Microsoft is scaling back or delaying data centre developments in several countries, including Indonesia, the UK, Australia, and in certain US states, as it reassesses strategy.

According to individuals familiar with the matter, ongoing talks and planned builds have been paused in North Dakota, Illinois, Wisconsin, the UK midlands and Jakarta, Indonesia. The pullback comes amid questions about whether expected demand for AI services can support the pace and cost of Microsoft’s global data centre expansion.

Microsoft has acknowledged changing its strategy but declined to provide details about specific projects. “We plan our data centre capacity needs years in advance to ensure we have sufficient infrastructure in the right places,” a Microsoft spokesperson said. “As AI demand continues to grow, and our data centre presence continues to expand, the changes we have made demonstrates the flexibility of our strategy.”

Some of the shelved plans include a site near Chicago, and a proposed lease near Cambridge in the UK for a facility to host Nvidia hardware. Microsoft has also paused work at a site in Mount Pleasant, Wisconsin, where development has already cost US$262 million, according to documents reviewed by Bloomberg.

In Jakarta, parts of a data centre campus have been placed on hold. Elsewhere, Microsoft has walked away from a proposal to acquire more capacity from cloud infrastructure company CoreWeave. CoreWeave’s CEO Michael Intrator confirmed the decision, but did not specify which locations were affected.

In other cases, negotiations have slowed rather than stopped. At a server farm in North Dakota originally earmarked for Microsoft, discussions stalled until an exclusivity clause lapsed. Applied Digital, the data centre operator, has since found other tenants and secured funding to proceed with development.

At Ada Infrastructure’s Docklands site in London, Microsoft was in talks for about leasing 210-megawatt of capacity, but has is holding off on committing. The site is now being shown to other potential tenants, according to sources familiar with the matter.

Microsoft says it remains committed to key projects, which include a US$3.3 billion facility in Wisconsin and the launch of the Indonesia Central cloud region in mid-2025. It has maintained that it will spend roughly US$80 billion on data centre buildouts in its current fiscal year but signalled a shift in its next fiscal year toward equipping existing sites rather than construction of new data centres.

While Microsoft is re-evaluating, other firms are pressing on with large-scale infrastructure. OpenAI, Oracle, and SoftBank have announced joint venture Stargate, which aims to invest up to US$500 billion in AI infrastructure in the US. Stargate’s first phase includes a US$100 billion deployment in Texas, intended to support large-scale AI development.

The contrast in strategy between competing hyperscalers has drawn attention from investors and analysts. TD Cowen reported that Microsoft has abandoned projects amounting to two gigawatts of electricity capacity across the US and Europe. The firm suggested this may indicate a mismatch between expected demand and Microsoft’s existing capacity. Analysts also speculated that OpenAI may be shifting workloads from Microsoft to Oracle.

The change in infrastructure strategy is also being influenced by developments in the technology. Chinese AI firm DeepSeek claims it can deliver competitive AI performance using fewer resources, raising the possibility that future AI systems may require less computing power than originally anticipated.

At the same time, Microsoft’s adjustments may reflect external constraints. In cities like Dublin and Amsterdam, data centre growth has been met with tighter regulation due to concerns over electricity consumption and environmental sustainability. Dublin has limited new grid connections for data centres, while Amsterdam previously paused all new development to address strain on local resources.

Industry observers say hyperscalers are increasingly shifting focus to projects that can deliver results more quickly and cost-effectively. “You may have initially thought one data centre project would be the fastest speed to market, but then you realise that the labour, supply chain and power delivery wasn’t as quick as you thought,” said Ed Socia, director at datacentreHawk. “Then you would have to shift in the short term to focus on other markets.”

CoreWeave’s Michael Intrator said that Microsoft’s retreat appears to be specific to its situation. “It’s pretty localised, and their relationship with OpenAI has just changed,” he said.

The post Microsoft pauses data centre investment in Indonesia, US, and UK appeared first on TechWire Asia.

A growing number of North Korean IT workers are posing as remote freelancers from other countries in an effort to gain access to companies in Europe, raising concerns about potential espionage, data theft, and operational disruption.

According to Google’s Threat Intelligence Group (GTIG), these workers—who refer to themselves as “warriors”—are securing remote roles with foreign organisations to generate revenue for the Democratic People’s Republic of Korea (DPRK). The activity, previously concentrated in the United States, is now increasingly being observed in European countries such as Germany, the United Kingdom, and Portugal.

Since GTIG’s last report on DPRK IT worker activity, recent crackdowns in the US have made it more difficult for these individuals to secure and maintain employment there. According to a blog post by Jamie Collier, lead adviser for Europe at Google’s Threat Intelligence Group, GTIG has observed a rise in operations globally, with particular growth in Europe over the past few months. Countries targeted include Germany, the UK, and Portugal.

The workers often misrepresent their nationalities, claiming to be from countries such as Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam. They find jobs through freelance platforms like Upwork and Freelancer, as well as communication channels such as Telegram. Payments are typically made in cryptocurrency or through digital payment platforms including Wise and Payoneer.

