-
About
-
Speakers
-
Schedule
-
Sponsors
-
Venue
-
Downloads
<
>
CSA APAC Summit 2017
10th April, 2017 SUNTEC CONVENTION CENTRE, SINGAPORE |
To access conference presentations, go to "Downloads".
|
Securing the Converged Cloud
Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), quantum computing, and container technologies extend the benefits of cloud – but also creates new attack vectors for ambitious and resourceful adversaries. This year’s Cloud Security Alliance Summit welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.
Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), quantum computing, and container technologies extend the benefits of cloud – but also creates new attack vectors for ambitious and resourceful adversaries. This year’s Cloud Security Alliance Summit welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.
Emcee
Michael ChuaTechnologist and Actor
|
Michael Chua is a technologist specialising in information security and has helped banks and MNCs outwit hackers in Europe, Africa, Australia and Asia, for the last 30 years. In his leisure, he is also an award winning film actor and director; and a tropical fruit wine brewer. He is currently based in Singapore.
|
Keynote Speakers
J.R. SantosExecutive Vice President of Research, Cloud Security Alliance
|
J.R. Santos is the Executive Vice President of Research for the Cloud Security Alliance. He oversees the Cloud Security Alliance’s research portfolio that covers a diverse range of cloud security topics such as IoT, Mobile, Big Data, Forensics and Security as a Service. He is responsible for the execution of the research strategy worldwide. In addition, he advises over 30+ working groups that develop industry leading security practices, education, and tools. J.R. has over nineteen years of experience working in information security in a variety of industry sectors including finance, healthcare, aerospace, retail, and technology. J.R. is an active professional in the security industry and has served on various boards and committees throughout his career. J.R. holds various professional certifications and a bachelor’s degree from the University of Washington respectively.
|
Ramesh MunamartyGroup Chief Information Officer, International SOS
|
Ramesh Munamarty is the Group Chief Information Officer, based in Singapore. The role will be responsible for driving three strategic imperatives: Digital Transformation, Enterprise Information Technology, and Business Process Optimisation for the International SOS group of companies that includes International SOS, Aspire, and MedAire. The CIO position is part of the International SOS Group Executive Committee.
Mr Munamarty has more than 25 years of experience in Information Technology. He spent the last 22 years in the United States and relocated to Singapore for the role with International SOS. Most recently he was the Chief Information Officer for Verint Systems, a global leader in Enterprise and Security Intelligence. He played an integral role in leveraging technology for the growth and transformation of the company. He has received several industry recognitions and was a finalist for both the Georgia CIO of the Year 2015 and the ATP CIO of the Year 2015. Mr. Munamarty’s past leadership roles included 3 years as a Principal in Capgemini, one of the world’s foremost providers of technology services; and 12 years in Oracle in various roles including Director, Consulting; and Director, Cloud Services. He has also served on several boards including the Metro Atlanta Chamber of Commerce and Alpharetta Technology Commission. He chaired the Oracle High Tech Strategy Council and was an active member in the community helping non- profit organizations. Mr. Munamarty obtained a Bachelor of Science from the National Institute of Technology, Trichy, India, a Masters in Engineering from the University of Maryland, College Park, USA, and an MBA in International Business from Georgia State University, USA. He also several certifications including certifications in Information Security (CISSP), Project Management (PMP), Production and Inventory Management (CPIM), IT Information Library (ITIL v3), and Six Sigma (GB). |
Dr. Lenka FibikovaToxic Access Management Program Lead, Standard Chartered Bank
|
Dr. Lenka is a determined advocate of pragmatic, human-centered security and governance. Being in the industry for more than two decades, she has extensive experience in managing and delivering security and governance programs, as well as in ensuring security and compliance in business projects. She regularly shares her experience at international conferences and workshops.
Currently Lenka is leading the Toxic Access Management Initiative at Standard Chartered Bank in Singapore. In her previous roles, she was heading governance, risk and compliance in gaming, and was a Local and Regional Information Security Officer at an MNC in the APAC region. She holds an MBA in international management/risk management, CISSP and a Ph.D. in cryptology. |
Speakers
Bobby Zhou
Principal Solution Architect, Carrier BG, South Pacific Region, Huawei
|
Bobby Zhou is a seasoned IT professional with more than 20 years of experience in enterprise data centre and managed services industry.
