Securing the Speed of Change: The New Imperative

Artificial Intelligence & Machine Learning (68%) and Cloud Infrastructure & Platforms (44%) represent the leading technology investment areas for enterprises in Thailand over the next 2-4 years, according to the 2025 AIBP innovation survey. Navigating this landscape successfully requires a fundamental shift: security can no longer trail ambition—it must actively enable it.

This was the core mandate from AIBP’s recent closed-door discussion with senior leaders in Thailand on Enabling Responsible, Secure and Sustainable Innovation. Stakeholders convened to chart a path forward, centering the discussion on demystifying Zero Trust as the unified strategy for secure, scalable, and responsible change across technology, operations, and business.

The consensus was definitive: the modern security agenda demands integrating protection with operational reality, achieving granular data defense, and building architectures capable of scaling for advanced environments like AI and Operational Technology (OT). For Thailand leaders, this means securing the transformation itself to realise the full benefits of speed, efficiency, and productivity. The foundation for this acceleration is Zero Trust, defined by the principles: verify explicitly, enforce least privilege, and assume breach.

The working group framed modern security as inseparable from transformation. The focus now moves to the specific technical pillars required to enforce Zero Trust principles across the modern enterprise.

Data as the Modern Perimeter

In a borderless digital world, data security is the core priority. Leaders acknowledged that data loss translates directly into massive financial risk, making prevention, visibility, and swift response capabilities paramount.

To combat this, the focus has shifted to advanced, scalable solutions:

• Data Security Posture Management (DSPM): Highlighted as a vital tool to discover, classify, and protect sensitive data across heterogeneous environments.

• AI-Assisted Classification: Essential for rapidly identifying and protecting sensitive data at scale, especially within unstructured content and emerging Generative AI (GenAI) workflows.

• Immediate Action: Teams agreed to pilot DSPM and initiate an AI-enabled classification proof of concept for unstructured documents and GenAI tools.

Modernising Access and Endpoints 

The necessity for this shift is driven by a critical threat landscape: the AIBP Innovation Survey 2025/26 identified the top regional challenges as Phishing attacks (45% in ASEAN) and Cloud security threats/misconfigurations (50% in Thailand), highlighting where legacy security controls are failing.

While legacy VPNs create significant performance and visibility trade-offs, the group reached a strong consensus on phasing out these dependencies in favor of modern controls:

• Zero Trust Network Access (ZTNA): Positioned as the successor to VPNs, ZTNA enables granular, identity-based access and applies consistent policies across locations—crucial for improving user experience and reducing lateral movement risk.

• Endpoint Security: Reaffirmed as foundational, especially given distributed field teams. New policies must deploy consistent agent-based safeguards across these fleets to prevent data leakage (e.g., personal, health, and financial information).

• Risk-Based Vulnerability Management: Recognising that "patching everything is unrealistic," teams prioritised AI-enabled assessment and continuous posture management to focus resources only on the most critical risks.

Highlighting the reality of workload, Jones Leung, Interim APJ SE VP and Head of SE Greater Asia, ZScaler, noted the necessity of smart prioritization: "Technology must help organizations prioritise patching because you can never patch everything. Even with the best assessment practices, teams simply won’t have the time to cover every vulnerability.”

Implementing a unified security strategy across Asia requires addressing unique operational and cultural friction points.

Addressing Complexity: Regional Realities and OT

Thailand’s inherent diversity presents unique implementation challenges:

• Regional Complexity: Highly regulated sectors, particularly financial services, require tailored controls and transparent reporting that comply with diverse cross-border and local mandates.

• Operational Technology (OT) Focus: The specialised OT environment demands clear segmentation, specialised monitoring, and modernization aligned with cloud principles. The key challenge is ensuring robust security without ever compromising mission-critical uptime and safety. Teams agreed to coordinate with IT to align cloud-era security controls for OT environments.

The Human Factor: Usability and Transparency

Security measures that undermine productivity risk failure. The group stressed the need for balance:

• Policy Design for Usability: The key is implementing tiered policies aligned to data sensitivity and business criticality, coupled with end-user feedback loops to avoid unnecessary friction.

• Transparency and Incident Reporting: Under-reporting of security incidents in parts of Southeast Asia was identified as a major impediment to collective defense. Stakeholders advocated for clearer internal protocols and industry-wide sharing mechanisms to balance transparency with reputational concerns.

The working group's clear takeaway is that by prioritising usability, adopting AI-enabled capabilities, and fostering greater transparency, Thailand enterprises are positioned to build resilient, forward-looking security programs that support sustainable innovation.

AIBP’s 2025/26 Enterprise Innovation Market Overview will be launching shortly and if you are interested to gather insights and benchmark against regional peers, access it here.

If you are interested to find out more about this session or would like to stay up-to-date of upcoming activities, please drop us a note at aibp@industry-platform.com