Upwork provided a statement following publication, clarifying it did not receive the initial request for comment. The company said:

“Fraud prevention and compliance with US and international sanctions are critical priorities for Upwork. The tactics outlined in this report represent a challenge that affects the entire online work industry, and Upwork is at the forefront of combating these threats. Any attempt to use a false identity, misrepresent location, or take advantage of Upwork customers is a strict violation of our terms of use, and we take aggressive action to detect, block, and remove bad actors from our platform.

Upwork has long invested in industry-leading security and identity verification measures, deploying advanced technology alongside a dedicated team of global professionals across legal, investigations, intelligence, identity risk management, compliance, anti-money laundering, and machine learning detection. These experts work relentlessly to prevent fraudulent activity before it reaches our customers, and quickly respond to new methodologies and trends.

As fraud tactics evolve, Upwork continuously enhances its proactive screening for attempts to bypass geographic restrictions, monitoring for signs of misrepresentation both before and after contracts begin. Our sophisticated detection tools, paired with strong partnerships with law enforcement and regulatory bodies, enable us to take swift and decisive action when fraudulent behaviour is identified.

While no online platform is immune to fraud, Upwork is setting the standard for trust and safety in the industry. We will continue to invest in cutting-edge fraud prevention measures and vendor solutions, collaborate with industry stakeholders, and innovate to protect our customers and uphold the integrity of our marketplace.”

Freelancer, Telegram, Wise, and Payoneer did not respond to requests for comment.

GTIG reports that since October, there has been an uptick in cases where previously terminated workers attempt to extort their former employers by threatening to leak sensitive company information to competitors. Collier suggested that mounting pressure on these workers may be pushing them toward more aggressive tactics to maintain income.

One case in late 2024 involved a North Korean individual operating under at least 12 separate identities while applying to organisations in the defence and public sectors, reportedly using false references. In the UK, North Korean IT workers have been linked to work ranging from standard web development to more advanced projects in blockchain and artificial intelligence.

Google’s research points to risks associated with bring-your-own-device (BYOD) policies, where employees use personal devices to access internal systems. These setups often lack proper security oversight, making it more difficult to detect unauthorised access.

Authorities in the US and UK have issued multiple warnings about these activities. The FBI has advised firms to improve identity verification practices, while the US Treasury in January sanctioned two individuals and four entities accused of generating revenue for the North Korean government. Officials allege the regime withholds up to 90% of wages earned by these workers.

In a separate legal action, a US federal court in Missouri indicted 14 North Korean nationals in December for allegedly participating in an employment scheme that generated US$88 million over six years. Some of these individuals were reportedly employed by US firms for extended periods, earning hundreds of thousands of dollars without detection.

The UK’s Office of Financial Sanctions Implementation has also responded. In September, it recommended employers implement stricter identity checks, including video interviews, and advised against using cryptocurrency for payments.

Collier noted that North Korea has a long history of engaging in cyber operations to fund its regime. “A decade of diverse cyberattacks (encompassing SWIFT targeting, ransomware, cryptocurrency theft, and supply chain compromise), precedes North Korea’s latest surge,” he wrote.

“This relentless innovation demonstrates a longstanding commitment to fund the regime through cyber operations. Given DPRK IT workers’ operational success, North Korea will likely broaden its global reach. With APAC already impacted by these operations, this problem is set to escalate. These campaigns thrive on ignorance and will likely enjoy particular success in areas of APAC with less awareness of the threat.”

The post Google warns of North Korean freelancers targeting European firms appeared first on TechWire Asia.

The hardware comprises Lenovo’s ThinkSystem V4 servers, which the company says offer better performance.

Lenovo says the ThinkSystem servers can manage tasks from astrophysics to static site web serving. The servers can reportedly achieve up to 6.1 times more than those with the previous generation of processors. Onboard MRDIMM technology doubles memory bandwidth for accelerated data processing in AI applications.

Scott Tease, Vice President of Lenovo Infrastructure Solutions Group and General Manager of the Product Line, said, “The new Lenovo ThinkSystem V4 servers represent the next generation of performance and innovation, achieving higher compute with less energy consumption and delivering AI-powered management that empowers businesses with fast and protected AI deployment across any environment.”

Tease said that the new systems were designed to address challenges related to limited power availability and provide higher performance when handling compute-intensive AI tasks.

The three servers, SR630 V4, SR650 V4, and SR650a V4, are designed for different uses, from generic cloud services, AI workloads, and GPU-intensive tasks.

The SR630 V4 is space-efficient at only 1U high, so can provide high-density computing for the cloud and fintech. The SR650 V4 server offers up to a quarter more software GPU capacity and doubles computation performance compared to previous models at this price point. Lenovo states that it’s suitable for simulation, modelling, engineering, and AI workloads.

The SR650a V4 is designed to deliver maximum AI power, capable of handling GPU-intensive workloads like machine learning and media analytics. The 2U2s platform can support up to four double-width GPUs, and front panel GPU access makes it easy to upgrade cards.

Lenovo’s Neptune liquid-cooling is also capable of freeing up internal space and reduce power use by improving overall thermal efficiency. In turn, this creates room for more resources in existing racks.

