Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
AI agent executes end-to-end ransomware attack via development platfor...
ICAC Commissioner attends first IAACA European regional anti-corruptio...
Research: Asian enterprises advancing AI without resilience strategies...
Penta Security Sets the Benchmark for Web Application Security, Earnin...
India bank domain registry exposed sensitive data in security lapse: e...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

Tips

Long unheeded calls for global ratification of cloud reassurance framework need reassertion

By L L Seow | Wednesday, October 22, 2025, 12:03 PM Asia/Singapore

Long unheeded calls for global ratification of cloud reassurance framework need reassertion

When a massive global cloud service outage does not sound major alarms in world governments about cloud resilience failure, read this…

Following AWS’s fourth outage in five years for the US-East region, analysts from Forrester are reiterating other experts’ years-long calls for an overhaul of cloud resilience management.

With only a handful of major cloud service providers powering much of the world’s public web services, a single technical glitch or cyber incident can result in similar or even worse global disruption.

According to principal analysts Brent Ellis, Alla Valente, Lee Sustar, Devin Dickerson and Naveen Chhabra, this particular outage exposes core issues with cloud resilience that stem from overreliance on services such as DNS, which were not architected for cloud-era technology demands. It also highlights how concentration risk — a dangerously powerful yet routinely overlooked systemic risk — arises when so many firms across all industries become dependent on a single cloud provider and, more pertinently, a single region covered by that vendor.

The problem also goes beyond internal AWS regional dependencies, into the logical dependencies across the platform. DynamoDB, the first Amazon service identified as impacted by the DNS issues, plays a central role in other AWS services for analytics, machine learning, search, and more…

Other implications of poor cloud resilience

Convenience often overshadows navigating the complex, nested dependencies in highly concentrated environments. Despite past outages, organizations that failed to address that complexity got a front-row seat as cascading issues disrupted systems, processes, and operations.

The entrenchment of (public) cloud services in modern enterprises, coupled with an interwoven ecosystem of SaaS services, outsourced software development, and virtually no visibility into dependencies, is not a bug: it is a feature of a highly concentrated risk where even small service outages can ripple through the global economy.

What tech leaders should do now

From a cloud resilience perspective, enterprise tech leaders have two lines of action they need to pursue now. One is to build the tools to increase technology systems’ reliability; and two, to address contractual grey areas related to shared responsibility models with cloud (and SaaS) vendors.

On the technology side, the analysts recommend the following measures:

  • Invest in infrastructure observability and analytics. It is the first line of defence for production systems, giving teams early visibility into outages so that they can respond with workarounds or alternative infrastructure. Otherwise, users will be relying on a cloud provider’s blog describing the outage when it has already taken down key operations.
  • Build an infrastructure automation platform. In order to fix things as early as possible, all observability data and correlated analytics need to be connected to automation to respond while problems are still small and manageable. These capabilities converge in AIOps platforms, but each capability is independent and should be considered strategically. Third-party tools can give teams a bird’s-eye view of the overall cloud estate, especially in multi-cloud environments.
  • Use content delivery networks to cache static content at edge locations from outages. That will not be cheap, but neither is an outage that knocks down critical IT operations and leaves the corporation waiting helplessly.
  • Develop application portability and additional clouds for key workloads. If you have a critical application, be ready to move it on a dime. This may mean a disaster recovery architecture to another region, cloud, or data center. It may involve investment in data resilience tools or replication technologies. The details will depend on specific application needs, and evaluating those needs should come from a well-designed risk management process. Focus investment on functions that affect customers, drive critical infrastructure, or move money.
  • Test infrastructure and application for resilience. Use chaos engineering tests to figure out how an infrastructure’s applications fail, and design ways to avoid failure. For disaster recovery and backups, test them to make sure key steps have not been missed; that the processes are clear; and, when it is a security-related matter, all teams coordinate well with those responsible for securing enterprise systems and data. Supplement those catastrophic ransomware-response tabletop exercises with workshops on how to withstand protracted outages or maintain transaction integrity during short-term disruptions.