Prior to join Huawei, Bobby worked in NCS (an IT service arm of Singapore Telecom) for more than 16 years. He was a senior business manager for Singtel EDMS sales and solution support unit between 2010 to 2013 and responsible for managed services solution support to SingTel’s global business units. Prior to that, he was posted to NCS China for 5 years where he held various leadership positions in service delivery, presale consultancy and business development functions. Bobby started his career as a system engineer with NCS Singapore in 1997 where he was involved in a few mega infrastructure projects as an engineering leader and progressively built up his solid expertise in multiple technology domains. Bobby is a strong believer of the parallel universe theory. His passion is to apply and evidence the law of quantum physics in his daily life, no matter conducting a business or improving his golf swing. |
Anthony LimMarket Strategy Director APAC, Cloud Security Alliance
|
Anthony has some 20 years’ professional experience as a cyber-security pioneering professional: advocate, business leader, consultant, instructor and auditor, in the Asia Pacific region. His recent and current pursuits include application security, cloud security and smart/safe cities. He helped build ISC2.org’s application and cloud security international professional technical certifications.
He also held regional senior business positions at IBM, CA and Check Point, and has presented and provided content for many business, industry, academic and government conferences, committees, training and media (print, broadcast, internet). |
Raymond LayDirector, Cloud Security Alliance Singapore Chapter
|
Raymond Lay has a strong passion in how business can leverage on technology to enable them to win in the markets. He believes that with proper understanding and implementation of appropriate controls, businesses will be able to become market leaders, with the assurance that their information assets are secured in the ever changing landscape. With more than 18 years of industry experience, his Information Security experience ranges from Cloud Computing Security, Mainframe Security, BS7799/ISO17799/ISO27002 compliance, SOX compliance, standards review, incident response, intrusion analysis, vulnerability assessment, product research, security framework development and training. Raymond holds a B. Accountancy degree from the Nanyang Technological University as well as a number of professional security certifications including CISSP-ISSMP, ISSAP and CISA.
|
Tarun GuptaRegional Director (Security Architecture), Trend Micro
|
John LeePresident, ISACA Singapore Chapter
|
John has over 20 years of information systems and security management experience. He has worked for service providers as well as end users. His coverage includes APAC and Global.
He has worked in Application Management, Consulting & Training, Infrastructure & Security Service Delivery, Project Management Office and Business CIO office. He was the Business Regional CIO for an MNC. He has also held other roles in the Project Management Office (PMO), Global Delivery Organization and Application Consulting. |
Bala GaneshSenior Manager - System Engineering Asia Pacific, Ixia
|
Bala Ganesh is the Senior Manager –System Engineering of Ixia for the Asia Pacific Region. He is responsible for managing System Engineering and Enterprise solutions in Asia Pacific. He joined Ixia in 2005 and has grown the business in triple digit revenue growth for the last 12 years.
With 15 years technology industry experience, Bala developed expertise in bringing successful network security products to market. He has Lead hudreds of projects across Asia. Bala earned a Bachelor degree from Bangalore University,India in 1999. |
Sean LawrenceChief Information Officer, Dimension Data
|
Mr. C. Sean Lawrence is the Chief Information Officer for Dimension Data Asia Pacific, based in Singapore. In this capacity Sean is responsible for aligning IT with business needs across the region, and for the development and maintenance of IT strategy, architecture, standards, policies, and procedures. He is also responsible for information security. Sean joined the company (then known as Datacraft Asia) in June 2006 as the Group Manager for IT Infrastructure, was promoted to Head of IT in July 2008, and then to his current position in January 2010.
|
Viktor PozgayChief Information Security Officer, Avaloq Sourcing Asia Pacific
|
Viktor Pozgay is responsible for strategic leadership of Avaloq’s Cyber security program in Asia Pacific.