Lenovo’s ThinkSystem servers include an optional locking bezel to secure servers and their internal hardware, a bonus in remote settings where physical access may be more vulnerable.

XClarity One, Lenovo’s centralised systems management platform helps deploy, monitor and manage IT infrastructures. It simplifies Lenovo ThinkSystem V4 servers’ operations, and uses AI analytics to monitor the server components’ health.

XClarity One now includes a ‘Federated Directory’ which allows the management of complete systems from a centralised point, rather than separate access controls for each application. The directory uses a unified registry and a single account.

The post Lenovo introduces new Intel Xeon 6 chips in DC servers appeared first on TechWire Asia.

The experiences of building developers Adarsh Developers at the hands of cloud provider AWS is a cautionary tale for those organisations entrusting their most valuable assets to the cloud.

In May 2023, the company was persuaded to opt for a system upgrade by AWS to increase the security of its cloud-hosted assets. Adarsh Developers hosted its ERP platform, SAP S/4HANA, on AWS. Given that AWS and SAP held data vital to the company (including detailed financial records), the proposed update seemed like a sensible idea.

Fast forward to January 9th this year, and the company discovered that as of 10:48am, the entire SAP S/4HANA platform had been wiped from AWS disks, thus bringing the business to a complete halt. With no customer data, supplier details, financial information – everything, in fact – it was as if Adarsh Developers no longer existed on AWS. According to The Hindu, the company has since estimated its losses at ₹5 crores (around US$576,500) per day since Jan 9.

The Indian police have raised an FIR (first information report) against AWS under the IT Act, citing fraud and impersonation. Adarsh Developers states its financial losses due to the data outage are in excess of ₹100 crores (US$11.5 million), quoting this figure in the filing.

The company’s SAP integration and consultancy partner, SAVIC, has investigated the massive data loss, and placed the blame at the doors of AWS, and/or its reseller, the Redington Group. The company claims in the FIR that the deletion of Adarsh Developers’ data was invoked “at root level” (meaning by an account with superuser privileges) by Redington personnel.

AWS India, via a spokesperson to The Hindu, stated: “The claims against AWS are false. AWS operated as designed and is not responsible for the deletion […].” All the parties involved (SAVIC, Redington, AWS, and Adarsh Developers) have to submit technical data to back their stories.

The case and the issues surrounding massive data loss from cloud providers throw into relief several issues that are continuing concerns of data professional, operations managers, cybersecurity personnel, and systems providers.

• Any complexity in an IT supply chain increases the chances of data loss, and delays the identification of the root causes of critical issues (and therefore, their remediation),
• Service centralisation in terms of computing platforms (using an ERP as opposed to multiple point-products) comes with inherent risk,
• Provisioning a single cloud provider can create another point of failure.

If there is one lesson to be learned from the experience of Adarsh Developers, it is that cloud providers are not responsible for maintaining the integrity nor even continuing existence of data stored with them, and, therefore, are not responsible any client’s business continuity. Although companies like AWS, Microsoft, and Google are household names, there is no guarantee that a business’s assets kept by them are inviolable. Even such ‘givens’ as Office 365 email continuing reliably have to be questioned, and companies should take steps to ensure their own data is quickly recoverable, regardless of hosting and platform(s).

Whatever the eventual outcome of the Indian court proceedings, the victim in this case can’t hope to achieve enough compensation for its loss of business, reputation, and time. Cloud services are merely ‘someone else’s computer’. The realisation of the implications of centralisation, and in some cases, the high cost of cloud services is leading many organisations to adopt multi-cloud strategies, or take at least some of their critical systems back on-premise.

Human error is the most likely cause of the disaster that has befallen Adarsh Developers, and the culprit being established is moot, apart from giving Adarsh a possible source of compensation. Mistakes, misconfiguration, or security lapses will happen, and investment in appropriate recovery processes is (or should be) as central to modern businesses as email and internet access.

The most-publicised data losses stem from the activities of bad actors, either externally or in the guise of insider threats such as disgruntled employees. Simple human error gets little coverage.

The post Adarsh Developers suffer total data loss after cloud deletion appeared first on TechWire Asia.

AirTrunk, a leading name in hyperscale data centres across Asia Pacific & Japan (APJ), is strengthening its foothold in Malaysia with plans for JHB2—its second cloud and AI-ready data centre in Johor’s Iskandar Puteri region. Once fully operational, JHB2 will offer over 270 megawatts (MW) of capacity, meeting the growing needs of global cloud and tech giants setting up shop in the area.

The announcement comes only months after AirTrunk launched JHB1, its first data centre in Johor, which went live in July 2024 with over 150MW. The two projects represent a massive RM9.7 billion (A$3.5 billion) investment, pushing AirTrunk’s total capacity in Malaysia to more than 420MW.

Powering Malaysia’s digital future

JHB2 is set to sit within a key availability zone and will offer seamless cross-border connectivity for customers operating across Malaysia and Singapore. The project supports Malaysia’s digital transformation goals while aligning with the Johor-Singapore Special Economic Zone (JS-SEZ)—a joint initiative aimed at driving regional growth.

