APAC Firms Must Rethink Cloud and AI Security in 2025

As artificial intelligence and multi-cloud environments reshape enterprise IT, Asia-Pacific (APAC) organisations are facing a growing security reckoning, according to the State of Cloud and AI Security 2025 report by Tenable and the Cloud Security Alliance (CSA). The study reveals that 82% of companies now operate hybrid cloud systems, while 63% use multiple cloud providers — leading to fragmented visibility, inconsistent governance, and increased vulnerability to identity-related breaches. 

The findings show that identity risks are now the leading cause of cloud breaches, with six in ten organisations citing insecure permissions as their top concern. Despite accelerating AI adoption, over half of surveyed companies have already experienced AI-related breaches, mostly due to misconfigurations, excessive access privileges, and poor identity management rather than sophisticated attacks. 

Key insights from Tenable’s Liat Hayun include: 

• Complexity drives exposure: Each new API, SaaS, or AI tool adds unmanaged risks that traditional systems can’t fully detect. 

• AI amplifies existing weaknesses: While boosting productivity, AI also accelerates data sharing, expanding potential attack surfaces. 

• Identity is the weakest link: Lack of ownership and poor coordination between identity access management (IAM) and cloud security teams remain major gaps. 

• Security maturity lags adoption: Many APAC firms still prioritise speed and cost efficiency over integrated, risk-based security planning. 

Hayun stresses that the next stage for APAC enterprises isn’t broader cloud adoption but unifying visibility, governance, and identity control across existing systems. Practical recommendations include enforcing least privilege access, implementing exposure management tools, encrypting data flows, and securing MLOps pipelines. 

As AI-driven automation becomes both a risk and a defense tool, the region’s security leaders must move from reactive compliance to proactive resilience — ensuring cloud agility doesn’t come at the cost of control. 

 

Source: 

https://www.itnews.asia/news/why-apac-organisations-must-rethink-their-cloud-and-ai-security-621737