APAC firms see cloud as biggest source of security risk

Seven in every 10 security teams in organisations based in the Asia-Pacific (APAC) region consider cloud infrastructures — including public, private, and hybrid models — as their greatest source of cybersecurity risk, according to a study by Tenable.

This prevalence of concern is the highest globally, surpassing Latin America (66%), Europe, Middle East and Africa (64%), and the United States (62%). 

Commissioned by Tenable, Forrester Consulting conducted in March 2023 an online survey of 825 IT and cybersecurity professionals including 219 APAC-based respondents at large enterprises in the United States, the United Kindgom, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia.

Nearly half (46%) of APAC respondents reported inadequate visibility into potential misconfigurations within their cloud infrastructure.

As well as specific cloud security concerns, the Tenable study highlights that 57% of APAC respondents express that a lack of data hygiene in user data and vulnerability management systems prevents employees from making prioritisation decisions.

A critical organisational gap highlighted in the study is the delayed involvement of cybersecurity teams in cloud service selection and deployment processes, with only 31% of APAC teams being consulted early enough. 

This scenario is compounded by instances where nearly two out of five (37%) respondents reported that business and engineering teams purchase and deploy cloud services without the knowledge of cybersecurity teams, underscoring the need for earlier and more integrated cybersecurity engagement in organisational decision-making.

Tenable said the findings underscore a pressing need for a paradigm shift from traditional, reactive security approaches to a more proactive, integrated strategy, particularly in cloud environments.

Nigel Ng, VP of Tenable in APAC and Japan, said yhe evolving complexity of cloud infrastructures demands a proactive security posture. 

“By anticipating and addressing vulnerabilities before they can be exploited, organisations can significantly enhance their resilience against cyber threats, said Ng. “This shift is not just about technology; it’s about transforming the way we think about and manage cloud security.”

Ng said this proactive approach is vital for organisations to stay ahead of the rapidly changing cyber threat landscape and secure their cloud infrastructures effectively.