Malaysia is positioning itself as the next big data centre hub in Asia, drawing global companies with land incentives and resources, especially as firms look beyond land-scarce Singapore. The approach is working—Johor was recently named Southeast Asia’s fastest-growing data centre market in 2024, driven partly by Singapore’s temporary pause on new data centres.

However, this rapid growth has brought challenges. Johor rejected nearly 30% of data centre applications in 2024, as authorities moved to protect local resources like water and electricity.

AirTrunk’s success in securing JHB2 despite this increasingly selective approval process highlights the company’s reputation and commitment to responsible, sustainable development.

Built for AI, built for the future

Like JHB1, JHB2 is built with AI in mind. It will feature advanced liquid cooling technology, allowing it to handle high-density AI workloads efficiently, all while keeping energy consumption in check.

JHB2’s design emphasises efficiency and sustainability. The facility will operate with a low Power Usage Effectiveness (PUE) of 1.25 and will provide customers with renewable energy options. However, since the proliferation of data centres in Malaysia raises concerns about water scarcity, JHB2 is addressing the resource challenge directly.

Addressing water scarcity with alternative solutions

Malaysia’s data centre expansion is putting pressure on public water supplies, particularly in Johor. The National Water Services Commission (SPAN) has warned that demand from data centres in key states far exceeds availability, forcing the regulator to write new guidelines requiring operators to use alternative water sources such as reclaimed, rainwater, or treated wastewater.

These rules are expected to be enforced by mid-2025, with a target to eliminate data centres’ reliance on potable water within three years.

AirTrunk is already ahead of the curve. The company is exploring the use of treated greywater for cooling at both JHB1 and JHB2, aligning with the government’s push for alternative water sources.

Insiders confirm that AirTrunk’s sustainability plans will ensure both facilities are well-prepared to meet SPAN’s upcoming requirements.

Driving the clean energy transition

AirTrunk’s Net Zero 2030 target is more than just talk—the company is taking real steps to reduce its carbon footprint:

• One of Southeast Asia’s largest onsite solar installations is already up and running at JHB1.
• Malaysia’s first Virtual Power Purchase Agreement (VPPA) has secured 30MW of renewable energy through the Corporate Green Power Programme.

At JHB2, AirTrunk is working with Malaysia’s utility provider, Tenaga Nasional Berhad (TNB), to fast-track high-voltage power supply within 12 months under TNB’s Green Lane Pathway for Data Centres.

The company is also providing land for a new substation, which will assist to improve the region’s power infrastructure.

Investing in local talent

AirTrunk’s involvement is more than just infrastructure; it’s also about people. Malaysia’s workforce is 90% local, with employees earning above-market salaries and having access to career development programs.

The company is supporting digital literacy initiatives and funding STEM scholarships at Universiti Teknologi Malaysia (UTM) to build up Malaysia’s future tech talent pipeline.

Pei Jet Lim, AirTrunk’s Country Head for Malaysia, summed it up this way:

“Combining long-term investment with high value local employment, training and social impact initiatives is central to our approach. As with JHB1, we have also continued to pioneer sustainable practices with JHB2, in line with our commitment to achieving Net Zero by 2030.”

Support from local leaders

The Menteri Besar of Johor, Dato’ Onn Hafiz Ghazi, praised AirTrunk’s continued commitment, emphasising its positive impact on jobs, skill development, and digital infrastructure:

“Ensuring high value employment and training opportunities, like those offered by AirTrunk, alongside the economic contribution of digital infrastructure also ensures a positive legacy for Johor. This will surely help in achieving the vision of Maju Johor by 2030.”

Expanding across Asia Pacific

With JHB2, AirTrunk’s regional footprint grows to 12 data centres across Australia, Hong Kong, Japan, Malaysia, and Singapore—bringing total capacity to nearly 1.8 gigawatts (GW).

For Malaysia, this expansion is about more than building data hubs. It’s fueling cloud and AI innovation while delivering long-term value to the economy, workforce, and environment.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post AirTrunk unveils plans for second cloud and AI data centre in Johor appeared first on TechWire Asia.

Alibaba Cloud is expanding its footprint in Thailand, launching its second data centre to meet the country’s growing demand for cloud services and support the region’s push toward digital transformation.

The new facility will strengthen Alibaba Cloud’s local capacity, enhancing disaster recovery capabilities and improving performance for businesses adopting cloud and AI technologies – especially those exploring generative AI applications.

“Our latest data centre strengthens our commitment to providing reliable, secure, and high-performance cloud services tailored to the needs of local businesses,” said Sean Yuan, Vice President of International Business at Alibaba Cloud Intelligence.

“With enhanced local infrastructure, we aim to empower enterprises to use the full potential of cloud technology, especially in generative AI applications.”

Expanding presence in Southeast Asia

The opening of the second Thai data centre brings Alibaba Cloud’s global infrastructure to 86 availability zones across 28 regions, further cementing its position as one of the leading cloud provider in Southeast Asia.

