This three-phase strategic roadmap follows the completion of a comprehensive Cloud Security Posture Assessment of 13 government agencies, evaluating their cloud security measures and readiness.
Palo Alto Networks, the global AI cybersecurity leader, and the National Cyber Security Agency (NCSA) today announced the launch of a strategic roadmap to secure Thailand’s cloud future. This three-phase strategic roadmap follows the completion of a comprehensive Cloud Security Posture Assessment (SPA) by Palo Alto Networks, evaluating 13 government agencies on their cloud security measures and readiness. The proposed roadmap will serve as a foundational pillar to strengthen Thailand’s National Cloud Security Framework, published by NCSA in 2025, and help accelerate proactive public sector resilience.
In Thailand, the government continues to advance its Cloud First Policy, which is designed to integrate cloud technology across all government and critical infrastructure agencies to support the nation’s digital transformation initiatives. However, as cloud infrastructure expands to host the growing number of AI workloads, it has also become a critical target for attacks. Palo Alto Networks State of Cloud Security Report found that 99% of organisations have encountered at least one attack on their AI systems within the past year.
Findings from the Cloud SPA revealed a mixed maturity landscape across the 13 government agencies surveyed:
- Strategic planning remains strong, scoring around 84% in Cloud Strategy and 82% in Security Operations.
- Cloud Posture Security on private cloud is also an area of strength with a score of 77%.
- Current assessments show some room for growth in Cloud Runtime and Application Security, with 70% of agencies affected by misconfigurations and limited centralized management.
- Over 60% also lack full SOC telemetry integration, leaving agencies reactive rather than proactive in responding to modern, AI-driven threats.
The Roadmap to Cloud Resilience
These findings validate Palo Alto Networks Cloud SPA as a critical tool in identifying both strengths and mission-critical vulnerabilities in Thailand’s government cloud security posture. It provides necessary insight for Government Agencies and critical infrastructure organisations to help ensure they meet the upcoming National Cloud Security Act (B.E. 2567) standards that will enter into force in September 2026.
To address the disparities from the assessment, Palo Alto Networks is supporting the NCSA in developing a three-phase national roadmap designed to accelerate Thailand’s shift from reactive defense to proactive, AI-powered security:
- Phase 1: Foundations & Readiness – including establishing shared standards, implementing Cloud Native Application Protection Platforms (CNAPP), and enforcing minimum controls to reduce misconfigurations.
- Phase 2: Proactive Surveillance & Response – by integrating cloud telemetry into SOCs, developing incident playbooks, and forming sector-specific working groups to drive collaboration and knowledge sharing.
- Phase 3: Sustainability & Regulation – including the launch of a National AI & Cloud Security Center of Excellence (CoE), establishing of sector cloud Computer Emergency Response Teams (CERTs), and the updating of procurement standards to embed security and compliance requirements from the outset.
Air Vice Marshal (AVM) Amorn Chomchoey, Secretary-General of the NCSA, said “As we drive the Cloud First Policy for Thailand, security cannot be an afterthought; it must be built from the ground up. The results of this assessment provide us with the clarity needed to close critical security gaps. By collaborating with global experts like Palo Alto Networks, we are moving from a reactive defence to a proactive, standardised security posture that ensures our digital government services are reliable, secure, and ready for the future.”
Dr. Tatchapol Poshyanonda, Country Director, Thailand and Vietnam at Palo Alto Networks, said “Cybersecurity is a partnership, where the public and private sector needs to work closely together to transition from reactive defence to proactive AI-driven stewardship of our collective security. The findings highlight that while the strategy is in place, the technical runtime environment needs immediate reinforcement. Our proposed roadmap focuses on unifying fragmented tools into a single platform approach. By leveraging AI and automation, we can help Thai Agencies visualize their entire cloud estate and stop threats in real-time, effectively closing the gap between policy and practice.”
In alignment with Thailand’s National Cloud Security Framework and Cloud First Policy, Palo Alto Networks and NCSA are collaborating to accelerate secure cloud and AI adoption across the public sector. The partnership establishes a strategic foundation for enhancing data privacy and regulatory compliance, enabling Government Agencies to securely transition their systems to a resilient digital infrastructure. The collaboration focuses on four key areas, including implementation and compliance with the national cloud security framework, data privacy and regulatory compliance, training and capacity building, and driving public-private cybersecurity collaboration
