Cloud Security Alliance Asia Pacific

Organised by the Cloud Security Alliance (CSA), the summit will provide insights & perspectives of critical strategic cloud & cybersecurity concerns. Do join the leading experts with domain proficiency & expertise to discuss the key issues & trends facing cloud security & cybersecurity. The invited speakers include Veronica Tan (Director, Cyber Safe Programme, Cyber Security Agency, Singapore), WONG Onn Chee (Co-Chair, CSA Government Affairs Council & CSA Fellow), Dr. KANG Meng-Chow (Adjunct Associate Professor, Nanyang Technological University), Dr. Daisuke MASHIMA (Principal Research Scientist, Illinois at Singapore Pte Ltd), & Victor CHIN (Member, CSA Top Threats Working Group). Join us for an exciting day of learning & networking. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

Two more weeks before we hear from this stellar line-up of speakers in person on 10 May 2023. The keynoters include CHAI Chin Loon (Senior Director, Cyber Security Group Government CISO, Government Technology Agency of Singapore), Alejandra ARTIGUEZ (Principal Security Specialist, AWS), & ZOU Feng (Director, Cybersecurity Planning & Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA). The summit will provide insights & a perspective on critical strategic cloud & cybersecurity concerns. Join the leading experts with domain proficiency & expertise to discuss the key issues & trends facing cloud security & cybersecurity today at this summit. Do join us for an exciting day of learning & networking. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

Concentration risk is a banking term describing the level of risk in a bank's portfolio arising from concentration to a single counterparty, sector or country. The risk arises from the observation that more concentrated portfolios are less diverse & therefore the returns on the underlying assets are more correlated. Concentration risks are based on the sources of the risk. Concentration risk can arise from different aspects in cloud computing adoption. The panel discussion on “Concentration Risks in Cloud Computing - What You Should Know” will be moderated by Dr. Hing-Yan LEE (EVP for Government Affairs, CSA) following the presentation by Dr. KANG Meng-Chow (Adjunct Associate Professor, Nanyang Technological University); he will be joined by Murari KALYANARAMANI (CISO, UOB Group), Dr. KANG Meng-Chow, Jenny TAN (President, ISACA, Singapore Chapter), & Riwzi WUN (Partner, RHTLaw Asia LLP). The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

Following the presentation on the Cyber Safe Programme, a panel discussion on “Challenges Faced by SMEs in Embracing Cybersecurity” moderated by Veronica Tan (Director, Cyber Safe Programme, Cyber Security Agency, Singapore) & industry experts will discuss how the program has eased or mitigated the challenges. The panelists include Baljit SINGH (Head of Certification, Guardian Independent Certification Pte Ltd), TAM Chee Wee (Executive Director, Singapore Business Federation), Shane CHIANG (CEO, Momentum Z Pte Ltd) & Emil TAN (Asia Council Chair & Regional Advocate, CREST). The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

CSA recently published its annual report on cloud security top threats for 2022, entitled “Top Threats to Cloud Computing—Pandemic Eleven.” The CSA Top Threats Working Group surveyed over 700 professionals on security issues in the cloud industry to create the report. Importantly, the survey shows broad recognition that the cloud customer is increasingly responsible for security rather than the cloud service provider (CSP). In the “shared responsibility” model, the CSP is responsible for the security of the underlying infrastructure, & the customer is responsible for the security of everything they put in the cloud, such as their data, workloads, & applications. Victor CHIN (Member of the Working Group) will present on the report findings. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab

The invited keynote on “The Government’s Risk-Based Approach to Mitigate the Risks of Using the Cloud” will be given by CHAI Chin Loon (Senior Director, Cyber Security Group Government CISO, Government Technology Agency of Singapore). The shift to Cloud has gained much traction over the years as many organisations have begun their migration to the Cloud, with some doing so at a rapid pace. As we rely more on cloud-technology, it is important to take a proactive stance in mitigating the cybersecurity risks to safeguard assets & continue to deliver business outcomes reliably. Similarly, the Singapore Government has embarked on the cloud adoption journey. Our priority is to ensure that our Government systems & services in the Cloud continue to deliver secure & reliable services to our citizens & always protect their personal data. This session will discuss how the Government has taken a risk-based approach to secure our Cloud services. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