Prior to joining Avaloq, Viktor led the Information Risk and Security Delivery Management for HP’s Enterprise Services, across its Asia Pacific & Japan region with responsibility for security services relationships with clients and ensuring delivery excellence across Enterprise Security Services. In his previous assignments, Viktor held leadership roles in HP’s Global Delivery organization focusing on global delivery for key accounts in EMEA and acting as key contributor to startup and maturation of Global Delivery centers in EMEA. Viktor has 15 years of experience in information risk, security and service management in a global setting across multiple industries. He is currently based in Singapore. Viktor holds a Master’s Degree in Telecommunications from Slovak University of Technology. |
Sandip Kumar PandaChief Executive Officer, Instasafe
|
Sandip Kumar Panda is the Co-Founder & CEO of InstaSafe Technologies Pvt Ltd, an industry leading Security-as- a-Service vendor changing the landscape of cybersecurity.
Sandip has a 10-year background in Information Security domain before turning entrepreneur. His security domain knowledge and expertise comes from having worked in different portfolios across organisations right from managing Channels for Wipro & Symantec to leading the country sales for Bluecoat and starting the India presence as Vice President for Nevales Networks. |
Chuan-Wei HooTechnical Advisor, (ISC)2 Asia Pacific
|
Chuan-Wei Hoo provides strategic and technical advice to (ISC)² Asia-Pacific on security issues affecting the region and membership. Chuan-Wei has around 25 years of IT and cybersecurity management experience in the financial and telecommunication sectors regionally. He also lectures at NTU, ISS-NUS, Temasek Polytechnic, and Business Continuity Management Institute. Chuan-Wei is currently Executive Security Advisor, IBM Security-APAC.
|
Charmian AwDirector, Telecommunications, Media & Technology, Drew & Napier
|
Charmian is a Director with Drew & Napier’s TMT practice group. She is frequently involved in advising companies on a wide range of corporate, commercial and regulatory issues in Singapore. Charmian has also been actively involved in assisting companies on Singapore data protection law compliance, including reviewing contractual agreements and policies, conducting trainings and audits, as well as advising on enforcement issues relating to security, access, monitoring, and data breaches. Charmian is “recommended for corporate-related TMT and data privacy work” by The Asia Pacific Legal 500, and a Leading Lawyer in Who’s Who Legal TMT 2016.
She is a Certified Information Privacy Professional (Europe) (CIPP/E) and Certified Information Privacy Professional (Asia) (CIPP/A), and is also a co-chair of the International Association of Privacy Professionals (IAPP) KnowledgeNet chapter in Singapore. |
Time |
Topic |
0830 - 0900 |
Registration |
0900 - 0910 |
Welcome Address Aloysius Cheang Executive Vice President APAC, Cloud Security Alliance |
0910 - 0930 |
Opening Keynote - "Guide to Navigating the Security Apocalypse" Luciano "J.R." Santos Executive Vice President of Research, Cloud Security Alliance |
0930 - 1000 |
Opening Keynote 2 - "Are the Clouds in the Converged Cloud Darkening?" Ramesh Munamarty Group Chief Information Officer, International SOS The security challenges have increased more than ever with the increased attack vectors in the Converged Cloud. The ease of consuming services from the cloud and the abundance of applications available in the cloud make it easy for business units to start subscribing to desired functionality without long lead times. While this has made application and infrastructure availability ubiquitous, it has made the job of a CISO so much more challenging. The security challenges have exponentially increased not because the security of the cloud provider is deficient but because the organizations that consume services may not apply the same level of diligence as they would in a traditional environment. The desire to have a convenient access to the data leads to potential weakness in applying defence in depth mechanisms such as multi-factor authentication, intrusion detection and hardening of the APIs that access the sensitive data in the cloud. While federation and centralization of credentials makes access convenient, it is also prone to attack. Remember that the convenience of technology comes with a cost and security breaches in a Converged Cloud can be devastating to an organisation. |
1000 - 1030 |
"SHAPE Integrated Security in the Cloud" Bobby Zhou Principal Solution Architect, Carrier BG, South Pacific Region, Huawei "Most of the existing security defences have been built to protect an enterprise architecture that no long exists" [quote by Uber's CSO Joe Sullivan]. In search of the missing defence, this presentation is a collective of solution driven content from Huawei's journey to integrated cloud security. |
1030 - 1045 |
Morning Tea |
1045 - 1115 |