The first Thai data centre opened in 2022, and this latest expansion reflects growing demand from businesses in sectors like fintech, retail, and public services.

Alibaba Cloud isn’t alone in ramping up its investment in Thailand. Tencent operates two availability zones in Bangkok, while Amazon Web Services (AWS) launched its first Thailand region in January 2024. Meanwhile, Microsoft and Google are also building data centres, with Microsoft unveiling plans in May 2024 and Google following in September.

Tailored solutions for Thai businesses

With two local data centres, Alibaba Cloud is expanding its range of services to support businesses navigating digital transformation.

The company offers elastic computing, storage, databases, security, networks, AI-powered tools, and data analytics platforms, designed to help businesses tackle industry-specific challenges.

One such option is AnalyticDB’s cloud-native vector engine, which enables Thai fintech and retail businesses to build retrieval-augmented generation (RAG) applications.

The AI solutions assist businesses creating dedicated knowledge bases, managing structured and unstructured data, and developing chatbots and personalised customer experiences.

Alibaba Cloud has also introduced the Container Compute Service (ACS), which uses Kubernetes for workload management.

Building local partnerships and nurturing talent

Alibaba Cloud is actively collaborating with Thai companies and partners to advance digital transformation. The company has partnered with 70 local firms, including Cloud HM, Kaopanwa, Softdebut, Thai Data Cloud, and True IDC, to deliver cloud services and drive cloud adoption across industries.

Thai businesses like True Digital Group – part of True Corporation – are already using Alibaba Cloud’s database and container technologies to enhance the scalability of its energy platform.

Meanwhile, software company Codium has teamed with Alibaba Cloud to offer digital workplace solutions, strengthening the country’s cloud ecosystem. Alibaba Cloud collaborates with universities, including Chulalongkorn University, King Mongkut’s University of Technology Thonburi, Prince of Songkla University, and Bangkok University, offering cloud computing and AI training.

In late 2023, Alibaba Cloud launched its first global skills centre at Chulalongkorn University, providing free courses, boot camps, and AI competitions to help students and professionals build their careers.

A secure and resilient cloud platform

The company holds over 140 security and compliance certifications globally to enhance cyber protection and resilience. With two data centres now in place, businesses in Thailand can use Alibaba Cloud’s scalable platform for workloads that comply with local regulations.

Alibaba Cloud’s expansion in Thailand is part of a broader growth strategy. The company has announced plans to expand in Mexico, the Philippines, and South Korea.

Thailand is emerging as a hub for cloud infrastructure in Southeast Asia. Alibaba’s investment reflects its confidence in the region, and by expanding its presence, the company is offering businesses some of the tools they need to innovate and scale.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Alibaba Cloud opens second data centre in Thailand appeared first on TechWire Asia.

Many organisations are employing a shift-left approach to cloud security to address these challenges. They include security early in the development lifecycle so teams can identify vulnerabilities before they become too severe. By baking security into the development process, businesses lower risk and build confidence in their cloud-based operations.

Before diving into the Shift-Left approach, it’s necessary to understand why cloud application security is so important.

Why cloud application security matters?

With organisations increasingly looking toward cloud services for storing and processing sensitive information, the associated risks must be acknowledged and implemented appropriately in cloud application security testing. This would ascertain and improve the security features within the cloud environment while protecting critical data and ensuring consumer confidence. This assessment includes inspecting applications, databases, networks, and possible vulnerabilities.

Organisations can utilise different testing methods to identify areas vulnerable to breaches or cyberattacks, thus allowing them to enforce necessary measures to intensify their defences against cybercrime.

Cloud security is a shared obligation of the consumer and the cloud provider. The shared responsibility notion identifies three types of responsibilities. The cloud provider is always responsible for the security of its infrastructure and networks. In contrast, the customer is responsible for identity and access management, encryption and security of cloud-based data assets, and compliance. The last category includes responsibilities that differ depending on the service model: Software as a Service (SaaS), Infrastructure as a Service (IaaS), or Platform as a Service (PaaS).

Cloud application security testing software uses industry-leading approaches (SAST, DAST, IAST, and SCA) to discover the most prevalent security vulnerabilities, from online to mobile to open-source. Application security tools prevent risks in applications before they get into production.

The shift-left approach: Securing from the start

Shift-left security includes integrating security at the earliest stages across the software development lifecycle. This provides application security testing in the planning and development phases to preempt security demands as soon as possible and mitigate potential problems later in development. Shift left indicates a left movement, facilitating collaboration between development, information security, and operations.

Shift-left for cloud security minimises the risk of application security vulnerabilities surfacing in production while streamlining time-to-market. Here are some key benefits of adopting shift-left for cloud security:

• Early vulnerability elimination: By incorporating security into the SDLC’s early phases, developers may find and remedy vulnerabilities before they become more complex and expensive to resolve.
• Improved collaboration: Shifting left fosters early engagement between security and development teams, which improves communication and alignment around security goals.
• Enhanced security posture: Dealing with security problems early in SDLC might reduce the possibility of data breaches, cyberattacks, and compliance violations.
• Lowered costs: Addressing security vulnerabilities before the development stage is usually less expensive than dealing with them later in production.