For managing third-party risk in cloud and SaaS suppliers:

  • Understand the limitations of regulations. The EU’s Digital Operational Resilience Act (DORA) is an attempt to improve resilience of critical infrastructure, but it has limitations as it is aimed more at the financial sector, and focuses on the responsibility of cloud customers while not emphasizing the role of hyperscalers in improving the core resilience of their systems. Organizations should not confuse being compliant with being resilient. Instead, identify the three main sources of risk, model scenarios, and create mitigation plans to minimize the pain of disruption. Also, focus on continuous testing of disaster recovery and operational plans under realistic conditions, complemented by coordinated cross-team efforts, especially in organizations with global offices.
  • Map critical dependencies. Identify and map all third-party and cloud service dependencies to the technology assets and business processes they support. Focus on customer-facing apps and single points of failure and hidden connections that could amplify outage impacts. Do not settle for web documentation: Insist that all cloud technical account managers walk the firm through the specifics of their environments.
  • Reevaluate third-party risk strategies and approaches. If a third-party risk management program is overly focused on compliance, firms may miss significant events that impact even compliant vendors. Tech leaders cannot afford to overlook assessing the vendor against multiple risk domains such as business continuity and operational resilience, not just cybersecurity. Tech leaders also need to map their third-party ecosystem to identify significant concentration risk among vendors, especially those that support critical systems or processes.
  • Use the contract as a risk mitigation tool. With major technology outages becoming all too common, work with procurement and legal to update or add clauses that assign accountability during disruptive events and clearly outline time frames for vendors to patch and remediate. Consider using such incidents and their impacts as a basis for implementing measures in contracts or service-level agreements. For determining financial compensation or discounts for downtime, be prepared to bargain for it. If vendors push back, consider whether it still makes to do business with them at all.
  • Prioritize continuous monitoring and corrective action. When organizations identify third-party risks but do not act on them, risk management efforts stagnate or fail. All third parties are dynamic entities, and their risk, compliance, and resilience posture will change over time. Augment annual assessments with continuous monitoring tools that can identify vendor changes in real time. Close the loop with third-party risk management program platforms that automate issue creation, launch remediation plans, and trigger notifications required for approval and verification that the risk has been addressed within risk-appetite or regulatory requirements.
  • Test vendor resilience plans. Require validation of vendors’ recovery and continuity plans through tabletop exercises and outage simulations.

Global cloud reassurance framework sorely needed

Aside from the above actionables by Forrester analysts, several crucial macro-level aspects, especially at government and regulatory levels, can help industries augment comprehensive resilience strategy:

  • Institute strong governance frameworks and institutional policies that embed resilience as an organizational imperative
  • Mandate better management of configuration drift, and the balance between resilience investments and cost efficiency — both vital for sustainable operations
  • Regulating imperatives for hybrid and multi-cloud adoption options to reduce vendor lock-in and systemically prevent single points of failure
  • Data sovereignty and complex compliance landscapes need to be constantly monitored as a matter of regulatory and geopolitical risks

World governments and cloud policy leaders should take the current clarion call to urgently move beyond fragmented, sector-specific guidance to establish a robust, multi-stakeholder global cloud resilience framework.

Such a globally unified cloud reassurance framework should harmonize regulations, clarify oversight responsibilities, promote transparency and trust, and incentivize rigorous, ongoing resilience testing across current and future public cloud ecosystems.

Without coordinated international action and authoritative governance, the growing concentration and criticality of cloud services pose systemic risks to economies and societies worldwide.

Current fragmented regulatory efforts — while important — are insufficient to drive the transformative, comprehensive resilience that modern cloud-reliant infrastructures demand. This calls for an urgent, unified master plan in cloud governance and operational resilience to proactively manage risks and ensure trust in the digital foundations underpinning global commerce and public services.

Share:

PreviousUrgent cybersecurity threats linked to quantum computing every IT decision-maker should know
NextCollaboration and data security for today’s agentic workspace

Related Posts

High time for preemptive legislations to cull smishing

High time for preemptive legislations to cull smishing

Friday, March 11, 2022

Can 5G be secure if it runs on older insecure tech? Telcos hold the key

Can 5G be secure if it runs on older insecure tech? Telcos hold the key

Thursday, January 28, 2021

Financial cyber threat incidents surge in one cybersecurity firm’s user base

Financial cyber threat incidents surge in one cybersecurity firm’s user base

Thursday, March 27, 2025

The new face of fraud in the AI era

The new face of fraud in the AI era

Tuesday, November 25, 2025

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Penta Security Sets the Benchmark for Web Application Security, Earning Frost & Sullivan’s 2026 South Korea Company of the Year Recognition

    Thursday, July 2, 2026
    By combining intelligent threat detection, …Read More »
  • SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer Value Leadership Recognition for Excellence in Cybersecurity Services

    Monday, June 29, 2026
    The company is recognized for …Read More »
  • Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations

    Saturday, June 27, 2026
    PETALING JAYA, Malaysia, June 26, …Read More »
  • DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments

    Thursday, June 25, 2026
    New White Paper Outlines Best …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.