Southeast Asia is one of the world’s most dynamic and fastest-growing business regions, leveraging digital tools and advanced internet capabilities to drive connectivity, creativity and innovation. And while not all of the countries in the region are moving at the same pace, all are affected by the fact that digitalisation creates a broader attack surface – one that is harder and more resource-intensive to protect. This makes the region a prime target for cyberattack, whether the goal is financial gain, operational disruption, or geopolitical purposes such as cyberespionage, and more.
Companies of all sizes and in all industries are at risk. For example, 28% of the enterprises polled for PwC’s annual Digital Trust Insights 2023: The Southeast Asia Perspective said they’d seen an increase since 2020 in their exposure to cyberattacks due to increased digitalisation – and only 17% believed they’d fully addressed the cybersecurity risks of digital technologies and related business practices such as remote working.
At the other end of the scale, the latest Asia-Pacific Small Business Survey shows that nearly half (45%) of Singapore’s small businesses fear a cyberattack in 2023 – compared to 29% the previous year. The figure is even higher for Malaysia (48%) and Indonesia (52%), although both these countries were already more concerned than Singapore in 2022.
As companies across the region rush to implement remote and flexible working, automation, the Internet of Things (IoT), software applications and the cloud – IT security teams face the daily dilemma of how to keep their organisation secure and employees and assets protected, while still making the most of the digital tools and free-flowing data that the business needs to compete in the future.
Securing people, data and things in a work-from-anywhere, data-centric world.
First, the bad news – a digital, data-centric organisation has many potential points of weakness. Attackers can target communications, emails, applications, cloud services, dispersed employees, devices, networks, the supply chain and all the data traffic across a network that is creaking under the weight of connectivity. Sometimes they attack on several fronts at once or jump around if one approach doesn’t work.
Cybersecurity needs to adapt. Keeping doors and windows locked doesn’t work when many users, devices, applications, and data are, metaphorically speaking, in the garden. Securing everything independently doesn’t work either. Siloed security measures or a range of point solutions from multiple vendors increase cost and complexity, and you don’t have a complete picture of what is going on. Now for the good news.
It’s time to consider ‘Secure Access Service Edge’ or SASE
In an industry full of acronyms, SASE may be the only one you need in 2023.
SASE is a cloud-based service or platform that brings together networking and network security. For the first, it relies on SD-WAN networking to optimise network traffic and reliability; for the second it relies on advanced integrated technologies (a whole raft of acronyms you won’t need any more) to effectively secure users, sites, and things regardless of their location.
Oneplatform with a single pane of glass that provides secure access for users to the services they need or want, when they want them, wherever they are.
SASE offers a way for organisations to connect directly to the cloud efficiently and securely – by routing traffic based on the user’s intention and the specific requirements of the application they’re looking for, rather than always sending the traffic back through the data centre for security checks. This is achieved by harnessing advanced features such as Firewall-as-a-Service and Secure Web Gateways (FWaaS and SWG). Additional security inspection by SASE gateways can be applied where necessary.
The organisational benefits of SASE
Implementing a SASE platform increases integration, visibility, and security, while reducing complexity and minimizing the attack surface. Second, SASE enables businesses to consolidate their list of security vendors; and vendor consolidation helps to further reduce complexity and cost for organisations.
Third, SASE provides powerful secure access tools. Every user in SASE has “identity”, whether they are a person, an application or device. They also all have “context” – based on where they are, the time of day, the device’s security features, such as whether the software is up to date and has security installed etc., and the application or service they are using or would like to have access to.
SASE security policies are based on Zero Trust and look at both identity and context – and the policy can change as the context changes. For example, the security requirements may be different if you want to access an application using your work computer while in the office, or when you try to connect via your mobile phone from the middle of nowhere.
Why SASE, why now?
Implementing a SASE solution – ours at Barracuda is called SecureEdge – helps organisations to secure their users and operations in a digital world where everything and everybody is connected and on the move – a world that cyberthreats and cyberattackers have been quick to adapt to.
The operational landscape and cyberthreat ecosystem in Southeast Asia will continue to evolve. Keeping security simple, scalable and integrated will help organisations and security vendors to be ready to adapt to whatever comes next.
If you’d like to know more about what SASE could do for you and your business – please get in touch
