FutureCIO observes that in many parts of Asia, there is growing acceptance that a hybrid, multi-cloud approach to computing is the way forward.
A hybrid cloud lets organisations decide when and where to store sensitive data or applications that are too costly to move right now on-prem. At the same time, it offers a choice of multiple clouds allowing organisations to flex and scale workloads among them without experiencing vendor lock-in.
A Google and Enterprise Strategy Group (ESG) study revealed the many benefits (see Figure 1) that come with a multi-cloud approach to meeting the application deployment and migration strategies.
Figure 1: Benefits of multi-cloud
The study noted that 81% of organisations agreed that they "face challenges with application and data portability across locations (including data centre, public cloud and edge)" – see Figure 2.
Figure 2: Challenges that come with multi-cloud strategy
The data in multi-cloud conundrum
But what about the data? According to the recent Hitachi Vantara study on Modern Data Infrastructure Dynamics, six out of ten companies in Asia are overwhelmed by the amount of data they manage.
Lawrence Yeo, enterprise solutions director for ASEAN at Hitachi Vantara, says the escalating data volume heightens data breach risks, prompting cybercriminals to target businesses to steal sensitive information. The study also reveals that nearly 70% of business leaders are worried they cannot detect data breaches in time.
Data privacy and governance are also paramount, driven by customer and regulatory demands for transparency and control. Insider threats are another implication, with just 29% of businesses extremely confident in employees adhering to security policies.
Lastly, third-party risks, cloud and IoT security, and the surge in advanced cyber threats, including ransomware and credential theft, underscore the need for vigilance.
It’s getting worse
Asked how multi-cloud complexity exacerbates the challenges of managing and maximising the value of data, Yeo opined that data silos and data integration are key challenges, with varying formats, APIs, and tools across cloud providers – making it difficult to gain a comprehensive understanding of data.
Hitachi Vantara’s report highlighted that 25% of global IT leaders say their users may be unaware of existing data, while 39% have less than half of their data integrated into the needed systems.
Yeo also noted that latency issues arise when transferring data between different clouds, affecting analytics and processing speed.
“Ensuring data availability, resilience, and recovery across multiple cloud providers is another challenge. Complex data governance and compliance requirements demand consistent policies and security controls across all providers."Lawrence Yeo
The constant threat of cyberattacks
It can be argued that cyber threats are almost synonymous with cloud use. However successful breaches are more often a result of misconfigured, unsecured and unpatched systems and databases, as identified in the Cyber Security Threat Trends 2023-M04 report by the Hong Kong governmental computer emergency response team (GovCERT.HK).
The GovCERT.HK report revealed that in December 2022 over 70 billion files from about 500,000 distinct servers were accessible due to lack of proper protection. It also revealed that 740,000 misconfigured or unauthorised databases were discovered in 2022. As a result, it anticipated growth in credential theft targeting business accounts in 2023.
When asked what the emerging types of cyberattacks targeting data infrastructure that organisations must be aware of, Yeo pointed out that ransomware attacks continue to impact businesses in the APAC region.
According to Kaspersky, in Southeast Asia, 67% of businesses have been victims of ransomware attacks. Yeo opined that ransomware attackers have become more sophisticated and ambitious, focusing on larger targets with substantial valuable data. They are also using double extortion methods, threatening to leak data and exfiltrate it.
“Organised cybercrime groups increasingly operate with a high level of technical and business acumen, making it an increasingly difficult endeavour to combat them. Adding to the complexity is the use of AI and ML to conduct phishing attacks and steal credentials – through creating customised and convincing phishing messages as well as evading security systems,” he commented.
Mitigating the challenges
An interesting revelation in the Hitachi Vantara report is the revelation that 68% of surveyed decision-makers have concerns over whether their organisation’s data infrastructure is resilient enough to recover all their data from any ransomware attack.
According to Statista, in 2023 nearly 73% of companies worldwide paid ransom to recover data. And yet at the 2023 C-Engage conference in Singapore, over half of the delegates polled said they would not pay a ransomware. But the Singapore poll reflects a growing sentiment that paying ransom does not guarantee full data recovery, nor an end to the threat.
Asked whether data infrastructure modernisation can mitigate these challenges, Yeo says data infrastructure modernisation can help organisations improve their data security and compliance.
“Organisations can safeguard their data from external threats by putting current data security practices like encryption, multi-factor authentication, and access restrictions into place. Modern data governance techniques can also assist organisations in observing data privacy laws like the GDPR and CCPA,” he continued.
With the growing interest in machine learning (ML) and artificial intelligence (AI) there is the suggestion that a well-designed infrastructure can help data scientists and developers access data, deploy machine learning algorithms, and manage the hardware’s computing resources.
Yeo says AI-driven solutions such as regulatory and compliance intelligence can consolidate and modernise data with governance software, apply analytics that uncover risks, and use a metadata structure for efficient investigations. He added that it also creates accuracy across compliance efforts, to rapidly meet new reporting requirements and lower costs for regulatory investigations.
The importance of building intelligence and resilience
According to Hitachi Vantara’s recent study, 73% of APAC leaders are concerned about their data infrastructure’s resilience in facing ransomware attacks. Meanwhile, 23% of respondents admitted that important data was not backed up and 33% had experienced data inaccessibility due to storage outages.
This highlights a crucial data infrastructure gap that organisations must resolve to strengthen their cybersecurity defences (see Figure 3).
Figure 3: Areas of infrastructure management where third-party help is needed.
Asked why organisations should build intelligence and resilience across their entire ecosystem to prevent data loss now and in the future, Yeo commented that utilising comprehensive data protection and cyber resiliency solution capabilities can help organisations proactively secure data and enhance readiness against attacks.
“Organisations are then able to keep business continuity a priority and stay resilient in preventing data losses,” he concluded.