The talk entitled “Virtual Testbed for Smart Grid Cybersecurity Experiments & Training” will be presented by Dr. Daisuke MASHIMA (Principal Research Scientist, Illinois at Singapore Pte Ltd). Fighting against cyberattacks is at the forefront of many research expeditions, especially regarding critical infrastructures such as power grids. However, a universal issue is not having a way to experiment with attacks in a hands-on way in a realistic environment. To address this challenge, a virtual testbed, also called a cyber range, has been attracting attention. In this talk, we first discuss recent outcomes in the smart grid domain. We then introduce our ongoing R&D effort to develop a turn-key, cloud-based framework for automated generation & provisioning of a smart grid cyber range according to user-defined models. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

Dr. Meng-Chow KANG (Adjunct Associate Professor, Nanyang Technological University) will speak on “Concentration Risk and Operational Resilience in the use of Cloud Services.” As organizations increase adoption of public cloud services, several regulators have expressed concerns over potential concentration risk that may affect organizations & the industry as a result of major service outages or cyber-attacks that cloud service providers (CSPs) may encounter. This session presents our findings on the perspectives of cloud users, CSPs, & global regulators on their concerns & considerations on concentration risk, the challenges of balancing business needs, & the measures that respective stakeholders may undertake to improve their operational resilience. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

The talk on “Cloud Trends & the Role Security plays as Organizations Accelerate Transformation to the Cloud” will be presented by Garion KONG (President, (ISC)2 Singapore Chapter). Cloud adoption is continuing to increase at a high rate. However, cloud technology is becoming more complex, & finding people with the right skills to ensure workloads in the cloud are deployed & secured continues to be a top concern. As organizations continue to shift workloads to the cloud at a rapid pace, we explore the cloud trends & the role security plays as organizations accelerate their transformation to the cloud. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

The industry keynote on “Perspective on Cloud Governance to overcome today’s Challenges” will be given by ZOU Feng (Director, Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA). In today's ever-changing threat landscape & the compliance required of various policies from different countries on security & data governance, Mr ZOU Feng will share on how public CSPs like Huawei Cloud build governance & best practices to overcome these challenges. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

Veronica TAN (Director, Safer Cyberspace, Cyber Security Agency of Singapore) will speak on “Building a Competitive Edge for your Business with Cybersecurity.” Digitalisation has changed the way we work, learn, transact & stay connected. The global pandemic has accelerated the pace of digital transformation, & cybersecurity has become even more important. A successful cybersecurity strategy supports the business & highlights the actions required from across the enterprise. Learn how cybersecurity can be a competitive advantage for businesses. The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

The industry keynote entitled “The Future of Cloud Security” will be given by Alejandra ARTIGUEZ (Principal Security Specialist, AWS). At AWS, we have the chance to work with customers every day, helping them solve security & data privacy challenges, adopt best practices, & achieve business goals. In this session, we will share key security lessons we have learnt at AWS & predictions across different topics for 2023 & beyond, from tooling in the cloud to the human factor, from defense-in-depth to data protection.
The summit program can be found at https://www.csaapac.org/csaapacsummit2023.html under the Schedule tab, while the registration link under the Summary tab.

We are pleased to announce that the Korean edition of the CSA report on "Toward a Zero Trust Architecture" is now available from https://lnkd.in/gekWXahB. It has been translated by the CSA Korea Chapter & its volunteers.

Come 20 April, you will get to hear from a line-up of 20 eminent experts & speakers on wide ranging topics including incident response, digital transformation, hybrid clouds, third party security providers, industrial control systems, quantum-safe security, & multiparty recognition. The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html.

The next CCSK Plus Virtual Instructor-Led Training (VILT) dates are 27-29 April 2022. Please use the registration link - https://knowledge.cloudsecurityalliance.org/certificate-of-cloud-security-knowledge-lectures-and-labs-3-day

We are pleased that the CSA Japan Chapter has been named a 2021 CSA Chapter Award winner. It enjoys a chapter membership of over 200 individuals & over 35 corporations. They has translated 8+ CSA publications into Japanese in 2021. These translations make CSA research artifacts widely available to Japanese speakers, improving cloud security awareness in Japan. Currently, the chapter is working on mapping/reverse-mapping between the Japanese government’s Information System Security Management and Assessment Program (ISMAP) and the CCM. 