Organisations are looking for ways to integrate security into the development process while empowering developers to create secure and reliable solutions—without requiring them to become security experts or slowing down application development. Shift-left security helps achieve this by significantly alleviating security concerns associated with cloud-native software and application development. As the cloud continues to dominate digital transformation, shifting left will become a critical security best practice for the 85% of organisations projected to adopt a cloud-first strategy by 2025.

Key features of enterprise-grade cloud application security software

Comprehensive testing capabilities

To ensure robust protection, enterprise-grade solutions provide multiple layers of testing:

• Dynamic application security testing (DAST): DAST tools look for web application vulnerabilities while running. They allow users to scan running apps and APIs for potential vulnerabilities in the production environment.
• Static application security testing (SAST): It scans source code in applications and APIs for vulnerabilities in the early stages of development. SAST offers scanning solutions for developers, supporting diverse technology landscapes.
• Interactive application security testing (IAST): It monitors apps and APIs to detect and resolve issues without slowing development. It unites SAST and DAST by analysing the application during runtime with deeper code insights, providing more actionable results.
• Software composition analysis (SCA): It covers apps from vulnerabilities caused by open-source software components. SCA integrates into multiple stages of the application’s lifecycle to quickly assess components within specified folders, containers, or images.

Automated scanning integrated with DevSecOps workflows

Modern security testing software integrates build environments, DevOps tools, and integrated development environments (IDEs) to create a frictionless application security testing experience. As organisations increasingly embrace automation in their DevOps workflows, DevSecOps emerges as a crucial approach, embedding security controls directly within the continuous integration and delivery process

By incorporating automated security measures into the production cycle, organisations can address vulnerabilities before applications go live, minimising inefficiencies and mitigating risks. This integration ensures that security is no longer an afterthought but a critical component of the development process. DevSecOps facilitates this transition by automating cybersecurity and managing the CI/CD toolchain. This approach enhances application security while simplifying the development lifecycle.

AI-driven insights for prioritising vulnerabilities

The evolving cyber threat landscape and surge in connected devices have drastically expanded organisations’ attack surfaces. Managing vast networks, countless attack vectors, a talent shortage, and overwhelming data volumes has become daunting. AI and ML have emerged as vital tools to address these challenges. By automating threat detection and response, AI can process data at a scale and speed surpassing human capabilities.

With the continued development of cloud services, AI is pivotal in automating tasks such as:

• User access management: Reducing the risk of unauthorised access through intelligent automation.
• Error mitigation: Minimising human error in security configurations and processes.

Organisations can improve their cybersecurity measures and optimise operations by using AI-driven methods to prioritise vulnerabilities.

Conclusion

In the ever-changing threat landscape, proactive security is more than an option; it is essential. Approaches like shift-left testing are crucial for detecting vulnerabilities early on, strengthening your security posture, and allowing continuous innovation during your digital transformation. Schedule an application security demo today and take the next step toward protecting your business. Discover how application security on the cloud may provide you with sophisticated capabilities and strategies for staying ahead of threats. Explore its potential today and rethink your approach to security.

The post Cloud application security: The importance of shift-left testing in development appeared first on TechWire Asia.

Its pervasive influence comes when the digital world faces a new raft of data challenges. According to Verhoef, humanity has generated and stored 175 zettabytes of data – a volume so massive that, if stored on CD-ROMs and stacked, it would create a tower reaching the sun and back.

This (literally) astronomical amount of data, comprising both structured (roughly defined as database entries) and unstructured (photos, videos) content, presents challenges and opportunities for infrastructure development.

“Even though there’s a lot of talk about tape being dead, the big hyperscalers are the biggest customers of IBM tape,” Verhoef said, stating cloud providers still rely on tape libraries for cost-effective storage of rarely-accessed data. This practical approach to data storage demonstrates how ‘traditional solutions’ continue to play a crucial role in modern infrastructure.

Breaking through computing bottlenecks

IBM’s infrastructure strategy focuses on overcoming three bottlenecks: software infrastructure, compute capacity, and storage access times. The company has made significant advances in all three areas, Verhoef said.

IBM’s acquisition of Red Hat and its OpenShift containerisation platform has changed application deployment. Traditional deployment cycles that once took up to four months can now be significantly shortened, allowing businesses to respond more rapidly to market demands.

On the compute front, IBM has pushed the boundaries of chip density, progressing from 7-nanometre chips to developing 2-nanometre technology. The advancement isn’t just about speed – it’s about reliability, too. NASA’s choice of IBM chips for the Mars rover demonstrates the technology’s proven track record in mission-critical applications where failure isn’t an option.

Storage technology has seen perhaps the most dramatic improvements. The evolution from traditional hard drives (10,000 microseconds access time) to flash storage (80 microseconds) and now to NVME-RDMA technology (7 microseconds) has transformed data access capabilities. IBM’s Flash System, incorporating these advances, is one of the leading technologies of storage.

