Why managing third party risks in the cloud is critical for Apac enterprises

Often, third-party vendors use platforms that can create varying threat levels based on the type of data being hosted within those services. As a result, it is crucial businesses are aware of detected and undetected threats, especially as hackers can operate within those hosts and remain undiscovered for long periods of time.

Moreover, as attackers get access to more sensitive information, they risk becoming a threat to individual customers. Whether pilfering high-level customer information, names and addresses or even financial information – there are varying threat levels that companies need to be wary of.

The move from machine-based security to service-based security, whether third-party or the cloud, requires an understanding of endpoints, including different application programming interfaces (APIs), and where those services are hosted. APIs are a crucial component of modern software development and are increasing in adoption among many organisations. They allow different systems to communicate with one another and share data and functionality. However, as with any aspect of computing, API security is a critical concern.

Safeguarding from potential threats

See also: Conducting secure data movements in the cloud symphony

So, what can big and small organisations do to manage their cloud environments and stay safe from a cyber-attack? One is to get familiar with third-party vendor certifications. Looking at their security certifications, understanding what they mean, and doing an actual review can help uncover any discrepancies around their security posture.

Secondly, security certifications usually come with a specific list of services. Companies must do their due diligence and understand what services they might be using and which are covered by those certifications. It is recommended that companies carry out their own penetration testing on those services. Companies also need to know what their own appetite for risk is in those areas, as well as from third-party vendors.

For businesses still relying on technologies like firewalls, exploring the option of engaging in service-based networks can potentially enhance security, improve service quality and optimise systems. Organisations should review the associated benefits and risks of this type of network and ensure that it aligns with the organisation’s overall business and technology objectives.

See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way

Building a robust system from the ground up

A small organisation moving to the cloud might not necessarily be a target for hackers. However, for organisations part of a larger cloud, the software itself could be a target for an attack. Organisations can be unwittingly exposing themselves to a potential attack by simply using those services.

When it comes to internal governance around the use of the cloud, teams should ideally have secure landing zones to help keep them safe in the cloud. Instead of looking at security and threat actors as an afterthought, introducing safety mechanisms into the actual software supply chain to make sure that it is secure right from the start, can go a long way in preventing an attack.

Innovation and entrepreneurship in the Apac region are on the rise, making it very important to democratise access to technology for small and medium enterprises (SMEs). It is imperative that the cloud platform remains simple, easy-to-use, and developer friendly, so that these engines of the economy can enjoy the same benefits of the cloud that large enterprises do.

While organisations in Apac do recognise that improved security is critical to driving positive business outcomes, finding the right partner that can provide a range of products and services that embed different layers of security and in-depth defence will be key to navigating an ever-evolving threat landscape.

Jay Jenkins is the chief technology officer of Cloud Computing at Akamai Technologies