According to McAfee’s Cyber Risk and Resilience report for the APAC region, Malaysia led countries in identifying privacy regulations as impacting organisations, about 85% from the 480 respondents. In the second part of our conversation with Jonathan Tan, Managing Director Asia at McAfee, he shares with us how regulations are impacting organisations, especially for cybersecurity.
“Across APAC, we know that as organizations undergo their digital transformations, they pay close attention to regulations to make sure they prioritize the right areas. While we would need more data on Malaysian organizations to make a conclusive statement, it’s possible that Malaysian respondents feel that privacy, and privacy regulations, are a particular area of focus given the noteworthy breaches in the country.”
Jonathan explained that as organisations enter digital transformations, while they may be increasing company access to the online world, the transformations also increase exposure to cybersecurity attacks from every vector, which means many different vectors, and factors, that organisations must plan for and invest in.
Across the causeway, Singaporean companies are downloading sensitive data to unmanaged personal devices. For Jonathan, employees that are downloading data to unmanaged personal devices are simply doing their job at most times. He added that they are downloading data to their devices to take advantage of services designed to be accessed by credentials alone. For example, working in a sales position can require frequent travel and access to data in CRM services from anywhere. A personal smartphone can log in, view, and download customer data and then move that data anywhere freely.
At the same time, Jonathan said that while many employees are not misusing data, these personally owned devices are invisible and uncontrollable by IT. Any sensitive data that reaches an unmanaged personal device is a data loss event. An employee may find a multitude of justifiable business rationales for accessing this data, but it is lost forever.
This can be a problem indeed, as organisations do not have visibility on their employee devices. And it’s not just the use of personal devices. The survey report also pointed out a lack of confidence in cloud services in Singapore.
“Our recent survey did not measure confidence on cloud services in Singapore, but Singaporean companies would not be remiss to closely examine the risk profile of cloud providers. 91% of cloud services do not encrypt data at rest, meaning your data is not protected if the cloud provider is breached. Additionally, 87% of cloud services do not delete data upon account termination, meaning that your data could live with the cloud provider in perpetuity, with complete uncertainty about what they’ll do with it in the future.”
Jonathan highlighted that on average, companies in the Asia Pacific region approve an average of 48 cloud services each, compared to the global average of 41 cloud services each. While the number of approved cloud services is increasing year over year, thousands of other services used ad-hoc without vetting, as well as approved, but improperly secured cloud services that can still put company data at risk.
Which is why Jonathan pointed out that one new cybersecurity solution that McAfee is providing is McAfee MVISION Cloud for Containers, a unified cloud security platform with container optimised strategies for securing dynamic and ever-changing container workloads and the infrastructure on which they depend.
According to Jonathan, container security has long been treated as separate from other Infrastructure as a Service (IaaS) security solutions, requiring evaluation, investment and management of multiple, niche products thus increasing the total cost of ownership and complexity and reducing security.
McAfee MVISION Cloud for Containers integrates Cloud Security Posture Management (CSPM) and Vulnerability Scanning for container workloads into the existing McAfee MVISION Cloud platform to give customers a unified cloud security solution where consistent security policies can be implemented across all forms of cloud IaaS workloads.
With that said, are improper security on cloud services the main reason why organisations have not moved all their services or workloads to the cloud? Or does it just go down to the costs of migrating their services to the cloud? One thing for sure, regulations and compliance are still a priority for organisations when making these decisions. Companies will want to ensure they are well secured and protected in their digital transformation.