In addition, the chapter has been successfully organizing a summit and congress event every year since its inception with an average around 500 participants. Additional details can be found at https://lnkd.in/gXCn_8rV.

The CCSK interview with Ade Triangga, IT Security Auditor at Bank Mandiri (Indonesia) has been published and available on the CSA website https://lnkd.in/gdzim4EX

CCSK Success Stories: From an IT Security Auditor | CSA In this interview, hear from an IT Security Auditor about cloud security compliance and why CSA guidance is useful for audit and consulting activities.

THE keynote address on “Data-Centric Acceleration to Cloud for Secure & Efficient Workload Management” will be given by Niel PANDYA (CTO & Business Development Lead, CyberRes APJ, Micro Focus). In today’s cloud world, running workloads is not just only about performance, scalability and data security – but how portable your data is for hybrid and multi-cloud usage without compromise to security. A data-centric approach across hybrid IT will support organizations to reduce risks to sensitive data, accelerate safe migration to cloud environments (hybrid and multi-cloud) and allow cloud platforms to enable business for growth. Wherever you may be in your cloud journey, let us examine some practical areas to run your business with resiliency, including (a) Discovering mammoth of data across hybrid cloud, classify, and protect the data that matters; (b) Preventing cloud lock in and enabling portability of data for multi-cloud; (c) Enabling the business through Protecting data; and(d) Leveraging data privacy and protection regulations to drive cloud adoption. The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html

Pleased to announce that the CSA Korea Chapter has completed the translation of the report on "Guideline on Effectively Managing Security Service in the Cloud", which is now available in the Korean language from the website link https://cloudsecurityalliance.org/artifacts/guideline-on-effectively-managing-security-service-in-the-cloud-korean-translation/

One more month before the CSA APAC Summit 2022 on 20 April. To register, please visit the website at https://www.csaapac.org/csaapacvsummit2022.html.

The next CCSK Plus VILT training dates are 29-31 March 2022. Please register at: https://lnkd.in/gY2gAVYd

The Indonesian version of CCM v4.0 (translated by the CSA Indonesia Chapter) has been published on the website at link https://lnkd.in/dnCRmYfY.

In the panel discussion on “Key Priorities & Challenges in a Digitally Transforming Business World”, the focus will be on organizations that had not already moved to the cloud that certainly were forced to make these decisions in some form or another during this last year. Now that most organizations have begun or are well along on their cloud journeys, what are some of the challenges they face and how should they prioritize their cybersecurity strategies to continue to tackle this next year? We assemble a panel of industry leaders to provide some practical insight. Moderated by Illena ARMSTRONG (President, CSA), the panelists include Mike NICOLS (Senior Director & Product Lead, Elastic Security), Murari KALYANARAMANI (CISO, UOB Group), Subhajit DEC (Head, Information Security & Privacy, Dhani Services), Prakesh PADARIYA (CISO, OYO). The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html.

The first CSA APAC Research Advisory Council (APRAC) meeting in 2022 was held on 11 March. Members (from AU, NZ, SG, IN, JP, MY, and TH) reviewed the research progress, deliverables todate, & discussed the new effort on Cloud Data Breach Investigation.

The keynote address on “Building a Better Playbook for Incident Response” will be given by Mike MELLOR (VP, Security, Adobe). Recent industry-wide security issues, in open-source software in particular, have energized companies to revisit their playbooks and processes for handling these types of issues. This is especially true now that vulnerabilities are now affecting software libraries that are used broadly to perform very common, basic service functions. Compound this with the fact that the situations around these vulnerabilities can change by the day or even the hour – resulting in a unique level of both visibility and complexity for any in our industry affected. For the industry in general, such broadly applicable incidents are relatively new – and we are all adapting to how we deal with and help mitigate them moving forward. Standard security practices need to be revisited regularly to adapt to these broader potential issues. These types of vulnerabilities can impact many applications and services – and are also often too new to be flagged by widely used commercial scanning tools. You need to mobilize the entire company to effectively deal with these issues and properly manage customer expectations. Mike MELLOR will share best practices Adobe has learned to help enhance our own playbooks to better deal with the evolving complexity and scope of industry-wide vulnerabilities. He will provide guidance and best practices that can be valuable as we work together as an industry to get better at managing and mitigating similar incidents in the future. The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html.

