Shared Responsibility, Shared Security: Cloud Resilience in the Philippines

Cloud computing now anchors the Philippines’ digital transformation, powering smarter banking, faster government services, and more connected businesses. But as cloud adoption accelerates, so does the question of accountability: who is truly responsible for keeping our data, applications, and systems secure?

While cloud providers safeguard the underlying infrastructure, customers ultimately control their own data, configurations, and user access. This “shared responsibility” model is meant to balance trust and transparency, but in practice, it often creates gaps that attackers are quick to exploit. In a cloud-first Philippines, where information moves fluidly across hybrid and multi-cloud environments, human error remains the biggest vulnerability.

 

The Local Threat Landscape

The 2025 Fortinet–Cybersecurity Insiders State of Cloud Security Report highlights how confusion around shared responsibility remains one of the top risks for global organisations. Although providers secure the platforms, users, from enterprises to individual developers are accountable for what they build and host.

In the Philippines, the challenge is amplified by the country’s rapid pace of digitalisation. The Department of Information and Communications Technology (DICT) reported millions of malicious attempts against government systems in 2024, while the National Cybersecurity Plan 2023–2028 identified malware, data leaks, and compromised websites among the most frequent incidents. These numbers reveal a simple truth: while innovation is moving fast, security readiness is still catching up.

Bridging the Human and Technical Divide

Before the cloud, organisations controlled every part of their IT environment, from servers, networks, to user devices. Now, with workloads spread across multiple platforms and third-party providers, a single misconfiguration or overlooked access setting can open the door to an attack.

Cloud providers are responsible for platform integrity, but users must secure what they put inside it. That includes managing access credentials, protecting stored data, and applying patches promptly. Yet breaches continue to occur because people assume “someone else” is responsible. This mindset must change.

Technology alone cannot close the security gap. Weak passwords, over-privileged accounts, and outdated systems remain among the most common causes of exposure. Filipino companies must empower every employee, and not just the IT team  to become a first line of defence. Cyber awareness should be part of everyday business culture, from the boardroom to the help desk.

Building a Culture of Accountability

Security begins with good governance and awareness. Enforcing multi-factor authentication and the principle of least privilege helps limit access to sensitive systems. Integrating security testing early into software development (DevSecOps) reduces vulnerabilities before deployment. Regular audits of configurations and permissions, especially in hybrid environments, prevent issues from going unnoticed.

However, processes alone are not enough. The Philippines faces a growing shortage of cybersecurity professionals, compounded by uneven reporting on cyber incidents. This makes it harder for both public and private sectors to design effective defence strategies. To close this gap, leadership must make cybersecurity an organisation-wide responsibility.

Executives should champion clear governance frameworks for cloud security, invest in regular simulations and training, and ensure that accountability is shared across functions. Transparency through periodic reporting on vulnerabilities, vendor risks, and response plans, which builds trust and drives improvement.

From Compliance to Confidence

As cyber threats become more sophisticated, cloud and application security can no longer be treated as a compliance exercise. It must be seen as a pillar of digital trust and the foundation on which the country’s digital economy depends.

The journey to a secure cloud ecosystem is not just about deploying technology; it’s about empowering people, enforcing governance, and embracing accountability at every level. When Filipino businesses, public agencies, and technology partners take collective ownership of cybersecurity, the Philippines moves closer to a cloud economy that is not only innovative but also resilient and trusted.

To learn more, download your copy of the 2025 State of Cloud Security Report.