The quantum computing revolution

Perhaps the most exciting development in IBM’s infrastructure journey is its quantum computing breakthrough. The company progressed from a 27-qubit system in 2019 to an impressive 433-qubit computer today. The quantum system operates at 50 millikelvin – colder than outer space – and has allowed a fundamental shift in computing paradigms.

“A quantum computer is not a new car or a supercar. It’s more equivalent to a boat that we place in the water, and we are exploring areas unknown,” Verhoef said, describing how quantum computing opens up entirely new possibilities rather than improving traditional computing’s capabilities.

Security implications and future challenges

The advent of quantum computing brings both opportunities and challenges. A 10,000-qubit computer could break current RSA encryption algorithms in less than five seconds, prompting IBM, among others, to develop quantum-safe encryption systems. It’s already used quantum-safe encryption in its financial systems, and Verhoef said the proactive approach to security demonstrates the company’s commitment to responsible technological advancement.

The path to cognitive computing

IBM’s journey in artificial intelligence predates current AI trends by decades. From Deep Blue’s historic chess victory over Garry Kasparov in 1997 to Watson’s Jeopardy triumph in 2011, IBM has pushed the boundaries of what we now call cognitive computing. The achievements weren’t just publicity stunts but significant milestones in natural language processing and decision-making capabilities.

Looking ahead: The next 50 years?

The implications of technology for businesses and society are profound. Verhoef noted that quantum computing could help solve problems that would otherwise require “25% of the earth’s resources” with traditional computing methods. The efficiency gain could revolutionise fields from drug discovery to climate modelling.

Current CPU technology has reached the processing equivalent of a mouse brain, but the journey toward human intelligence-level computing continues. As we approach what futurists call “singularity” – the point where computer processing power surpasses human cognitive capabilities – the role of infrastructure becomes increasingly important.

IBM’s progression from traditional infrastructure to quantum computing mirrors technological advancement – it has led to a reimagining of how we process, store, and use information. On the brink of a quantum revolution, the next chapter in computing infrastructure promises to unlock possibilities we’re only beginning to imagine, from solving complex molecular problems to revolutionising financial models and beyond.

The post IBM’s quantum leap: From traditional infrastructure to 433-qubit computing appeared first on TechWire Asia.

Two major initiatives were announced at the launch of Malaysia’s National AI Office (NAIO), marking a significant step forward in integrating generative AI into public services.

The initiatives are part of Google’s broader partnership with the Malaysian government, which includes a US$2 billion investment in a new Google data centre and Cloud region in Selangor’s Elmina Business Park. Construction on the facilities has been underway since October 2024.

Introducing ‘AI at Work’: A productivity boost for public officers

The first initiative, ‘AI at Work,’ is a collaboration between the Ministry of Digital and Google Cloud. The programme will integrate Gemini for Google Workspace into public officers’ daily routines, beginning with a pilot program at the Ministry of Digital. The goal is to enhance productivity by leveraging AI for tasks like report writing and meeting summaries, allowing officers to focus on strategic projects.

Gemini for Google Workspace is designed to be an “always-on” AI collaborator that streamlines workflows, creates visualisations, and improves communication in teams. Built with enterprise-grade protections, it ensures that sensitive data stays inside trusted boundaries.

Public officers using Gemini will gain access to a suite of productivity apps, like Gmail, Drive, Docs, Sheets, Slides, Meet, and Chat. Furthermore, NotebookLM, a personalised AI research assistant included as an add-on, enhances how public officers interact with legislative and policy documents.

NotebookLM: Transforming how public officers access information

NotebookLM stands out by allowing users to upload and query documents, extracting insights to support decision-making. For example, a public officer can upload files such as Google Docs, PDFs, or URLs and ask questions about their content. NotebookLM gives accurate answers with inline citations to ensure transparency. Aside from Q&A, the tool can generate summaries, briefing documents, timelines, and audio overviews, making it a useful assistant for public service personnel.

Google has also introduced new tools to enhance productivity and improve access to enterprise data. Google Agentspace, for instance, uses AI capabilities to help employees tackle tasks such as planning, research, and content creation. By combining Gemini’s reasoning abilities, search, and enterprise data, Agentspace enables employees to work more efficiently, regardless of where data is hosted.

NotebookLM is also being expanded for enterprises with a feature called NotebookLM Plus. Employees can use the tool to upload data, synthesise information, and extract insights, supporting more dynamic methods of engaging with content, such as Audio Overviews, which are similar to podcast-style summaries.

NotebookLM Plus prioritises security and privacy for organisational use, and an experimental version of Gemini 2.0 Flash is being integrated to improve the capabilities.

Serene Sia, Country Director for Malaysia and Singapore at Google Cloud, highlighted the importance of this initiative: “In alignment with NAIO’s goal of promoting AI innovation through collaboration, the AI at Work initiative by the Ministry of Digital and Google Cloud will empower public officers with secure and best-in-class AI tools to drive efficiency, innovation, and citizen-centric service delivery.”

