Businesses in Hong Kong have yet to perfect the balance between cloud and artificial intelligence adoption versus risk control implementation, as the hype surrounding the new technologies reaches fever pitch in the city-state.
Speaking at the annual Cloud Expo Asia on May 16 in Hong Kong, industry professionals discussed the breakneck growth of artificial intelligence, big data and cloud applications in various industries, including healthcare, finance and telecommunications. They questioned whether cyberrisks associated with adoption have been overshadowed by the tech frenzy.
Ricky Woo, a convener at the Hong Kong Computer Society’s cybersecurity specialist group, told delegates that many industries have focused on the "sexy features, functionalities and cost-effectiveness" of technology solutions without factoring in the high risks linked to relying "heavily on third-party vendors."
Dangers associated with storing personal and sensitive data with third-party vendors came under much public scrutiny when millions of Facebook Inc. users found out that their personal data was used without their consent. The scandal eventually led to the shuttering of the data analytics firm Cambridge Analytica LLC, which had been linked to the social media platform.
Even so, at the conference, big tech companies briefed delegates on the progress of their artificial intelligence and cloud solutions, with plans to continue pushing it onto the Hong Kong market.
For example, Alibaba Cloud Computing Co. provided an update on its artificial intelligence platform, ET Brain, and its progress in China. The e-commerce giant singled out its recent partnership with Automated Systems Ltd. as a way to further penetrate the Hong Kong cloud market.
"But how do you leverage third parties for their artificial intelligence and cloud solutions when there is little regulation around data security here?" asked Great Gu, the Asia-Pacific cybersecurity manager at pharmaceutical research company AstraZeneca PLC.
China-based Gu pointed to the "stricter" regulations enforced in China under its cybersecurity legislation, which requires enterprises to constantly self-assess their risk controls and receive seals of approval from the government. Also, under China’s cybersecurity law, organizations must notify compliance officers in the event of a data breach.
However, in Hong Kong this is "entirely voluntary," stressed Stephen Wong, Hong Kong’s privacy commissioner since 2015. In China, he added, organizations are able to levy fines in the event of a data breach while in Hong Kong such cases must be settled in court.
Some believe it is not so much regulation, but rather a lack of focus from senior management that is preventing the adoption of a proper cyberrisk approach.
"You hear everyone telling you about artificial intelligence, machine learning and big data at this conference but the most important factor that needs to be addressed is the way to best articulate cyberthreats and cyber resilience," according to Ian Yip, McAfee’s Asia-Pacific chief technology officer. Security is very much a "C-level" conversation, he added.
Woo shared the same view and called for a need for senior management at various enterprises to adopt a "culture of risk, security and control," even when regulation is clearly outlined and budgets are secured.
"I believe banks and big enterprises need to develop a program on how to assess the risk of third-party vendors and consultants should be asked to assess and audit," he concluded.