At the 3rd Annual FutureCISO Conference in Singapore in 2024, 69% of attendees cited cloud security as an area of focus. Fast-forward to 2025, and the cloud security landscape in Asia is rapidly evolving, spurred by the demands of multi-cloud environments, regulatory complexities, and the integration of artificial intelligence (AI).
Source: Cxociety Research, 2024
When asked to name one key implication of these changes for chief information security officers (CISOs) in 2025, Dell Technologies' chief technology officer, ISG, APJC, Deepak Waghmare, stressed the importance of adopting a robust security posture to withstand emerging threats.
"From a CISO's lens perspective, the landscape has been very, I would say, siloed over the period," Waghmare states. "Many of our organisations... have been pushed into the multi-cloud era." As organisations adopt a mix of public cloud, edge locations, and Software as a Service (SaaS), the complexity of managing security across these environments increases.
Unified visibility and compliance strategies
Unified visibility and compliance have become paramount as organisations transition into multi-cloud environments. Waghmare observes, "From a CISO's lens perspective, the landscape has been very, I would say, siloed over the period." Many organisations have been "pushed into the multi-cloud era," leading to fragmented security strategies that often fail to provide a comprehensive view across various platforms.
Waghmare emphasises the importance of understanding data landscapes and governance models: "These are the customers who have created their governance model; they understand what the data sources are and how their data landscape looks." He notes a critical challenge: "Many times, getting a broader view—organisation-wide or landing zone-wide—takes a big toll on the team." This indicates that CISOs must prioritise the development of a cohesive strategy that integrates security measures across all cloud environments.
The role of AI in cloud security
Integrating AI into security frameworks is not just an option; it is becoming necessary. Waghmare states, "When creating AI committees for your enterprise rollout, please ensure you have the CISO as part of it." He warns against considering security as an afterthought, suggesting that it should be an integral part of the framework from the outset: "Consider it as part of your framework on day one."
As organisations adopt AI, security becomes more complex. Waghmare explains that "AI actually doubles down on all efforts for customers because data is heavily involved." This heightened focus on data underscores the need for robust security measures that protect organisational intellectual property.
A report by McKinsey highlights that organisations increasingly recognise the need for "a comprehensive AI governance framework" that incorporates security considerations from the beginning, aligning with Waghmare's insights.
Challenges in scaling AI initiatives
CISOs often face difficulties scaling AI initiatives within their organisations. Waghmare remarks, "Those customers, when they start small and see the initial success, face issues when they want to scale it—because you cannot scale a pilot to an enterprise level." A framework accommodating scaling is essential, as many organisations struggle to transition from pilot projects to broader implementations.
He advises organisations to "start on the right foot and focus on the more critical workloads." This approach ensures that security becomes an automatic part of the discussion as organisations expand their AI capabilities.
Edge security controls beyond VPN
The pandemic led to the widespread deployment of VPNs, but as Waghmare points out, "You don't just have to protect against external threat actors anymore—you also have to protect against internal threat actors." This shift necessitates a broader view of security that extends beyond traditional measures.
Waghmare advocates for a Zero Trust architecture, stating, "How do we ensure that you ring-fence and create an identity as the central validation point?" This approach requires organisations to validate every user and device before granting access, thereby minimising risks associated with both internal and external threats.
He further suggests that adopting Zero Trust architecture is critical for organisations looking to enhance their security frameworks. He points out that Zero Trust is not a product but a comprehensive framework that requires collaboration across various tools and vendors: "Zero Trust is a framework, and multiple tools and vendors will need to work together to achieve it as an end outcome."
This aligns with findings from NIST, which provides a five-pillar framework for implementing Zero Trust. The framework includes guidelines that organisations can follow to ensure they are not only compliant but also secure.
Industry reports indicate that Zero Trust adoption is moving forward across Asia, with organisations recognising its importance in enhancing security postures.
The journey to zero trust has challenges, as highlighted in the 2024 FutureCISO Conference in Singapore. While 26% of security delegates to the conference acknowledge that zero trust impacts people, processes and technology, 46% of participants reveal that not every element of the technology stack can adopt zero trust,
Forrester reminds us that Zero Trust is not a security solution:
"It's (zero trust) a strategy. Adopting technologies to enable a Zero Trust approach to security is only a part of achieving Zero Trust." Forrester
Managing sanctioned and shadow AI use
The emergence of AI tools has also led to the growth of sanctioned and shadow AI usage within organisations. Waghmare notes, "People going through the AI journey... will realise that the security has to be a part of the foundational architecture of the AI stack."
Organisations must balance allowing innovation and maintaining control over data. Waghmare highlights the need for a structured approach:
Deepak Waghmare
"We need to ensure that all embedded AI—or DIY (Do-It-Yourself) or BU (Business Unit)-level AI—ultimately aligns with the understanding that mature organisations have." Deepak Waghmare
Among respondents to the FutureCISO Conference, 64% noted a lack of understanding of AI itself and AI as a cyber "defence" tool, with 38% calling for better clarity of AI regulations—both local and regional.
This reflects a broader trend in the industry, where firms are increasingly concerned about AI's implications for data security. A report from the World Economic Forum emphasises the importance of establishing guidelines for the use of AI that consider both productivity and data protection.
The importance of user education and awareness
As organisations implement new security measures, user education becomes essential. Waghmare emphasises that "Spreading awareness about why there is a need" for security protocols is crucial for staff buy-in. He advocates for training programmes and drills that help employees understand their role in maintaining security.
"Security is for them and their data," he states, reinforcing that adequate security measures must be framed in a way that resonates with users. The National Institute of Standards and Technology (NIST) echoes this sentiment, highlighting the need for continuous training in cybersecurity awareness for employees at all levels.
Security consolidation: A strategic move
Another significant trend is the consolidation of security vendors. Waghmare argues for reducing the number of vendors to simplify security management: "You're not actually saving costs. Instead, you're shifting the cost burden onto your team." Reducing complexity can enable organisations to focus on business controls and improve the effectiveness of their security measures.
Gartner supports this approach, noting that "consolidating security vendors can lead to greater efficiency and improved security outcomes." This trend indicates a shift towards a more streamlined security strategy that aligns with organisational goals.
Embracing a new security paradigm
As the cloud security landscape evolves, CISOs in Asia must adapt to new challenges and opportunities. Integrating multi-cloud environments, regulatory compliance, and AI-driven threats necessitates shifting towards frameworks like ZTNA that promote resilience and proactive security measures.
Organisations should prioritise unified visibility, AI-driven threat detection, and a commitment to Zero Trust principles to navigate this complex landscape. By doing so, they can secure their infrastructures against emerging threats while leveraging the benefits of AI and cloud technologies.
Waghmare succinctly says, "We need to make sure that we start on the right foot and focus on the more critical workloads." He posits that security automatically becomes part of the discussion when organisations think this way.
For us at Cxociety Research, only then can we truly start to see security as becoming part of the organisational culture.
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
