As more organisations shift off-prem and invest more into cloud-based programmes and partners, cloud security continues to grow as a top concern for organisations striving to innovate while safeguarding their data and infrastructure. We sat down with Enid Zheng, senior cloud engineer at Telstra, to discuss the biggest challenges in managing cloud security, strategies for mitigating risks, and how to strike the right balance between robust security measures and business agility.
1. What are the biggest challenges you face in managing cloud security today, and how do you address them while ensuring the business continues to innovate and scale?
Great question. In my experience, the biggest challenge is mitigating existing cloud security risks, particularly lower-level risks. To tackle this, I focus on two key aspects: people and processes, and the risk itself.
From a people and process perspective, cloud security operates across business units to define risk ownership, set timelines for remediation, and establish clear risk management processes. For example, we differentiate between platform risks and project-specific risks to ensure accountability.
From a risk analysis standpoint, we regularly reassess risk levels, identify common vulnerabilities, and implement standardised fixes for recurring issues. Additionally, we define rules to prevent generic risks, such as restricting direct exposure to the internet.
Balancing security controls with business innovation is crucial. To manage this, we:
2. How do you approach securing client data when onboarding into the public cloud? What key security measures do you implement during this process?
Securing client data in the public cloud is a critical challenge for every company. We take three primary steps to ensure data security:
Client data must pass our data risk level assessment before being onboarded to the public cloud. Only data meeting specific security criteria is allowed
All data must be encrypted both in transit and at rest
Access controls are strictly enforced, with defined role-based permissions
To ensure compliance, we implement an operational readiness checklist that includes encryption standards, backup strategies, and other necessary security measures before data usage begins.
3. How do you ensure that cloud security measures are both effective and efficient, balancing protection with operational agility?
Striking this balance is difficult because security measures and controls may not align with every client's expectations. Our approach involves:
Starting with a highly restrictive security model and gradually adjusting to ensure the overarching strategy remains intact while minimising operational disruptions
Continuously reviewing security controls to ensure they do not impede agility
Using an agile methodology to quickly address any security measures that obstruct operational efficiency
4. What are the primary security risks you encounter when helping clients adopt public cloud solutions, and how do you mitigate these risks?
One of the most common security risks arises during the transition from on-premises infrastructure to the public cloud, particularly in terms of connectivity and data transfer.
To mitigate these risks, we establish clear security processes, rules, and regulations, including:
Security architecture reviews and approval processes
Implementation of firewall rules and restrictions on open ports
Using direct connections instead of exposing resources unnecessarily
By putting these measures in place, we minimise security risks and create a structured, secure cloud adoption process.
5. How do you collaborate with other departments (e.g., development, operations, compliance) to integrate security into cloud architecture while driving business innovation?
Collaboration is key, and the most important factor is effective communication. We ensure alignment through ongoing engagement, education, and training.
When implementing security policies, we:
Engage with relevant business units to present proposals, explain their purpose, and highlight the benefits
Gather feedback before finalising security measures to ensure buy-in
Conduct training sessions to ensure employees understand the policies and their importance
Maintain close relationships with business units to facilitate timely and efficient communication
By fostering open dialogue and collaboration, we ensure security is seamlessly integrated into business operations without stifling innovation.
As organisations continue their journey to the cloud, security must evolve alongside innovation. Zheng’s insights highlight the importance of a proactive, adaptive approach—one that combines strong risk management, collaboration across teams, and the flexibility to refine security controls without stifling growth. By integrating security into the fabric of cloud architecture, businesses can confidently scale while keeping their data and operations secure.
If you found this valuable, join us at Cloud Security Singapore 2025 and Cloud Security Melbourne 2025.
If you would like to share your experience and insights at the event, feel free to reach out to Vanessa Jalleh.
Photo by Caspar Camille Rubin on Unsplash