Addressing cloud security challenges

Addressing cloud security challenges

The global health crisis has accelerated the adoption of cloud computing among companies and organizations. With employees working remotely and business customers and consumers using apps in their everyday lives, more and more organizations are using cloud computing for their applications or as their platform and data storage.

In fact, worldwide end-user spending on public cloud services is forecast to grow by 18.4 percent in 2021 to $304.9 billion, according to a Gartner report. The main reasons for this are for business resilience (i.e., flexible computing power, high availability, disaster recovery, and lower cost for backups), business continuity for remote work, healthcare applications, and online education.


Behind every success story, however, lies challenges and threats. As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks — and the costs of addressing them — are increasing, according to cybersecurity firms Fugue and Sonatype in their State of Cloud Security 2021 report.

The report cited cloud misconfiguration as a major threat. The primary causes of cloud misconfiguration cited are too many APIs (application programming interfaces) to govern (32 percent), a lack of controls and oversight (31 percent), a lack of policy awareness (27 percent), and negligence (23 percent).


In Southeast Asia, more than a quarter of cloud infrastructure configurations across countries could be exploited by threat actors due to poor security and misconfigurations, cybersecurity firm Horangi said in a 2021 report. The company recently analyzed more than one million cloud infrastructure configurations and found that approximately 265,000 were misconfigured. Misconfigurations can have potentially disastrous consequences for organizations, particularly those that operate in a remote working or hybrid working environment and leverage more cloud solutions.

In the Philippines, more than 82 percent of organizations experienced a public cloud security incident, including ransomware and other malware (77 percent), exposed data (40 percent), compromised accounts (40 percent), and crypto-jacking (16 percent), according to the State of Cloud Security 2020 report of cybersecurity firm Sophos.

Consistent with other studies, the report highlighted misconfigurations (71 percent) as the main reason for the cloud attacks in the Philippines, while other organizations (27 percent) reported that cybercriminals gained access through stolen cloud provider account credentials.


Data breaches are a big threat to an organization and may result in lost man-hours, credential and confidential information exposures, and reduced customer confidence and trust that can quickly bring a company down. In fact, data breaches cost Southeast Asia companies a staggering US$2.6 million per incident, according to Techwire Asia.

Therefore, cloud security is one of the top criteria prescribed by Cloud Industry Forum (CIF) when considering moving an organization’s workload to the cloud. “Ensure you assess the cloud provider’s levels of data and system security, the maturity of security operations and security governance processes”, CIF states on its website. In addition, “the provider’s information security controls should be demonstrably risk-based and clearly support your own security policies and processes”. Lastly, it must be “compliant with standards like the ISO 27000 series or have recognized certifications.”


It is opportune time that Alibaba Cloud ( will be launching its first data center in the Philippines on October 15 this year as part of an aggressive $1-billion plan to expand its presence in the Asia-Pacific. The data center will extend the reach of the firm’s services, including elastic compute, databases, security, machine learning, and data analytics, to more local businesses across industries including financial technology and the public sector.

Alibaba Cloud adheres to international security standards and global best practices on security and compliance. It has extensive global and regional certifications and strictly complies with privacy laws. The firm actively participates in various security compliance associations and currently has more than 80 security and compliance accreditations worldwide.

Alibaba Cloud’s data center launch is something Philippine organizations can be excited about. Expertise in cloud technology and cloud security will be within all local organizations’ reach. To know more, visit: To attend, register at:

The author is the founder and CEO of Hungry Workhorse Consulting, a digital and culture transformation consulting firm. He is fellow at the US-based Institute for Digital Transformation. He teaches strategic management in the MBA Program of De La Salle University. The author can be emailed at