Unsubscribe from this newsletter by sending us an email.
CSA APAC Monthly Codebook
Welcome to the CSA APAC Cloud Codebook!
A monthly newsletter, and your source for the most up-to-date news on CSA APAC Region.

Corporate Members Spotlight

Check out what our corporate members are doing!


TÜV Rheinland, Singapore


CSA APAC Visited their corporate member- TÜV Rheinland on 3rd November, 2015 to discuss the benefits of CSA corporate membership. The team met with Heidi Mateo and Christian Weidinger in their office to discuss on how they can leverage on the membership benefits. TÜV Rheinland is also a certification body for CSA Security, Trust and Assurance Registry (STAR) certification that provides out of one hand CSA STAR, MTCS (Multi-Tier Cloud Security) and TÜV Rheinland Certified Cloud Service (accepted by ENISA) audit and certification.


ClearManage, Singapore


CSA APAC visited ClearManage on 9th November, 2015 for welcoming them as a new corporate member of CSA. They were oriented into CSA membership benefits and how to strategize to engage their team in CSA activities were discussed including some of CSA latest research and security tools. Clearmanage is one of the company who recently received their CSA STAR Certification done this year in the APAC region.


Infosys, India


CSA APAC met with Infosys on 11th December, 2015 at their Bangalore Campus, India. The meeting with Infosys lead to the discussion on how they can strategize to engage their team in CSA activities and get involved in CSA’s research working groups and how to leverage on User Certification, Provider Certification and government relations offered by CSA. The discussion was also focused on how Infosys can utilize about PR opportunities for Weaver as part of the CSA.


CSA APAC Research Activities

Check out our research activities!


Mobile Application Security Testing (MAST) Working Group

Mobile Application Security Testing Working Group releases its white paper which incorporates elements in NIST’s SP 800-163, ISO 27034, Domain 10 of CSA’s Security Guidance (Application Security) as well as other best practices documents The goal of the project strives to create a more secured cloud ecosystem to protect mobile applications. Engineering methods are established by system protection and applied to structure, design testing, and review of applications. These assist in integrations and introduce security, quality control, and compliable evidence in mobile application development and management. The current version uses Special Publication 800-163 as the basis of consideration in determining the classification level for basic security vetting specifications. Security classification can be divided into three categories. Level C has 40 items, any single violation results in one point deduction. Consecutive violations of certain Level C items will be escalated to become Level B violation. Same rule applies to Level A similarly. The vetting benchmark provides the third party institution related App security vetting, vetting result analysis, and security risk assessment for mobile Apps and their corresponding security level rating, by which mobile app security level are perfected. The vetting standard complies with 「CSA MAST Mobile APP Security Testing and Vetting」to provide the necessary security vetting items and benchmarks for mobile apps. This vetting standard items can be applied to the common functionalities of mobile app of non-specific domain and mobile app to ensure the tested mobile app’s conformance to the Mobile APP Basic Information Security Specifications security classification and corresponding security requirement. Differentiations between the information security specification required by the domain functionalities of specific domain mobile apps and the vetting standard are suggested to be researched and written in the later revised versions.


Have a look by clicking here!
If you wish to contribute your opinions and comments, put them in this document and send it back to us at csa-apac-research@cloudsecurityalliance.org!

Remember to fill in your name, organisation and email in the form when making your contributions so that you could be recognised as one of the contributors to the white paper!


CSA Events and Activities

The latest updates about CSA APAC events and activities.


CSA New Zealand Summit 2015, 27 November, Wellington, New Zealand


The CSA New Zealand Summit 2015 was successfully held in the Ministry of Business, Innovation and Employment (MBIE) offices, Wellington on 27 November, together with the STRATUS Forum. It is a yearly event organized by the CSA APAC and CSA NZ Chapter. At the summit, Dr. Raymond Choo, our Co-chair of CSA APAC Education Council announced the formation of the A&NZ Regional Coordinating Body. Followed by the announcement of the RCB, Raymond presented the top 5 Cloud Trends Changing Information Security as predictions to watch out in 2016.


Mr. Andrew Scothern, Software Development Manager from our STRATUS partner Gallagher, presented how CSA, Gallagher and STRATUS have been working together in the year 2015. Andrew also gave a presentation on how Gallagher sees Cloud technology and how important CSA's global insights, standards and best practices are.

