ASEAN: There Can Be No Digital Economy Without SecurityPresident, ASEAN of Cisco Systems, Singapore
Across the world, digital technologies are disrupting industries, improving lives and propelling progress. Similarly, we see these changes taking place in ASEAN (Association of Southeast Asian Nations) countries, building on the fundamentals for digitization that are in place—such as the growing economies of Thailand and Indonesia, which have highly digital and young populations (50 percent of ASEAN’s population is under 30 years of age) and an extremely high literacy rate of 94 percent. Infrastructure is also well developed—90 percent of people in the region have Internet access.
The conditions are ripe for ASEAN to become one of the world’s top five digital economies and a major global economic player by 2025. To achieve this, the ASEAN needs to implement a comprehensive digital agenda and strategy. Doing so could add $1 trillion to ASEAN’s GDP over the next decade.
This is why digitization is incredibly relevant for the region. By pioneering the development of new digital services and business models, ASEAN countries will create new areas for economic growth. The clearest example today is the tech sector—it’s changing the way citizens work, live and play through businesses that are built on the sharing economy. But beyond that we are also seeing the rejuvenation of old sectors, such as manufacturing, which is moving toward “Industry 5.0” and reaping the benefits of improved efficiency, flexibility and widespread customization.
The Cornerstone of Digitization
While it’s clear that digitization is paramount, there are many aspects to consider. But underlying all of that is security, which is absolutely fundamental. To fully realize the opportunities that are described above, security needs to be a core part of any digital transformation strategy. Today, we have a diverse and growing threat landscape. And as business goes digital, the number of external touchpoints will only grow, making them increasingly vulnerable. Security is what protects businesses, allowing them to innovate and build new products and services.
Beyond a defensive role, security provides businesses with a strategic growth advantage. Here’s an example: customer data—imagine you’re a business like Go-Jek, an Indonesian transport, logistics and payments startup. Regardless of the value you add to the market, do you think customers would willingly use your service if they didn’t trust you to handle their sensitive information? Trust creates widespread use of the service, which in turn generates valuable data, allowing Go-Jek to identify growth opportunities in terms of creating new services or improving existing ones.
This is just one example of the importance of security—Cisco has identified 414 security-enabled digital use cases that will drive $7.6 trillion in value over the next decade.
It should be the responsibility of tech industry players and government bodies to drive the cyber security agenda.
There are three key areas for organizations to focus on when it comes to security: strategy/policy, technology and people.
Businesses need to look at security from a big picture perspective. It’s about saying “let me have a security blueprint to enable the business” more so than worrying about the tactical aspect of “how do we detect where the vulnerabilities are within the environment?” This means thinking about security end-to-end, throughout the organization, from the network to the cloud to the customer endpoints.
An architectural approach allows products to be integrated and built to share context and information on threats. Such an approach takes advantage of investments and network infrastructure already in place, which means that scaling security alongside business growth is simple and straightforward. It creates a multiplier effect and reduces cost by over 30 percent vis-a-vis a point-product approach. For example, the western Australian education department is able to centrally manage security for 798 school sites without having to worry about scalability.
From a technology standpoint, a company needs technology that visualizes what’s happening across the entire network. With that, a company can respond to threats before they occur. That said, when breaches do occur, security needs to be automated across physical, virtual and cloud touchpoints to reduce complexity and quickly remediate attacks.
Besides processes and technologies, organizations will also need to invest in people to become more resilient in the face of new attacks. It’s evident that many high-profile security breaches in recent times began with a phishing attack on a single employee. Only increased employee awareness could have prevented these events. Hence, personal responsibility with respect to security must become a business priority, too. And as the lines between personal and enterprise technology blur, organizations can also consider extending protection to employees in their personal use of technology.
Given that ASEAN is such a diverse and complex region, political and cultural differences and variations in economic behavior can make awareness-building a challenge. It should be the responsibility of industry players and government bodies to drive the security agenda through comprehensive awareness-building programs. By doing so, we empower ASEAN to achieve its potential and claim its rightful place as one of the leading lights of the global digital economy.
This article is part of the recently concluded World Economic Forum on ASEAN 2017 in Phnom Penh, Cambodia and first appeared on the World Economic Forum Agenda blog.