Data governance and security must be core to Southeast Asia’s public sector digital transformation

As Southeast Asia rapidly advances its digital transformation, public sector agencies are at the forefront, shouldering growing responsibilities.

From delivering essential citizen services to managing vital national infrastructure, governments are becoming more reliant on complex digital systems and the sensitive data they generate, store, and process.

The urgency of this shift is underscored by a clear need for robust security frameworks to keep pace with technological advancements.

According to the 2025 Thales Data Threat Report, over 65 per cent of APAC organisations view the rapid pace of AI development, especially generative AI (GenAI), as their top security concern related to its adoption.

This is closely followed by concerns around a lack of integrity (63 per cent) and trustworthiness (55 per cent).

Public sector at the heart of digital trust

We must look at digital infrastructure as more than a technical asset, but a fundamental building block of public trust, national resilience, and economic competitiveness.

To this end, Singapore's Infocomm Media Development Authority (IMDA) recently released advisory guidelines on cloud services and data centers. These guidelines, along with the anticipated Digital Infrastructure Act, represent a pivotal moment for digital governance in the region.

They call upon public sector agencies, cloud service providers, and technology partners to embed security and data governance into the very fabric of digital transformation initiatives.

Singapore’s proactive stance reflects a broader regional imperative, that the public sector often serves as the largest data custodian in any country.

Governments are entrusted with personal, financial, and national security data on an unprecedented scale, spanning areas from healthcare and taxation to digital identity and smart cities.

As digital public services become the norm, cyberattacks on government infrastructure have grown in both frequency and sophistication.

Recent incidents, ranging from ransomware attacks on municipal governments to leaks of sensitive citizen data, have eroded public confidence and exposed critical vulnerabilities in legacy systems.

In April 2025, a ransomware attack on a printing vendor, Toppan Next Tech, resulted in the compromise of customer data from major banks like DBS and Bank of China Singapore, highlighting the critical need for robust data governance and security across third-party partnerships.

These challenges are necessitating a shift in approach. Secure-by-design principles, privacy-by-default architectures, and full transparency over data access and usage must become standard practice across the public sector.

These go beyond check boxes to meet compliance requirements and are essential for preserving the social contract between governments and citizens in the digital age.

Building resilient and sovereign digital infrastructure

It is precisely this understanding that drives IMDA’s approach, through guidelines that go beyond basic cyber hygiene.

IMDA advocates for the development of resilient, sovereign digital infrastructure that can support Singapore’s and Southeast Asia’s long-term digital ambitions. This includes enhancing data classification, enforcing stronger access controls, and increasing auditability and traceability across the entire digital ecosystem.

In today's "always-on" environment, public sector digital infrastructure must be able to withstand disruptions, facilitate coordinated incident response, and ensure that critical services like healthcare, emergency response, transportation, and public administration remain operational even during crises.

From ransomware attacks to infrastructure outages, resilience is now crucial for both national security and public confidence.

To achieve this level of resilience requires a collaborative ecocsystem approach. Public sector agencies must lead by example, working closely with technology partners to:

• Adopt secure cloud architectures that support data sovereignty and hybrid environments.
• Implement strong encryption and key management policies to protect sensitive information.
• Ensure continuous compliance with evolving regulatory and operational requirements.

Beyond cybersecurity, resilient digital infrastructure plays a vital operational role in ensuring the uninterrupted availability of essential public services.

It also provides the backbone for long-term public sector transformation, including digital identity, AI-enabled governance, and citizen engagement platforms.

At the same time, regional collaboration will be critical. As cross-border data flows increase, Southeast Asian governments must harmonise data governance frameworks to avoid fragmentation while respecting national sovereignty.

Shared standards and interoperable security frameworks will enable governments to collaborate on critical infrastructure and national-level digital initiatives, from digital ID systems to smart governance platforms, without compromising security.

Moving from compliance to confidence

As the regulatory landscape matures, public sector leaders must seize the opportunity to shift from compliance-driven approaches to confidence-driven governance.

This means embedding accountability, transparency, and security into every layer of digital infrastructure, not just because regulation demands it, but because citizens expect it.

Resilient digital infrastructure acts as an economic shock absorber. In the face of disruptions such as cyberattacks, outages, or regional crises, robust systems ensure that essential services remain operational, minimising downtime, safeguarding public confidence, and enabling rapid recovery.

This protects national productivity, prevents service paralysis, and ensures continuity in critical functions like healthcare, transportation, emergency response, and government operations.

Crucially, the public sector has a unique ability to shape national digital norms. When government agencies implement robust data governance policies and secure digital practices, they not only safeguard public assets but also set the tone for the broader economy.

By adopting and championing secure digital infrastructure, public institutions can foster innovation, enable trusted partnerships, and create an environment where citizens and businesses alike can thrive.

Trust is the new digital currency

Southeast Asia’s digital economy will continue to grow, but so will its complexity and exposure to risk.

Ensuring that this growth is inclusive, resilient, and trusted will require governments to look beyond infrastructure and focus on the integrity of the data that powers it.

At Thales, we believe that strong data governance and security are the foundations of digital trust. We are committed to helping public sector institutions across Southeast Asia build secure, sovereign, and future-ready digital systems that protect what matters most.

Daniel is the Chief Solution Architect, APJ, Thales. Based in Singapore, Daniel is responsible for shaping and driving the enterprise security roadmap for customers. His role involves extensive collaboration with both public and private sector clients across healthcare, manufacturing, energy and utilities, large enterprises, and government sectors.