Palo Alto Networks, the world's leading AI cybersecurity company and the National Cybersecurity Agency today announced a strategic collaboration to leverage cloud security and bolster cybersecurity capabilities across government agencies. This partnership aims to support implementing the National Cloud Security Framework and help government agencies transition systems to cloud platforms. The project is one of the programs that drives the country towards a digital government.
The Thai government continues to advance its Cloud First Policy, which is designed to integrate cloud technology across all government agencies to support the nation's digital transformation initiatives . In June 2024, the Cabinet approved the formation of a Cloud-First Policy Committee, tasked with overseeing this transition toward a fully digital government.
"Through this partnership, we underscore our commitment to creating a safer digital future for Thailand and meeting evolving cybersecurity standards. Government agencies will gain the knowledge and expertise necessary to navigate the changing cybersecurity landscape and achieve compliance with emerging regulations," said Air Vice Marshal Amorn Chomchoey.
The collaboration will focus on four key areas:
- Implementation and Compliance with the National Cloud Security Framework: To deploy cloud security solutions in alignment with the National Cloud Security Standard (2024). They will also establish a Cloud Center of Excellence (Cloud COE) to develop and promote best practices in cloud security. In addition, NCSA and Palo Alto Networks plan to conduct Cloud Security Best Practice Workshops targeted at government agencies to enhance cloud security knowledge and implementation.
- Data Privacy and Regulatory Compliance: Palo Alto Networks will conduct Security Posture Assessments (SPA) for both public and private organizations to evaluate and enhance their cloud security measures. Palo Alto Networks and NCSA will also perform Cloud Compliance Readiness Assessments to support organizations in meeting stringent government standards, ensuring a higher level of regulatory adherence across industries.
- Training and Capacity Building: To organize workshops and knowledge-sharing sessions to enhance cybersecurity skills for professionals across various sectors. They will implement specialized training programs tailored for government officials and cloud administrators and develop a Cybersecurity Awareness Program designed to raise awareness among employees in both the public and private sectors.
- Public-Private Cybersecurity Collaboration: This collaboration aim to drive initiatives to strengthen Thailand's cybersecurity resilience through closer cooperation between the public and private sectors.
"This collaboration marks a significant step towards a more secure and resilient digital infrastructure for Thailand. The Cloud First Policy marks a significant step forward in the global movement toward cloud adoption, and Thailand is no exception. This initiative reflects the increasing reliance on cloud services for both data storage and government operations. As cloud usage grows, particularly in the era of AI, securing these environments becomes critical. Palo Alto Networks is fully committed to supporting the Cloud First Policy, providing robust and comprehensive cloud security solutions to ensure that organizations can embrace this transformation with confidence," said Piya Jitnimit, Country Manager of Thailand, Palo Alto Networks.
Importance of Cloud Security in the AI era
Generative AI's acceleration of software development and delivery is straining current approaches to cloud security. Organizations must understand that just because it's generated by AI doesn't mean that it's secure. Organizations are relying on open-source third-party libraries for AI-powered coding; however, they aren't concerned about the data that the Large Language Modules was trained on or whether it is secure. GenAI allows for speed and efficiency, but there's immense risk in the early stages of AI-generated code.
The adoption of AI will generate massive amounts of data that most organizations are not currently equipped to protect. Data and AI go hand in hand, and organizations must define how sensitive data is being protected, wherever it is located. Organizations must be able to answer three questions:
- What data exists across clouds?
- Who is using our most crucial data?
- How can we stop sensitive data from being exfiltrated?
Key questions surrounding data existence, usage, and protection across cloud environments must be addressed.
Here are the Guidelines for Cloud Security in 2025
To safeguard cloud environments in 2025, Palo Alto Networks recommends focusing on five key areas:
- Platformization to Accelerate, Collaborate and Simplify: A centralized security management platform provides end-to-end protection for applications and data, enhancing visibility, control, and automation across varied cloud architectures.
- Securing AI Adoption: With AI-accelerated development introducing new risks, such as misconfigurations, organizations must regulate AI usage, protect software supply chains, and secure development environments.
- Intelligent Data Security: Encryption, access controls, and data monitoring are essential to protect sensitive information. Automating data discovery and classification, alongside implementing Data Security Posture Management (DSPM), will help manage large data volumes.
- Streamlining DevOps Pipelines: Reducing bottlenecks in the DevOps pipeline by incorporating secure-by-design principles will help ensure smooth, secure development workflows.
- Building a DevSecOps Culture: By fostering collaboration between security and development teams, organizations can ensure robust protection of business outcomes.
Adopting the Cloud First Policy will be the policy that responds to digital services for citizens and Thailand's digital era.