The Cloud Security Alliance (CSA) produced the "Cloud Incident Response Framework" last year. As a follow-up initiative, we are calling the experts to join the newly formed Cloud Data Breach Investigation working group that undertakes to develop an industry best-practice guidance on how an investigation of cloud data breaches should be conducted to ensure timely detection of data breaches; accurate identification of root cause(s) and timeline; proper handling of evidence for legal admissibility; and, reporting to management of affected organizations and regulators. To join please click here https://circle.cloudsecurityalliance.org/community-home1?CommunityKey=6a4bb1f0-d30c-4982-a488-71a539c79b4e

The presentation on “Cybersecurity in the Quantum Era” will be presented by Bruno HUTTNER & Ludovic PERRET (Co-chairs, Quantum-Safe Security WG, CSA). As emphasized by the recent announcements on the quantum advantage, quantum computers can already perform computations, deemed impossible or at least very lengthy with classical computers. Having access to improved computing power is great news in many areas. However, this also represents a threat for most of our communications. Indeed, cryptography, which is underpinning the security of our communication infrastructure, is based on some hard mathematical problems, which will become tractable with a quantum computer. Our complete cybersecurity infrastructure has to be revamped. In this talk, the speakers start with a brief explanation of the quantum computer and explain the quantum threat. They then present possible solutions. Some solutions are based on new algorithms. These are known as quantum-resistant algorithms & can be complemented with quantum solutions, which utilize the same peculiar properties of the quantum world to thwart the quantum computer threat. Together, they will be part of a new quantum-safe infrastructure. Any organisation or person relying on secure communication for his business or personal life has to start taking this new threat into account. The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html.

In celebration of the International Women's Day on 8 March, a shout-out to individuals who have contributed to cloud security research, training, & community development in APAC; they include:

South Asia: Vandana VERMA, Renu BEDI, Dr. Lopa Mudraa BASSU, Satyavathi DIVADARI, Sujatha YAKASIRI, Ekta MISHRA (all from IN).

ASEAN: Mel T. MIGRINO (PH), May-Ann LIM (SG), Khadijah Abdul RAHMAN (MY), Dr. Nantawan WONGKACHONKITTI (TH), Densi RAFWALU (ID), Stephanie HUNG (SG).

Northeast Asia: Melan XU (CN), Se-Eun LEE (KR), Terumi LASKOWSKY (JP), Candy YE (CN), Dr. Eunju KIM (KR).

Oceania: Sai HONIG (NZ), Dr. Sergeja SLAPNICAR (AU).

In conjunction with the CSA Research Summit on 10 March 2022 (https://www.csaresearchsummit.com/.../d3e64458-eb56-4b8b...), we recognize the members of the APAC Research Advisory Council (APRAC) who provide high level advisory, guidance, directions, ideas to CSA APAC-driven research initiatives (e.g. Working Groups, projects, events, outreach) with a collective APAC voice. They include (and not limited to) those shown here.

In conjunction with the CSA Research Summit on 10 March 2022 (https://www.csaresearchsummit.com/event/d3e64458-eb56-4b8b-ad98-de599539b389), we recognize APAC-based individuals who lead research working groups in areas such as Blockchain, Cloud Component Specifications, Cloud Incident Response, Cloud Security Services Management, HPC Cloud Security, Hybrid Cloud Security, Industrial Control Systems Security, Mobile Application Security Testing, & SaaS Governance. They include (and not limited to) those shown here.

In conjunction with the CSA Research Summit on 10 March 2022 (https://www.csaresearchsummit.com/event/d3e64458-eb56-4b8b-ad98-de599539b389), we highlight individuals who have been recognised as CSA Fellows for their accomplishments & contributions to CSA research. Those APAC-based Fellows are depicted here.