Collaboration for responsible AI adoption

The second initiative focuses on policy and education. Google and NAIO are establishing an ‘AI Policy and Skilling Lab’ in Malaysia. The lab will serve as a hub for policymakers, industry experts, and other stakeholders to collaborate on AI-related challenges and opportunities. Through think tank discussions and workshops, the Lab aims to develop frameworks and best practices for the responsible use of AI.

Su Ann Lim, Head of Government Affairs and Public Policy for Google Cloud’s Southeast Asia Cluster, emphasised the Lab’s role: “The AI Policy and Skilling Lab aligns with the Malaysia government’s goals of operationalising safe and responsible AI. By fostering collaboration and knowledge sharing, this initiative will establish clear guidelines for AI adoption, ensuring its benefits are realised while mitigating potential risks. This will not only elevate Malaysia’s standing as a leader in the region for AI development and adoption but also attract investment and create new economic opportunities for Malaysians – especially ahead of the country’s ASEAN Chairmanship in 2025.”

Together, the initiatives highlight Malaysia’s ambitions to use AI for national development, demonstrating how technology and strategic partnerships can drive meaningful change in public service and beyond.

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Intelligent Automation Conference, BlockX, Digital Transformation Week, and Cyber Security & Cloud Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Malaysia National AI Office launch highlights new AI partnerships appeared first on TechWire Asia.

Fortinet’s 2025 Cyberthreat Predictions Report sheds light on the evolving dynamics of cybercrime, which continues to grow in complexity and scale.

The impact of attacks is far-reaching, with organisations worldwide facing significant challenges. In Malaysia, for instance, 52% of organisations reported that security breaches cost over US$1 million last year, while 28% incurred recovery costs exceeding US$3 million. Furthermore, recovery times remain a pressing issue, with 55% of organisations taking more than a month to recover and 25% taking four months or more. On average, recovery time takes about 2.22 months.

While traditional hacking tactics are still in use, the report indicates a shift toward more sophisticated methods that combine digital and physical threats. Cybercrime-as-a-Service (CaaS) has become more specialised, with attackers honing skills to execute highly targeted campaigns with tremendous impact.

Published by FortiGuard Labs, the report examines the evolution of traditional attack methods alongside emerging cybercrime trends. It provides insights into the challenges organisations face in today’s interconnected world and underscores the importance of collaboration to combat increasingly aggressive adversaries.

Key trends predicted for 2025 and beyond

1. A more targeted approach to cyberattacks

Cybercriminals place greater emphasis on the early stages of an attack, such as reconnaissance and weaponisation, allowing for quicker and more precise strikes later. As CaaS providers become more specialised, they focus on specific segments of the attack chain rather than offering comprehensive tools, creating a more efficient ecosystem for launching cyberattacks.

2. Increasing focus on cloud environments

Cloud vulnerabilities are expected to become a key focus for attackers as they target this critical part of digital infrastructure. Most organisations now rely on multiple cloud providers, adding to the complexity of their environments. Complexity makes cloud systems attractive targets. The trend is anticipated to accelerate as attackers exploit vulnerabilities caused by misconfigurations or weak security measures.

3. Automated tools fuel cybercrime growth

The use of AI-powered tools in cybercrime is expected to grow significantly. Automated hacking tools, such as those powered by large language models, are making advanced cyberattacks more accessible. The tools, which are available on the CaaS marketplace, streamline activities such as phishing, ransomware creation, and social media reconnaissance, lowering the barrier to entry for cybercriminals. Their availability on underground marketplaces is predicted to contribute to a rise in attacks across industries.

4. Integration of physical threats with cyberattacks

The convergence of cyberattacks with real-world threats is becoming more common. Some cybercriminal groups are already using physical intimidation against organisations’ leaders or employees, and this trend is likely to grow. Furthermore, partnerships between cybercrime networks and transnational criminal organisations may grow, incorporating activities such as smuggling and trafficking into increasingly complicated attack strategies. This development emphasises the increasingly multifaceted nature of modern cybercrime.

5. Collaborative frameworks to combat cybercrime

In response to rising danger, there is a rising demand for collaboration in the cybersecurity community. Initiatives such as global partnerships and public-private collaborations are becoming more prevalent. Frameworks aimed at disrupting cybercrime are also emerging, with initiatives such as the World Economic Forum’s Cybercrime Atlas seeking to unite stakeholders in solving challenges collectively. Enhanced collaboration is likely to result in more robust security frameworks, giving organisations additional tools to combat cyberattacks.

Strengthening defences through collaboration

Organisations are encouraged to look at cybersecurity as a shared responsibility that goes beyond single IT departments. Enterprise-wide security awareness and training are essential for effective risk management. Additionally, governments and technology providers should collaborate to establish and enforce robust cybersecurity standards.

Cybercriminals continue to advance their tactics, combining technical expertise with new forms of exploitation. By pooling resources and fostering collaboration across sectors, the cybersecurity community can better anticipate adversaries’ strategies and mitigate risks to critical systems and data. Addressing the challenges will require not only technical innovation but also a commitment to collective resilience at all levels of society.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Fortinet Cyberthreat Predictions for 2025 highlight bigger and AI-driven attacks appeared first on TechWire Asia.