In an exclusive interview with Enterprise IT News, Shailesh Rao, President of Cortex at Palo Alto Networks, offered a compelling perspective on the challenges and opportunities that lie ahead for organisations navigating this digital frontier.

The triple threat of cloud transformation

Drawing from his extensive experience working with more than 500 companies over the past 18 months, Rao identifies three fundamental shifts that will reshape Malaysia’s cybersecurity posture as cloud adoption accelerates.

“While there will be a lot of benefits coming from the cloud—compute, efficiency, cost benefits and scale benefits—the attack surface expands as well,” explained Shailesh, whose division develops AI-powered platforms for security operations centres and the cloud. This expansion creates vulnerabilities that traditional security approaches simply weren’t designed to address.

Shailesh pointed to other nations that have already undergone similar digital transformations. “As more and more data centres come online, I anticipate just a sheer volume of companies that move to the cloud. This creates a whole new paradigm for security to be provided,” he stated.

The industry veteran pointed to the growing trend of hybrid deployments as a particular challenge. Organisations are increasingly spreading workloads across on-premises systems and multiple cloud environments—a strategy that complicates security but is necessary.

“One of the benefits of being in the cloud is that you don’t have to put all your eggs in one basket,” he observed. “And when you have a multi-cloud environment, that is where we (Palo Alto Networks) shine and do a very good job of protecting because we are a neutral third party that can provide cybersecurity services.”

The second transformation involves the evolving nature of applications that require protection. As organisations develop cloud-native applications designed to leverage elasticity and AI capabilities, security requirements fundamentally change. These applications operate differently from traditional software, demanding specialised protection strategies.

Perhaps most concerning is Shailesh’s third observation: cloud environments have become prime targets for sophisticated threat actors. As valuable data and critical workloads migrate to these platforms, attackers are rapidly adapting their techniques to exploit vulnerabilities in these new environments.

The Talent Deficit

Having traversed the globe consulting with organisations on their security posture and the benefits of platformisation, Shailesh highlighted a persistent challenge that exacerbates security risks: the scarcity of qualified cybersecurity professionals.

“Machine learning and AI are not only hugely beneficial but possess potential to change the world from a cybersecurity perspective,” he explained. These technologies have become essential precisely because human expertise alone cannot scale to meet current threats—especially given the talent shortage.

This deficit affects even major cloud providers, who must prioritise their resources. “Due to scarcity of resources, engineering talent, cloud service providers will very likely pay attention to their own technology stack,” he noted. While providers secure their infrastructure, this focus creates gaps that organisations must address quickly. 

Shared responsibility misconceptions

The interview reveals that despite the robust security capabilities of hyperscalers like Microsoft, AWS, and Google, two critical factors frequently undermine cloud security.

First, the multi-cloud trend introduces complexity that makes consistent security difficult to achieve. “The very fact that a company is in the cloud means it has the option to be multi-cloud. So, you don’t have to put your risk into one place,” the Cortex chief explained. While this approach reduces dependency on any single provider, it requires sophisticated security strategies that work across disparate environments.

Second, and perhaps more troubling, is human error. Shailesh pointed out many recent high-profile breaches have occurred not because of technological failures but because of misconfigurations, poor access controls, and other mistakes made by users and administrators. Even perfectly designed systems remain vulnerable to this unpredictable variable.

Southeast Asia’s cloud evolution

Compared to Western counterparts, Southeast Asian nations have adopted a more measured approach to cloud migration. Shailesh described a three-phase evolution that characterises this journey:

Initially, organisations move from on-premises environments to local cloud providers. As businesses gain confidence with cloud concepts, they explore more sophisticated implementations. Finally, they adopt major public cloud platforms while addressing data residency requirements.

“As regulations evolve, as people get more comfortable and as market dynamics dictate, I think we will move towards more global clouds with lesser boundaries,” he predicted. “This is what’s happening in most western economies, and it will happen here as well.”

Navigating regulatory waters

Malaysia’s recent cybersecurity legislation represents a significant development in the country’s digital governance framework. When asked about these requirements, Shailesh offered a pragmatic perspective informed by his company’s global experience.

“We’ve managed the presence of regulations in all the countries that we operate in, and for the most part regulations have evolved over time,” he explained. “As that happens, the market evolves and our awareness evolves. So, I expect that to happen in Malaysia as well.”

As head of a division within a company that he described as “the largest pure-play cybersecurity company in the world with operations in over 70 countries,” Shailesh emphasised Palo Alto Networks’ commitment to regulatory compliance while enabling cloud adoption.

Looking forward

For organisations navigating Malaysia’s cloud transformation, Shailesh underscored the importance of partnering with experienced security providers. “You need a partner that has been there, done that, has continued to innovate and can provide the most comprehensive, pre-integrated, most complete solution set in the market,” he advised.

As Malaysia and the rest of the region continues its digital transformation journey, Shailesh’s insights offer valuable guidance for organisations seeking to balance innovation with cybersecurity.

This perspective reflects a fundamental reality of modern cybersecurity: as cloud adoption accelerates, the traditional boundaries between on-premises and cloud security disappear. Organisations need unified approaches that protect workloads, data, and applications regardless of where they reside. Platformisation may make sense during times like these.

As cloud computing becomes more ubiquitous, the challenges and benefits of AI and machine learning emerge. Not only do defenders use AI and machine learning, attackers do as well and the last time the industry looked, attackers are several steps ahead of AI-powered defense.

Realising this and taking action requires understanding of the evolving threat landscape and a commitment to comprehensive security practices.