Flexibility, innovation and cost-efficiency - these factors are often what springs to mind when thinking about multi-clouds. However, with transformation projects and workloads spread out across multiple platforms and locations, clearly defined boundaries are gone - and organisations across the Asia Pacific are understandably worried.

A Rackspace Technology-Microsoft joint survey found that cloud attacks were the chief concern for 63% of organisations in the region. Meanwhile, PwC finds that 40% of Malaysian organisations surveyed were braced for a surge in significant attacks on cloud management interfaces and component services. These concerns are also evident on a policy-making level following the tabling of the Malaysian government's new Cyber Security Bill 2024.

Amid this, organisations here and across Asia are flocking to raise security budgets. Indeed, 66% of organisations surveyed by Rackspace Technology and Microsoft from the region have demonstrated their willingness to open their purse strings.

However, this isn't an issue that can be solved simply by throwing money at the problem. Rather, organisations will have to also inculcate a new cyber security mind-set. A comprehensive and proactive approach to cloud security is what will make the difference here, and it will require a thorough assessment of the role played by tools, people and organisational structure.

The right tools and empowering people

There's no dearth of cloud security tools in the market. The challenge for organisations - as always - is understanding the strengths and weaknesses of each one, which then provides the impetus for gauging how it fulfils a specific need.

For example, enterprises should focus on solutions that can easily handle a wide range of operations. While this can be overwhelming, essentials include strong identity and access management.

Meanwhile, with regulatory oversight being strengthened, organisations will need to have their fingers on the pulse. That will hinge on having effective governance and comprehensive reporting. At the same time, the need for proactive identification of security risks is also crucial, as is centralised control.

But it's not all about technology, people, too, play an integral part in ensuring safety across clouds. While errors on the part of employees cannot be eliminated, proactive measures can reduce the chance of unintentional lapses, which minimises the impact of those that do occur.

Embedding security in development

Aside from the reinforcement of best practices and better cybersecurity training programs, companies can also leverage tools that improve security during the software development process. One of the weaknesses these solutions can address is the possibility that intellectual property is exposed through code.

For instance, a continuous integration/continuous development (CI/CD) protocol allows development teams to address human errors that result from manual processes. Integrating this kind of 'smart' automation across the whole software development process minimises the likelihood of manual errors.

Truly agile organisation-wide security

It's often said that cybersecurity cannot be solely the domain of the security operations centres (SOC). This is especially true vis-a-vis the multi-cloud. For businesses in Malaysia and beyond, a robust and continuously updated risk mitigation strategy is crucial.

That includes empowering developers to work hand-in-hand with other staff to uphold security throughout the development lifecycle. It also looks like equipping employees - no matter their domain expertise - to undergo training that enables them to be adjunct security experts. On the flip side, businesses will also need to find cloud security partners who they can work together with to defend cloud entry points to mission-critical systems and assets.
 
Indeed, a managed cloud security provider with the expertise and track record ensures that organisations can stand up to risk across clouds. Through a combination of specialised knowledge and access to advanced security technologies that would be cost-prohibitive for companies to obtain on their own, managed service providers can shore up the gaps. Through this expansion of access to expertise and scalable security tools, enterprises can keep up with evolving business needs while ensuring they are firmly set down the path of true cyber resilience.

Sandeep Bhargava is the global head of services and solutions at Rackspace Technology’s public cloud business unit.

  - theedgemalaysia.com