Malaysia is experiencing a data centre (DC) boom, ranking No 2 in Asean for live DCs with 280 operational, 159 under construction and a staggering 766 in the pipeline.
DC investments made up 76% of all digital investments approved from 2021 to early 2024, amounting to RM123.5 billion. Key drivers include low electricity costs, ample water-reserve margins in Johor and Selangor, and attractive tax incentives.
Most importantly, there is strong government commitment to cloud technology, evidenced by the National Cloud Policy launched in October 2024 and significant investments from tech giants Google and Microsoft, which together aim to boost economic impact, job creation and artificial intelligence (AI) infrastructure.
Typically, these major cloud service providers (CSPs) offer infrastructure-as-a-service (IaaS), which is akin to renting servers and system software on their cloud rather than banks purchasing and installing this equipment on premises.
Financial institutions and the banking industry are reluctant to fully embrace cloud adoption primarily due to several key concerns, including the challenge of meeting regulatory compliance requirements and managing intricate operations with the standard public cloud infrastructures.
Major CSPs only offer infrastructure without business solutions, necessitating banks to hire a dedicated, skilled workforce to manage and run daily system operations, monitor system health and perform housekeeping. As such, the benefits gained between implementing systems on premises and in the cloud are not significant.
The major headache and primary factor in regulatory compliance is meeting the expected security certifications and redundancy continuously — such as regulatory RMiT CTRAG, PCI DSS Level 1, ISO 27001, SOC2 and Tier 3 SLA — especially given the over 1,000% surge in data breach incidents in Malaysia in 2023.
Stolen personal information can be traded on the dark web for identity theft and scams, making it imperative for financial institutions to protect this data at all costs. In addition, 40% of Malaysian businesses anticipated a surge in cyberattacks on cloud services.
To combat this, generative AI (Gen AI) can be used to scan vulnerabilities, predict attacks, monitor incidents in real time, simulate AI-driven cyberattacks and even deploy deceptive environments like honeypots to lure AI-powered attacks for behavioural investigation.
Indeed, leading security AI adopters cut the time to detect incidents by one third and the cost of data breaches by at least 18%. Besides Gen AI, skilled human oversight is crucial to verify the validity of data sources obtained by Gen AI to address threats more effectively.
Recently, some local boutique CSPs have risen up and addressed all the concerns above, on top of providing infrastructure. These local DCs offer end-to-end solutions to financial institutions and the banking industry, including business solutions, 24/7 system operation housekeeping and health monitoring, upgrades of obsolete equipment and Gen AI cybersecurity abilities with skilled cybersecurity officers. These services are called software-as-a-service (SaaS). They also meet local regulatory compliance requirements such as BNM RMiT CTRAG and the new National Cloud Policy.
These bespoke comprehensive solutions provide another alternative for financial institutions and the banking industry to consider moving to cloud services.
In line with the National Cloud Policy, it is about time Malaysia’s financial institutions and the banking industry harness cloud technology for digitalisation, innovation and operational efficiencies in moving towards a digital economy.
This article has been published in The Edge Malaysia: https://theedgemalaysia.com/node/736679