Every business, large of small, is a target of cybercriminals and should look at minimising security risks, not simply preventing them. This is essential as more businesses move to the cloud and organisations in Asia largely still lack an urgency in addressing security.
Unlike their peers in the US, where enterprises across most sectors considered security as part of their business process, Asia-Pacific companies had yet to do so, said Paul Hadjy, CEO and co-founder of Horangi. The Singapore-based security startup's flagship product, Warden, is a cloud security posture management software touted to safeguard against misconfigurations and compliance breaches.
Likely distracted by having to keep the business running and day-to-day management, Hadjy noted that Asia-Pacific organisations generally did not regard security as topmost on their agenda when it would be commonly discussed at every meeting in the boardroom and amongst C-level executives in the US.
This was changing, though, he said, adding that focus on security would intensify as more regulations were introduced around the use of cloud and businesses would be concerned about staying in compliance.
And they would reasons to be anxious. By 2023, at least 99% of cloud security failures were projected to be the customer's fault, according to Gartner. The research firm also predicted that half of enterprises this year would unknowingly and erroneously expose some cloud services or applications to the public internet, including storage, APIs (application programming interfaces), and network segments.
Hadjy noted that most customers Horangi worked with had no prior cloud security framework in place. "If you're not using a cloud security platform, you're going to have issues because you don't have visibility across the cloud architecture," he said. "You can use tools to do so manually, but you'll need to repeatedly follow [the steps] to do so when you use different cloud platforms."
He stressed the need for proper security and processes, such as patch management, to be in place to address any potential misconfigurations.
He warned that no business today was too small to be a target and all were at risk of cybersecurity attacks. Hackers also would target organisations that did not take security seriously.
Technology, too, was no different from any other business, with opportunities for mistakes to be made, he said, especially if there was no automation involved.
IT environments also could become challenging to manage over time, with organisations challenged to manage systems and software that were more than a decade old alongside modern applications running on cloud.
Hadjy added that the move to remote work further complicated IT infrastructures, where traditional methods of ring-fencing corporate networks were no longer effective as more employees worked from home.
Noting that no security solution was perfect, he noted the need for organisations to focus on mitigating risks and their ability to react quickly to reduce their risks should they suffer a security breach.
Founded in 2016, Horangi last month was added to Amazon Web Services' (AWS) ISV Accelerate programme, having obtained the cloud vendor's security competency status.
The Singapore startup last year secured $20 million in Series B funding, adding to its Series A $3.1 million haul, and might embark on another fund-raising initiative this or next year, Hadjy told ZDNet.
Horangi's Warden is pitched as a multi-cloud security platform designed to automatically safeguard against misconfigurations and compliance violations. It identifies "critical cloud resource configurations that may become entry points for attackers", according to the startup.
- Global pandemic opening up can of security worms
- Majority of firms concerned about public cloud security, most have suffered breach
- APAC firms face growing cyberattacks, take more than a week to remediate
- Most Singapore firms experienced data breaches, worried over 5G deployments
- One in four APAC firms not sure if they suffered security breach
- APAC firms must transform cybersecurity approach