The data privacy lines get blurrier.
Prediction: More data privacy legislation, and the data sovereignty-security paradox
We expect additional data privacy legislation to emerge in the region. Both Indonesia and India have been working on personal data protection bills for the last few years, although the timing for if and when these become final is unclear. A growing number of proposals in the region also would require housing data in its country of origin; these tend to be driven by privacy and security concerns. The latest draft of Indonesia’s Government Regulation No. 71 of 2019 would mandate that public agencies must manage, process and store data within Indonesia (according to unofficial translations). We expect more regulatory proposals that regulate or restrict the movement of data across borders, particularly public sector information. In response, it is likely that companies may look to build more data centres locally to support in-market customers better.
However, it is important to note that establishing localised data centres does not necessarily result in data being more secure. Individual end users or corporations are increasingly connected and vulnerable to global incidents, as cyberthreats do not respect national borders. Businesses are still responsible for adopting a comprehensive cybersecurity strategy that supports operations and information held across the network, endpoints and the cloud. To manage this effectively, companies will need to regularly evaluate the value of the information they collect and control its access.
We foresee that enterprises will need to pay even closer attention to their data flows in a highly interconnected region like ASEAN. Despite efforts to create a regionally harmonized approach to personal data protection—such as via the voluntary APEC Cross-Border Privacy Rules—there is no true harmonization. To create a framework that best serves the region, close collaboration between the private and public sectors will be needed to evaluate how breaches are identified and defined in the face of continuously emerging threats.
The cloud future has arrived: Don’t get lost in turbulence.
Prediction: More confusion on configuration
More businesses are leveraging containers (i.e., operating system virtualisation) for their efficiency, consistency and lower costs. However, the potential dangers of exposed and misconfigured containers will soon rear their ugly heads, leaving organisations vulnerable to targeted reconnaissance. Using the proper network policies or firewalls, or both, can prevent internal resources from being exposed to the public internet. Additionally, investing in cloud security tools can alert organisations to risks within their current cloud infrastructure.
Cloud security adoption has its own set of challenges as well. Commissioned by Palo Alto Networks, Ovum’s Asia-Pacific Cloud Security Study has found that 80% of large organisations view security and privacy as key challenges to cloud adoption.
Key findings include:
– 70% of large organisations in APAC have misplaced confidence in cloud security, believing security by cloud providers alone is sufficient.
– Large organisations in APAC have many security tools, which creates a fragmented security posture and adds further complexity to managing security in the cloud, especially if the companies are operating in a multi-cloud environment.
– There is need for automation, given that large organisations do not have enough time and resources to dedicate to cloud security audits and training.
2020 will also see more companies move towards a DevSecOps approach, integrating both security process and tools into the development lifecycle of new products. This will be the way forward for integrating cloud and containers successfully.