At the end of the summit, Mr. Colin Wallis from our CSA NZ board together with Raymond and Andrew held a panel session on the topic "NZ ICT industry challenges and potential solutions". The panel session was very interactive with the audience. During the session, Colin also brought up the topic "Should we setup a Wellington Chapter". If you are interested in joining the CSA Wellington Chapter, please contact: leadership@nz.chapters.cloudsecurityalliance.org


3rd CSA APAC Congress, 30 November -3 December, Guangzhou, China


Following the success and tradition of previous CSA APAC Congress renditions, this year’s APAC Congress was the premium event for compelling presentations and interesting discussions about research, development, practice and trends related to cloud security. Attendees represented end-user, research and industry viewpoints, and there are plenty of networking and business opportunities throughout the event.

As with this growth, the Cloud Security Alliance Asia Pacific (CSA APAC) had 3rd CSA APAC Congress held on 2 and 3 December 2015 at Guangzhou, China. The theme for 3rd CSA APAC Congress was ‘The Future of Cloud Computing’.

The 3rd CSA APAC Congress was co-hosted by CEPREI. CEPREI Certification Body has been a proud CSA Executive Member since 2014. CEPREI joins an exclusive group of organization representing the top 5% of the global trusted cloud eco-system driven by the CSA. The Fifth Electronics Research Institute of the Ministry of Industry and Information Technology (China CEPREI Laboratory), also known as the China Electronic Product Reliability and Environmental Testing Research Institute, was established in 1955 and is the first scientific research organization to engage in product quality and reliability research in China.


1st Day of the Congress was marked with CSA International Working Group meetings- Mobile Application Security Testing (MAST), Virtualization, CSA APAC Education Council, Executive Council Meeting & the CSA Corporate Members Forum which brought together top cloud security leaders within the CSA trusted cloud eco-system to a common platform annually. In addition, the CSA Corporate Members Forum was a platform to provide strategic directions for solving the most pressing issues faced by cloud security today and tomorrow. The Forum also provided an excellent chance for cloud security leaders to shape the future of our industry in the region.

There were over 20 international speakers from the government and cloud security professionals who presented on the following tracks-

  • Emerging Trends and Technologies
  • Strategies, Governance, Risk Management
  • Case Studies and Deployed Technical Solutions

The Cloud Security Alliance (CSA) was also honoured to host a working level Forum for cross-strait technical discussion and collaboration between China and Taiwan relevant government organizations and leading commercial entities. This inaugural Forum identified how the organisations in both the countries can shape their businesses and influence global proceeding in the Cybersecurity industry. Moving forward, it will be an annual fixture at future CSA Greater China Summit.


CSA APAC Inaugural Awards Ceremony, 3 December, Guangzhou, China


CSA APAC hosted its first Awards Ceremony during the 3rd CSA APAC Congress on 3rd December in Guangzhou, China. The two categories for the awards were Enterprise awards- “Security Innovation of the Year’15” and Individual awards- “Cloud Security Ninja’15”.

Enterprise Award

Trend Micro awarded for CSA APAC Award- Security Innovation of the Year


Ribose awarded for CSA APAC Award- Security Innovation of the Year


DBApp Security awarded for CSA APAC Award- Security Innovation of the Year


CEPREI being awarded for their outstanding contribution with CSA APAC in 2015


Individual Award

Li- Yao awarded for CSA APAC Individual Awards- 'Cloud Security Ninja'


Dr. Ryan Ko for awarded for CSA APAC Individual Awards- 'Cloud Security Ninja'


Richard Zhao awarded for CSA APAC Individual Awards- 'Cloud Security Ninja'


Yi- Lang Tsai awarded for CSA APAC Individual Awards- 'Cloud Security Ninja'


Memorandum of Understanding (MoU) signing Ceremony between Cloud Security Alliance APAC and National Cyber Defence Research Centre, 12 December, India


The Cloud Security Alliance APAC and National Cyber Defence Research Centre entered into a Memorandum of Understanding (MOU) on 12th December, 2015.

