Enterprises across Asia-Pacific are facing a perfect storm of regulatory scrutiny and rapid digital transformation. Governments are tightening rules on how data is collected, stored, and shared, while boards demand faster innovation and cost efficiency. At the same time, generative AI and advanced analytics are reshaping how businesses deliver services and make decisions, driving unprecedented demand for computing power and flexible infrastructure.
Hybrid cloud has emerged as the default operating model for this environment because it allows organisations to mix on-premises control with the agility of public cloud. Yet scaling securely across such a fragmented landscape is far from straightforward. Every new regulation and every new AI initiative adds layers of risk and complexity.
Against this backdrop, Red Hat Enterprise Linux (RHEL) 10 arrives at a critical moment. Designed with security, compliance, and AI-readiness in mind, it aims to provide a stable foundation that can span data centres, hyperscale clouds, and edge locations. Its capabilities go beyond operational efficiency. They signal a shift towards long-term resilience in an era where regulatory obligations and cyber threats evolve faster than ever.
The regulatory environment shaping cloud choices
Asia-Pacific’s regulatory environment is among the most diverse in the world, forcing enterprises to rethink one-size-fits-all approaches to IT. Singapore’s Personal Data Protection Act (PDPA) and the Monetary Authority of Singapore’s Technology Risk Management (MAS TRM) guidelines set high expectations for financial and personal data protection. Malaysia has been shaping its Central Bank Digital Technology (CBDT) framework, while Thailand’s PDPA and Indonesia’s Personal Data Protection (PDP) law are still maturing but already restrict how data can leave national borders. Vietnam’s strict localisation rules require certain data to be stored domestically, and China’s Personal Information Protection Law (PIPL) enforces even stricter controls on cross-border transfers. India’s Digital Personal Data Protection (DPDP) Act has added a new layer of compliance for the region’s largest emerging market.
For multinational enterprises, this patchwork means that regulatory risk extends beyond legal considerations. It directly shapes architecture choices. Running purely in a single public cloud may violate data residency requirements or create exposure if encryption standards diverge. Hybrid and multi-cloud models enable organisations to keep sensitive workloads local while still leveraging global infrastructure and services for scale and innovation.
However, this flexibility comes at a cost. Every additional platform increases complexity, and compliance controls must adapt accordingly to the workload. Raj Das, Senior Director of Core RHEL Product Management for Red Hat, emphasised this challenge: “The operating foundation has to be consistent everywhere – on-premises, at the edge, and across hyperscalers – so security and compliance controls travel with the workload.” Without such consistency, maintaining audit readiness across diverse environments becomes costly and error-prone.
RHEL 10 as the next-generation enterprise foundation
Red Hat Enterprise Linux 10 introduces several innovations designed to bring discipline to hybrid architectures. Its image-based OS delivery replaces incremental patching with reproducible, signed system images. Instead of modifying running servers directly, IT teams build known-good images and deploy them consistently across data centres and clouds.
Das explained the impact: “Image-based delivery minimises configuration drift and enables predictable rollbacks.” In regulated industries where unplanned changes can lead to compliance gaps or outages, this is significant. Auditors can trace every production system back to a single signed artefact, simplifying evidence gathering and reducing the time spent preparing for inspections. Early adopters have reported shorter maintenance windows, lower mean time to remediate, and more reliable service availability.
Future security threats are also being anticipated. Quantum computing could eventually break widely used encryption methods, allowing attackers to harvest encrypted data today and decrypt it once quantum machines mature. This so-called “harvest-now, decrypt-later” risk is driving urgency among security leaders. To prepare, RHEL 10 integrates post-quantum cryptography (PQC) algorithms. “RHEL 10 includes Post Quantum Cryptographic (PQC) algorithms to ensure that the operating system is Quantum Safe,” Das said. The technology is still emerging, but by offering hybrid modes that combine classical and quantum-safe encryption, Red Hat is providing organisations a secure path to experiment and plan transitions without re-architecting critical systems later.
