Continue reading this on our app for a better experience

Open in App
Home Digitaledge In Focus

Why managing third party risks in the cloud is critical for Apac enterprises

Jay Jenkins
Jay Jenkins • 4 min read
Why managing third party risks in the cloud is critical for Apac enterprises
For organisations part of a larger (public) cloud, the software itself could be a target for an attack. Photo: Unsplash
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

Cloud architectures are increasingly becoming more complex – bringing with them a growing element of risk. Even as a vast majority of Asia Pacific (Apac) businesses rank the cloud as critical for their strategy, many find themselves victims of data loss and cyber-attacks ranging from malware to distributed denial of service.

According to a recent IDC Market Forecast, the public cloud services market in Asia Pacific will reach a staggering US$153.6 billion in 2026, putting pressure on companies to plug any gaps in their cloud infrastructure. Third-party risks in particular, can pose a real threat to businesses.

Often, third-party vendors use platforms that can create varying threat levels based on the type of data being hosted within those services. As a result, it is crucial businesses are aware of detected and undetected threats, especially as hackers can operate within those hosts and remain undiscovered for long periods of time.

Moreover, as attackers get access to more sensitive information, they risk becoming a threat to individual customers. Whether pilfering high-level customer information, names and addresses or even financial information – there are varying threat levels that companies need to be wary of.

The move from machine-based security to service-based security, whether third-party or the cloud, requires an understanding of endpoints, including different application programming interfaces (APIs), and where those services are hosted. APIs are a crucial component of modern software development and are increasing in adoption among many organisations. They allow different systems to communicate with one another and share data and functionality. However, as with any aspect of computing, API security is a critical concern.

Safeguarding from potential threats

See also: The importance of being transparent for a sustainable future

So, what can big and small organisations do to manage their cloud environments and stay safe from a cyber-attack? One is to get familiar with third-party vendor certifications. Looking at their security certifications, understanding what they mean, and doing an actual review can help uncover any discrepancies around their security posture.

Secondly, security certifications usually come with a specific list of services. Companies must do their due diligence and understand what services they might be using and which are covered by those certifications. It is recommended that companies carry out their own penetration testing on those services. Companies also need to know what their own appetite for risk is in those areas, as well as from third-party vendors.

For businesses still relying on technologies like firewalls, exploring the option of engaging in service-based networks can potentially enhance security, improve service quality and optimise systems. Organisations should review the associated benefits and risks of this type of network and ensure that it aligns with the organisation’s overall business and technology objectives.

See also: The decluttered era of cybersecurity: A journey to consolidation

Building a robust system from the ground up

A small organisation moving to the cloud might not necessarily be a target for hackers. However, for organisations part of a larger cloud, the software itself could be a target for an attack. Organisations can be unwittingly exposing themselves to a potential attack by simply using those services.

When it comes to internal governance around the use of the cloud, teams should ideally have secure landing zones to help keep them safe in the cloud. Instead of looking at security and threat actors as an afterthought, introducing safety mechanisms into the actual software supply chain to make sure that it is secure right from the start, can go a long way in preventing an attack.

Innovation and entrepreneurship in the Apac region are on the rise, making it very important to democratise access to technology for small and medium enterprises (SMEs). It is imperative that the cloud platform remains simple, easy-to-use, and developer friendly, so that these engines of the economy can enjoy the same benefits of the cloud that large enterprises do.

While organisations in Apac do recognise that improved security is critical to driving positive business outcomes, finding the right partner that can provide a range of products and services that embed different layers of security and in-depth defence will be key to navigating an ever-evolving threat landscape.

Jay Jenkins is the chief technology officer of Cloud Computing at Akamai Technologies

×
Loading next article...
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.