The COVID-19 pandemic has brought on a wave of digitalization in Southeast Asia, with many businesses shifting their IT environment to cloud computing, an on-demand service that allows firms to process and save critical data and resources on remote servers hosted on the internet.
Revenue in Southeast Asia’s cloud computing market is expected to top USD 40.32 billion by 2025, thanks to surging cloud computing demand among small and medium-sized enterprises (SMEs). Singapore, in particular, is considered to be the most “cloud-ready” country in the region, leading growth in terms of market revenue, according to a research report by Adroit Market Research.
The city-state, despite being a cybersecurity hub, is also vulnerable to cyberattacks. The country emerged as a hotbed for malicious URL hosting, with over 68% of such attacks coming from within the country, according to a study by cybersecurity firm Trend Micro, while two major data breaches took place last year, revealing the personal data of 122,400 individuals.
Singapore-based Horangi, founded in 2016, is among 105 startups listed at the Innovation Cybersecurity Ecosystem @ Block71 (ICE71), an entrepreneurial hub that has sprung up to meet the region’s rising cybersecurity demand for cloud computing.
The firm, founded by ex-Palantir cybersecurity practitioners Paul Hadjy (also former head of information security at Grab) and Lee Sult, has worked with major names in the region, including Gojek, Ninja Van, Shopback, and Tiket. Horangi is also accredited by CREST, a not-for-profit accreditation and certification body representing and supporting the technical information security market.
In March, Horangi raised USD 20 million in Series B funding led by Southeast Asia-focused private equity firm Provident Growth, bringing the company’s sum of raised funds to USD 23.1 million.
KrASIA recently spoke with Hadjy on the state of cloud security in the region and the importance of safeguarding the cloud against cybersecurity attacks.
The following interview was edited for brevity and clarity.
KrASIA (Kr): What are some of the main cybersecurity threats that businesses face?
Paul Hadjy (PH): I think data breaches are becoming more publicized now. Generally, there has been some underinvestment [in the cybersecurity sector] over the years, even in Singapore and across the region, but this is starting to change because of the regulatory requirements coming from the Monetary Authority of Singapore and other regional regulatory bodies.
In terms of threats, ransomwares have been quite big, while phishing has always been big and further increased during COVID time. There are a lot of attacks on IT infrastructure as well as on the cloud, while data breaches are usually a result of one of these things, but it also happens a lot because of people making mistakes.
Kr: What are the top threats facing the region’s e-commerce and fintech industries?
PH: A Gartner’s statistic is relevant here. It says that 99% of cloud security failures are customer’s fault, meaning that the changes businesses make in their cloud environment can cause security issues. For example, in a big e-commerce company that has 300 to 400 developers constantly working on many different products, a mistake is bound to happen.
The biggest problem is actually the misconfigurations of the cloud. For tech companies, most of their intellectual property is going to be in the cloud. So, ultimately, that’s what they need to protect the most. They have their developers who are working to make sure that checks and balances are in place not only in the cloud, but also across their development process, essentially catching and fixing any mistake as soon as possible. The security-by-design or secure software development life cycle is really important when building any technology product, especially in the cloud.
We are here to understand what misconfigurations or security issues are happening, and then subsequently identify those to the security team or to developers themselves so they can fix it.
Kr: How is Horangi solving the pain points you just mentioned?
PH: Warden [the flagship product of Horangi] provides a unified console across the organizations’ cloud infrastructure. By connecting the Amazon Web Services (AWS) and Google Cloud Platform (GCP) cloud accounts, businesses can identify potential security and compliance issues in a unified console and put that in a dashboard that integrates with their development system.
This is really important, as companies transitioning to the cloud are also integrating their security with their [product] development lifecycle, meaning that the security is no longer an afterthought. If you can integrate the security culture in every part of your business, it is the biggest payoff. It also helps prevent long-term security issues.
Kr: What solutions can be put in place to protect businesses and customers?
PH: No matter what security you put in place, mistakes will happen. You need to be ready to respond and mitigate threats as much as possible. Generally, security breaches across the region are bound to happen, but companies need to do everything they can within their respective budgets. The cheapest thing that most companies need to do is really build cybersecurity into their culture. Businesses should make decisions with security in mind, instead of solely growth.
Kr: What are some obstacles that hinder Horangi’s growth? How hard it is to persuade businesses of all sizes to take proactive cybersecurity measures?
PH: In the SME space, we have to educate the market. Education is an important part of being a security practitioner. Ultimately, we try to help these companies solve cybersecurity issues. It is education that makes people understand the existing problems. Also, AWS and other cloud service providers actually work on a shared responsibility model, which means that the cloud service provider is responsible for some parts of security, but the customer is actually responsible for others.
Kr: How does the regulatory landscape need to improve for the region’s cybersecurity ecosystem to level up?
PH: Singapore’s regulators do a good job engaging with the tech community, as well as helping the tech community understand compliance and requirements. Yet we lack more regulation for the cloud. That’s where regulators need to invest more, because so much of the traditional IT infrastructure is transitioning towards the cloud.
Regulators also need to make sure that data is secure in those environments. We would like to see more requirements targeting companies’ clouds instead of gearing towards traditional IT infrastructure, as some of the mitigations that regulators ask to put in place do not make sense in the cloud because of the differences in security issues.
Kr: What are Horangi’s plans for the future?
PH: Horangi will continue to expand into different countries across the region, while our long-term vision is to build a cloud security platform. We will double down and own more market share in Singapore, Indonesia, and Hong Kong, as well as build new products. We just launched our services for GCP, but we are looking to launch services for Microsoft Azure and Alibaba Cloud in 2021, and we’ll continue to launch for other cloud service providers.