The MoU was signed by Dr. Amar Prasad Reddy, Additional Director – General, National Cyber Safety and Security Standards & Founder Member, Recruitment Analysis Council and Aloysius Cheang, Managing Director APAC, Cloud Security Alliance which took place during National Cyber Safety and Security Standards Summit 2015 at PES University in Bangalore, India.

The MOU facilitates the intention of the Parties to collaborate to further education and research efforts in cloud security. Some of the specific areas of collaboration include:- Joint participation and support for Parties’ industry events and conferences, adoption of CSA education and training framework and to co-develop a User Certification for Individuals that caters for India’s national requirement using CSA Education roadmap as a baseline (e.g. CCSK and CCSP certification) that will become a de facto in country proficiency benchmark/public tender requirement

This collaboration will also lead in adoption of CSA STAR certification and its derivative as Indian National Cloud Provider requirement and to develop startup incubators as part of the CSA Innovation Initiative which will help to build incubators and accelerators to encourage entrepreneurship and the creation of the next Facebook, Google in India. It will encourage entrepreneurial skills and create links between universities and industry.


CSA Supported Conferences

The latest updates about CSA APAC supported conferences


National Cyber Safety & Security Standards Summit

National Cyber Safety & Security Standards Summit '15 was held on Dec 11th & 12th, 2015 in Bangalore at PES University. It is is an yearly event organized by National Cyber Safety and Security Standards in association with Ministry of Communications & Information Technology, Government of India and with various State & Central Governments.


At the summit, Aloysius Cheang gave a keynote on Top 5 trends in cloud security as predictions to watch out in 2016, in which he highlighted future virtualization and container technology which will become the commonplace and other trends such as Cloud Access Security Broker and Cloud Data Governance.


Chapter Spotlight


ANZ Regional Coordinating Body

Featured chapter of the month

The Cloud Security Alliance, Australia Chapter was founded in 2011 and four years later the Chapter has more than 940 members, including guest members from outside Australia who share an interest in cloud security, as well as chapter executives in Brisbane, Melbourne and Sydney. This chapter has been working closely with the CSA New Zealand Chapter and CSA APAC leadership to found the ANZ Regional Coordinating Body (RCB), which was announced in November 2015. While uniting what from 2016 will be city-based CSA Chapters, the RCB shares the same mission: To increase CSA’s advocacy and awareness, as well as promote cloud security and build additional alliances in the region.

The first Chair of the ANZ RCB is Richard Keirstead (CISSP, CISM, CGEIT, CISA, ITIL), who was a co-founder of the Australia Chapter.

The Chapter's main web site is http://csa.curatebee.com.au/ and the LinkedIn page for joining is: https://www.linkedin.com/groups/3966724


APAC Volunteer Leadership Spotlight


Mr. Richard Keirstead


Richard Keirstead, CISSP, CISM, CGEIT, CISA, ITIL, is the Global Practice Leader Technology at the Australia and New Zealand Banking Group (ANZ). He is also the Chair of the Cloud Security Alliance ANZ Regional Coordinating Body, which covers Australia and New Zealand, and the president of the Based Cloud Security Alliance Melbourne Chapter. At ANZ, Richard provides assurance over cloud security, IT security, information security across a banking group that operates in 33 countries.

He has been active as a practice manager in two countries for EY, a “Big 4” professional services organization, as well as having been highly active in the information security communities in Australia and Japan, where he spend 22 years helping numerous global organizations establish consulting practices in Tokyo. He is a member of the CSA, ISACA and (ISC)2.


Upcoming Events

Come and Join Us!

    CSA APAC Events
  • CSA APAC Summit 2016, 4 May, 2016, Marina Bay Sands, Singapore
  • Cloud technology has evolved from an exciting technology novelty into a white hot resource. Yet, adoption is far from optimal, and technological innovation within the field continues unabated. Never before has technology been so entwined with organizational optimization as with the advent of cloud. Charting viable directions from the myriad technology permutations for both users and their technology providers can be a daunting proposition. Which is why we are putting together the CSA APAC Summit 2016. To discuss, update,explain, clarify, and help out map out your future in the Cloud.

    Mark your Calendar now for 4th May, 2016 For more information, please contact: csa-apac-summit@cloudsecurityalliance.org


    If you are interested in utilising the CSA Cloud Codebook for marketing purposes, please contact the co-editors.