The next CCSK Plus VILT training dates are 29-31 March 2022. Please register at: https://lnkd.in/gY2gAVYd

The keynote entitled “Assessing the Stakes at Play in our Cloud Journeys” will be presented by Illena ARMSTRONG (President, CSA). As we move through 2022, we’re understanding more of its more its challenges while also trying to ensure our cloud and cybersecurity strategies are in motion to hit the goals we set for the year. We see that fundamental to these is our respective organizations’ digital transformations and the various priorities associated with these. We also fully grasp the stakes at play and the security, privacy and business requirements that can’t be wagered. For instance, most organizations are embracing multi-cloud environments and see the various challenges that come with this choice. They’re also setting priorities around the implementation of zero-trust models, privacy-by-design, serverless architectures, AI and more. All the while, they’re still contending with myriad cybercriminals and other bad actors, both organized and wholly independent, who are aware of these evolving infrastructures on which we all rely, too, of course. Taking into account organizations’ evolving business needs, this presentation will review some of the CxO’s priorities for 2022 and beyond, review how still advancing digital transformation are continuing to evolve, examine some of the more pressing risks and threats these present, and show how CSA can support CxO’s aims to achieve and maintain successes along their continued cloud journeys. The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html.

The next CCSK Plus VILT training dates are 29-31 March 2022. Please register at: https://knowledge.cloudsecurityalliance.org/certificate-of-cloud-security-knowledge-lectures-and-labs-3-day

In this edition of the CCSK Interviews, we speak with Sau-Wern Tuan, CISO, FINEXUS International Sdn Bhd.

https://cloudsecurityalliance.org/blog/2022/02/20/ccsk-success-stories-from-a-ciso/

CCSK Success Stories: From a CISO | CSA Hear from CISO Sau-Wern Tuan about a common pitfall encountered when managing cloud projects, and how to leverage the CCSK to improve your security strategy.

The annual CSA APAC Summit will be held as a 1-day virtual event on 20 April 2022. The event program & registration site will be announced soon. The summit will commence w addresses by Jim REAVIS (Co-Founder & CEO, CSA) and Dr. Hing-Yan LEE (EVP APAC, CSA). Jim’s Opening Address is entitled “2021 The Cloudzilla Era of Cybersecurity.” The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html

The first APAC Chapter Leaders' Meeting for 2022 was held on 18 Feb; it was attended by reps from Australia, Bangladesh, China, HK & Macau, India (Bangalore & New Delhi), Malaysia, Philippines, Sri Lanka, Thailand, Vietnam & CSA APAC. The leaders weighed in on issues pertaining to global updates, events, summits, continuing research initiatives, training & the new PayForward cloud security program.

This evening, we held our kick-off session for a new CSA initiative that facilitates self-learning for the Certificate of Cloud Security Knowledge (CCSK). Each cohort comprises 10 participants and 2 fully qualified CCSK instructors who volunteer as session facilitators. The PayForward program features learning, presentations, discussions & quizzes to upskill & improve knowledge in cloud and cloud security using materials from the CCSK Body of Knowledge. Successful participants will lead future cohorts in a similar manner and facilitate future runs of the program

As we witness the broader adoption of cloud services, it is no surprise that third-party outsourced services are also on the rise. The security responsibilities are typically split between the CSPs and CSCs. However, in reality, third-party security services providers increasingly play essential roles, such as providing consultancy or managing security services for CSCs. They have a part in securing the cloud platform as well. The roles of a Third-Party Security Service Provider (TPSSPs) can be pivotal in the security of these SMEs. The talk will highlight the guidelines that will help CSCs when signing Service Level Agreements with TPSSPs. Entitled “Roles & Responsibilities of Third-Party Security Providers”, it will be presented by Dr. Kai CHEN (Chief Security Strategist, Strategy Department of Huawei Technologies Co Ltd & Co-chair, Cloud Security Services Management WG, CSA). The program & registration link can be found at https://www.csaapac.org/csaapacvsummit2022.html.

PARTNER ANNOUNCEMENT 📢

We are pleased to welcome Cloud Security Alliance as our strategic partner for W.Media’s South East Asia Digital Week 2022!

Cloud Security Alliance is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer -specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud - from providers and customers, to governments, entrepreneurs and the assurance industry - and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.

Stay tuned as we reveal more speakers, sponsors and partners who will be joining us for the Digital Week hybrid show.

Check out our agenda:
➡️ https://lnkd.in/ghqrGY84

Get your FREE ticket now:
➡️ Online Registration https://lnkd.in/g_nC3cER
➡️ On-site Registration (limited seats) https://lnkd.in/gCJfYAYS

#2022