Operational complexity remains another barrier to secure scale. As IT teams face talent shortages, AI-assisted management tools are becoming essential. RHEL 10 introduces features such as Lightspeed and Insights Planning to simplify lifecycle tasks, from patching to capacity forecasting. These tools can help less experienced administrators manage complex hybrid estates safely, allowing experts to focus on strategic improvements rather than routine maintenance.
Balancing the promise and risks of open source
Open source remains the backbone of enterprise IT. Its transparency and community-driven innovation fuel faster development and reduce vendor lock-in. But the same openness can expose organisations to hidden risks if supply chains are not properly secured.
The scale of this issue is growing. According to the 2024 Open Source Security and Risk Analysis (OSSRA) report, 74% of audited codebases contained high-risk vulnerabilities, a 54% jump from the previous year. The XZ Utils backdoor, discovered earlier this year, highlighted how a single compromised dependency can have a cascading impact across the industry. Attackers patiently embedded malicious code into a widely used compression library, impacting countless downstream projects.
Das warned that “blind trust in transitive dependencies is unsafe.” He urged enterprises to maintain Software Bill of Materials (SBOMs), insist on verified and signed content, and design rapid incident response paths.
Red Hat’s approach reflects years of investment in supply chain security. As a CVE Numbering Authority, the company issues timely vulnerability advisories and coordinates responses with global agencies such as the Cybersecurity and Infrastructure Security Agency (CISA). Internally, Red Hat enforces lifecycle discipline, from rigorous package signing to controlled build environments, and contributes resources back to upstream projects to reduce maintainer fatigue, a key factor in preventing similar supply chain compromises.
This level of governance is increasingly expected by both regulators and large customers. Financial institutions and critical infrastructure operators are increasingly demanding demonstrable provenance for software components, mirroring the supply chain transparency rules in other industries.
Hybrid cloud and AI as growth drivers for APAC enterprises
Hybrid cloud is no longer just about cost optimisation. It is becoming an enabler of AI adoption. IDC forecasts that more AI workloads will shift to private and hybrid clouds as organisations seek both elasticity and control over sensitive training data. Public cloud still plays a role in experimentation and scale, but enterprises want the ability to run production AI systems where compliance and latency requirements can be tightly managed.
Standardising on an enterprise Linux platform is proving pivotal in this shift. Das said, “Customers typically see reduced maintenance effort, a stronger security posture, and the ability to redeploy talent to higher-value work.” In practice, this means IT teams can focus on building and deploying AI models rather than managing inconsistent infrastructure.
Real-world examples are emerging across the region. In Singapore, the national health technology agency IHiS uses Red Hat OpenShift Service on AWS (ROSA) to deliver citizen-facing digital services securely and at speed, a model that other regulated sectors are beginning to emulate. Similar strategies are emerging in Australia’s banking sector and Japan’s manufacturing industry, where hybrid AI deployments are striking a balance between innovation and data protection obligations.
Red Hat’s OpenShift offerings, including managed services like ROSA and Azure Red Hat OpenShift (ARO), extend the same operational and security standards across on-premises data centres, hyperscalers, and edge locations. This reduces overhead, speeds up time to market, and provides a common governance model, which is essential as AI-driven automation expands beyond central IT and into line-of-business functions.
The road ahead
For technology leaders in the APAC region, the message is clear: regulatory complexity and emerging security threats require a new level of operational discipline. Hybrid cloud is here to stay, but without a consistent and secure foundation, its benefits can be quickly undermined by compliance gaps and cyber risks.
RHEL 10’s arrival signals that the enterprise operating system itself is evolving to meet these pressures. It has moved beyond being simply infrastructure and now acts as a governance and security anchor for AI-era workloads. As Das put it, Red Hat’s goal is to “cope with the rapidly accelerating innovation cycles in a secure fashion without leaving anyone behind. That is the Open Source Way!”
In the coming years, expect regulators to push harder on software supply chain transparency and quantum safety. IT teams will increasingly lean on automation and AI to manage complexity. Enterprises that invest early in secure and consistent platforms will not only adapt to this change but turn it into a competitive advantage.
