advance their cloud security practices across the Asia Pacific region.โ
APAC Findings
GenAI Sparks New Security Worries
- Privacy (57%) and AI-powered cyberattacks (55%) are top GenAI cloud security concerns.
- Privacy and data security risks dominate in Indonesia (79%), Singapore (66%), China (62%), South Korea (55%), Australia (52%), compared to AI-powered cyberattacks in India (63%) and Japan (39%).
- 25% of Japanese stakeholders believe there to be no Gen AI-related security risks.
- Younger IT professionals are most aware of GenAI risks, Only 4% of respondents in the 18-54 age group did not believe there to be any risk, compared to 10% amongst those older than 55.
Cloud and Edge Incidents: A Growing Threat
- APAC IT decision-makers faced an average of 2.6 cloud security incidents last year, with India (4.4) and Indonesia (3.8) hardest hit, and Australia (1.2) and Japan (1.8) least affected.
- 64% reported cloud security incidents, while 62% reported edge-related security incidents over the last 12 months. India (35%) and Indonesia (31%) saw the highest rates of multiple edge incidents.
- Top security practices include automation (39%), DoS/DDoS protection (36%), and cloud security solutions (34%).
- Kubernetes network policies are a popular solution in China (33%) and Singapore (32%) but areย less popular across APAC (15%).
- The substantial portion of IT budgets allocated to cloud native security (30.9%) reflects the prioritisation of security in operational strategies.
Ransomware and Zero-Day Fears Rising
- Ransomware is the top cloud security concern (34%), followed by zero-day attacks (27%), with South Korea (48%) and Australia (44%) particularly worried, compared to 20% in China.
- Chinaโs biggest challenges are integrating edge solutions (37%) and automating security (37%), while Singapore focuses on zero-trust measures (44%).
Supply Chain Security: A Critical Gap
- In-house auditing of vendor software is considered key to reducing supply chain risks.
- 24% of decision-makers expect government-recognised security certifications to become a priority.
- To mitigate risks, APAC IT decision makers prioritise leveraging vendor-backed software (44%) and certifying software build processes (39%). In Japan, 24% have taken no action to address supply chain risks.
The complete “Securing the Cloud” trend report by SUSE can be accessed here.