"State of Cloud Adoption in Asia Pacific" Anthony Lim Market Strategy Director Asia Pacific, Cloud Security Alliance Cloud computing has been marketed with its capabilities to offer flexibility, cost efficiency, data availability, easy backup and recovery for years. As Cloud slowly evolves to become an integral part of many organisations, it is without doubt that Cloud adoption is growing significantly as with its increasing importance towards global economy. Cloud computing performance can be overrated at times, blindly adopting Cloud will not grant us the benefits that the technology provides. There is a positive correlation between maximising Cloud potential and availability of in-country Cloud infrastructure. So, what's the state of Cloud adoption like, its availability and affordability, in each major country/city in Asia Pacific? |
1115 - 1145 |
"Securing the Lids on Containers in the Cloud" Raymond Lay Director, Cloud Security Alliance Singapore Chapter As container technologies continue to extend the possibilities of cloud services in both enterprises' and service providers' space, upholding a secured container environment continues to be of utmost importance. Is securing containers any different from traditional technologies, or does it share more similarities with the securing of virtual machines? In this session, we will tak you through some basic security considerations to keep a tight lid on Containers. |
1145 - 1215 |
"XGen Approach To Connected Threat Defence" Tarun Gupta Regional Director (Security Architecture), Trend Micro |
1215 - 1245 |
Panel Discussion: "Security in the Cloud: Evolution or Revolution?" Moderator: John Lee, President, ISACA Singapore Chapter As enterprises accelerate their adoption of cloud computing, a wide spectrum of infrastructure, commercial SaaS and custom built cloud apps are proliferating. Information security teams are rapidly adjusting their risk management practices and adapting their tools to ensure their organizations receive optimal protection from new threats while taking advantage of cloud’s inherent benefits. At the same time, innovators are taking a green field approach and building completely new security solutions from scratch, often described as DevSecOps.
|
1245 - 1400 |
Lunch |
1400 - 1430 |
"State of Cloud Adoption & Security in India" Sandip Panda CEO, Instasafe |
1430 - 1500 |
"Understanding Threat Monitoring & Intelligence of Cloud" Chuan-Wei Hoo Technical Advisor, (ISC)² Asia Pacific Cybersecurity is about preventing, detecting and remediating external and internal threats facing enterprises and government organizations, ranging from malware and threats. Anticipating cyberattacks is the only way to be ahead of any breaches. One of the essential tasks in cloud security is to monitor and detect malicious attacks and their types. An effective Security Operations Center (SOC) can form the heart of an organization’s operational defense against advanced cyber-attacks. This presentation provides an overview on the importance of threat monitoring and intelligence by SOC with the data from latest survey of 2017 Spotlight Report on Cybersecurity Trends. |
1500 - 1530 |
"Legal Considerations in Negotiating Cloud Contracts" Charmian Aw Director, Telecommunications, Media & Technology, Drew & Napier As the cloud market continues to develop in Singapore, cloud contracts are becoming increasingly negotiable along with more traditional forms of outsourcing contracts. This, coupled with recent data protection legislation and guidelines on cybersecurity, has called a greater need to understand how to navigate and craft a cloud agreement. In this session, we will take you through some basic strategies for negotiating cloud contracts. |
1530 - 1600 |
Afternoon Tea |
1600 - 1630 |
Panel Discussion: "Reinventing the Enterprise with Cloud" Moderator: Michael Chua, Technologist & Actor Global enterprises with massive legacy IT infrastructure have the most to gain and the biggest challenge in making the journey to the cloud. Security is the key enabler to secure cloud adoption. How much progress is being made in the Global 2000? Among the key issues that we will explore:
|
1630 - 1700 |
Closing Keynote - "Implementing Cloud Solutions Securely: How To Get Risk And Compliance Out Of The Way" Dr. Lenka Fibikova Toxic Access Management Program Lead, Standard Chartered Bank We love the flexibility and possibilities of fast deployment of cloud solutions. But we also know that cloud solutions introduce new risks in the organization and that we need to consider them diligently. Balancing these conflicting objectives makes the compliance and governance officers uneasy, especially those operating in regulated industries. We will discuss how to approach this conflict. What can organizations do to implement cloud solutions in a secure and compliant way? What can cloud solution providers do to create good prerequisites and to help the organizations in their transition to the cloud environment. |
Supporting Organisations
(ISC)²® is the largest not-for-profit membership body of certified information security professionals worldwide, with over 100,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates.
(ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers a variety of education programs and services based on its CBK®, a compendium of information security topics. Education offerings consist of classroom and online review seminars, self assessment tools, and textbooks.
ISACA (previously the Information Systems Audit and Control Association) is a world wide association of IS governance professionals. The association currently focuses on assurance, security, governance and risk and provides globally recognised certification in assurance (Certified Information Systems Auditor), security (Certified Information Security Manager), governance (Certified in the Governance of Enterprise IT) and risk (Certified in Risk and Information Systems Control). The association is one of individual members, often the sole practitioner of information systems auditing, security, and/or governance in his or her company. The membership of the ISACA reflects a multiplicity of backgrounds and skills that make the information systems governance field challenging and dynamic.
Training Partner
Hewlett Packard Enterprise Company, incorporated on February 25, 2015, is a provider of technology solutions. The Company operates through five segments: Enterprise Group, Software, Enterprise Services, Financial Services and Corporate Investments. The Enterprise Group segment provides its customers with the technology infrastructure they need to optimize traditional information technology (IT). The Software segment allows its customers to automate IT operations to simplify, accelerate and secure business processes and drives the analytics that turn raw data into actionable knowledge. The Enterprise Services segment brings all of its solutions together through its consulting and support professionals. The Financial Services segment enables flexible IT consumption models, financial architectures and customized investment solutions for its customers. The Corporate Investments segment includes Hewlett Packard Labs and certain business incubation projects, among others. The Company's customers range from small and medium-sized businesses (SMBs) to large global enterprises.
To find out how to participate in a more active role, please contact: [email protected]
Venue |
Suntec Singapore International Convention
& Exhibition Centres Level 3 1 Raffles Boulevard Suntec City, 039593 Singapore +65 63372888 |
"Guide to Navigating the Security Apocalypse"
guide_to_navigating_the_security_apocalypse.pdf | |
File Size: | 14999 kb |
File Type: |
"Are the Clouds in the Converged Cloud Darkening?"
are_the_clouds_in_the_converged_cloud_darkening.pdf | |
File Size: | 2873 kb |
File Type: |
"SHAPE Integrated Security in the Cloud"
shape_integrated_security_in_the_cloud.pdf | |
File Size: | 9413 kb |
File Type: |
"State of Cloud Adoption in Asia Pacific"
state_of_cloud_adoption_in_asia_pacific.pdf | |
File Size: | 2773 kb |
File Type: |
"Securing the Lids on Containers in the Cloud"
securing_the_lids_on_containers_in_the_cloud.pdf | |
File Size: | 1318 kb |
File Type: |
"XGen Approach To Connected Threat Defence"
xgen_approach_to_connected_threat_defence.pdf | |
File Size: | 26536 kb |
File Type: |
"State of Cloud Adoption & Security in India"
state_of_cloud_adoption_security_in_india.pdf | |
File Size: | 5798 kb |
File Type: |
"Understanding Threat Monitoring & Intelligence of Cloud"
understanding_threat_monitoring_intelligence_of_cloud.pdf | |
File Size: | 3667 kb |
File Type: |
"Legal Considerations in Negotiating Cloud Contracts"
legal_considerations_in_negotiating_cloud_contracts.pdf | |
File Size: | 2535 kb |
File Type: |
"Implementing Cloud Solutions Securely: How To Get Risk And Compliance Out Of The Way"
implementing_cloud_solutions_securely.pdf | |
File Size: | 423 kb |
File Type: |