Check Point backs Google Cloud to close ASEAN ‘Cloud Gap’

Check Point Software has set out its view on how organisations in Southeast Asia should change cloud network security design as hybrid and multi-cloud deployments expand and AI increases operational complexity.

Abhishek Kumar Singh, Head of Security Engineering at Check Point Software, said business leaders in ASEAN now face different questions about cloud adoption, particularly in sectors with tighter regulation and higher operational risk.

Singh pointed to the pace of digital commerce in the region as a factor shaping technology decisions. He referenced an expected US$300 billion gross merchandise value for the region's digital economy by 2025, which he said has raised pressure on CIOs and CISOs.

Cloud trade-offs

Singh described a recurring challenge where security controls create operational friction. He framed it as a "Cloud Gap" between threat prevention and flexibility. He said earlier approaches to cloud security often relied on manual routing and changes to network design. He also said teams accepted downtime risk and performance compromises.

He argued that DevOps teams can push back when security implementations slow release cycles or add complexity to routine changes. Singh said that tension has intensified as organisations deploy applications across a mix of cloud providers and on-premise environments.

The growth of hybrid and multi-cloud has created additional constraints for healthcare, government and financial services, which often face data handling obligations and audit requirements. Singh said those industries now manage more distributed networks with more policies to enforce and more traffic paths to monitor.

"Three main problems make it hard for many businesses in the area to do their jobs. First, due to policy fragmentation, keeping security consistent across thousands of hybrid networks is a logistical nightmare. Second, routing errors due to manually directing traffic to security devices are prone to mistakes and take a lot of resources. Third, a latency in performance due to traditional 'bump-in-the-wire' security can make mission-critical apps less enjoyable to use," said Abhishek Kumar Singh, Head of Security Engineering, Check Point Software.

Google Cloud focus

Singh said one route to reduce that friction sits inside Google Cloud. He highlighted Google Cloud Network Security Integration and the use of Generic Network Virtualisation Encapsulation, also known as GENEVE.

He said the approach addressed three areas he had set out earlier. These included consistent policy enforcement, fewer operational errors linked to traffic steering, and reduced latency when inspecting traffic.

Singh said the model places security inspection into the flow of cloud traffic. He said it does not require changes to routing policies or network architecture. He described it as "in-band" security.

He also said decision makers could apply threat prevention and access controls inside the Google Cloud environment. He characterised the threat prevention element as AI-powered.

Operational controls

Singh also described how traffic selection could affect cloud cost and performance. He referred to "quintuple traffic matching". He said the method sends only selected traffic for inspection rather than routing all traffic through the same controls.

He said that the approach reduced the amount of cloud resources dedicated to security inspection. He also said it reduced "hidden" costs linked to over-provisioning.

Singh also pointed to the way security teams and engineering teams increasingly share tooling and processes. He said security delivery as an internal service can increase flexibility for DevOps teams. He said security can become part of Infrastructure as Code workflows.

He cited Terraform and Ansible as tools used in those workflows. He said that the model embeds security policy into the same pipelines that deploy infrastructure and applications. He said teams can apply controls consistently across environments.

Single console

Singh also raised the issue of visibility when organisations run workloads in more than one environment. He said teams often use different consoles and tools across clouds and on-premise systems. He said that increases the time spent on investigations and routine compliance checks.

He described a "single pane of glass" approach for security policies and logs across environments. He said organisations could view assets across local data centres, Google Cloud and other providers through a single console.

Singh linked the architecture discussion to shifts in the threat environment. He said AI has added complexity for security teams and raised expectations for automation.

"In a place where "digital-first" is the rule, we can't let security slow things down. The ability to automate security and spread it across connected networks without changing the underlying architecture is no longer a luxury as we look to a future with more complex, AI-driven threats. It is necessary for competition. The message is clear for businesses that want to make sure their digital transformation goes smoothly: You don't have to choose between speed and safety. You can have both," said Singh.

He said the next phase of cloud adoption in Southeast Asia will put more weight on designs that reduce manual operations while keeping policy enforcement consistent across hybrid and multi-cloud networks.