-
Summary
-
Speakers
-
Schedule
-
Contact Us
<
>
Understanding Cloud Risks, Compliance & Mitigation Measures
The COVID-19 pandemic created an instant demand for cloud-based solutions requiring the majority of organizations to accelerate their journey to the cloud. The CSA APAC Virtual Summit will focus on educating stakeholders on the key issues and trends facing cloud and cybersecurity today. The event will deliver the education, tools and knowledge you need to make this easier, faster pivot to the cloud. This one day program organised by CSA APAC will provide insight and provide a global perspective on critical strategic cloud and cybersecurity concerns.
Join leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit organized by CSA APAC on 31 March 2021.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
The COVID-19 pandemic created an instant demand for cloud-based solutions requiring the majority of organizations to accelerate their journey to the cloud. The CSA APAC Virtual Summit will focus on educating stakeholders on the key issues and trends facing cloud and cybersecurity today. The event will deliver the education, tools and knowledge you need to make this easier, faster pivot to the cloud. This one day program organised by CSA APAC will provide insight and provide a global perspective on critical strategic cloud and cybersecurity concerns.
Join leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit organized by CSA APAC on 31 March 2021.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
Organized by
Platinum Partner
Supporting Organizations
Speakers & Panelists
Sarbojit M BOSE
Education Director, CSA Singapore Chapter & CCSK Instructor
|
Sarbojit Madhab Bose is a seasoned Information Technology security professional with a rare combination of over 30 years of experience. He has had the opportunity to work with Program and Project Delivery, Service Transition and Operation, Application Test and Implementation, Compliance and Quality, and Cybersecurity.
He is a self-employed professional trainer with expertise in the areas of Project and Product Management, Information Technology/Cyber/Cloud Security, Data Privacy, and Governance, Risk and Compliance. Along with CCSK, he is a certified PMP, PRINCE2, ITILv4, Cyber RESILIA, DevOps, DevSecOps, DevOps Leader, SRE, CTF, CASM, CISA, CRISC, CISM, CSX, CISSP, CIPT, PDPA and PDPP, SG. |
Madhav CHABLANI
Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting
|
Madhav is a Consulting CIO with TippingEdge Consulting and has more than 30 years of experience in the IT services and consulting industry, with proven success in developing, managing and advising global enterprise clients on IT Governance, Strategy, Audits & Assurance, Compliance & Sustainability, in organizational change management management programs programs & Transformation Transformation initiatives initiatives, enriched enriched outsourced outsourced delivery delivery capabilities, Practice‐level competency requirements, Technology Solutions & Enterprise Information Architectures, that minimize risks in an enterprise and align in creating business value. Previously, he has worked with Protiviti, HP Consulting, NIIT Technologies, Agilent, Xansa, PCS, WIPRO on both domestic and global offshore projects and consulting assignments.
|
Francoise GILBERT
Global Privacy Strategist,
CEO of DataMinding, Inc. |
Widely recognized as a pioneer and a thought leader, Francoise Gilbert has spent most of her career as an attorney advising clients on a wide range of data privacy and security legal issues. In the early days of data networks and the Internet, she worked with State and Federal elected officials on the development of legal structures that would apply to the collection, use and transfer of sensitive personal data. Today, her practice is focused on assisting clients in developing products and services that meet everchanging data privacy and cybersecurity legal requirements.
Francoise Gilbert is the author of the leading two-volume treatise “Global Privacy and Security Law” which covers in depth the privacy and data protection laws of over 70 countries on all continents. A sought-after speaker, Francoise Gilbert has been featured on numerous panels throughout the United States and internationally on privacy, cyber security, global privacy programs, cloud computing, connected objects, smart cities, artificial intelligence, and other emerging issues. |
William HO
Co-Chair, ICS Working Group, CSA
|
William has over 20+ years of ICT background and extensive business technology experience and exposure in IT infrastructure & architecture design, converged infrastructure solutions, cloud computing, information security, data protection & security, cloud Security, disaster recovery/business continuity management, risk management and business-IT compliance.
Accrued deep experiences having worked and assisted numerous multi-cultural CXO level from various industries around the globe to strategize, identify, budgeting, justify, plan and implement appropriate technical solutions leveraging multi-vendors’ products fulfilling the business, budgetary, compliance, legislative and regulatory requirements. These experiences, exposures and knowledge reinforced my knowledge, competency, ability and capability to manage, lead, advice, identified and roll-out right solutions to benefit potential employer and clients. |
Ashish KUMAR ADHIKARI
Lead – Customer Experience Engineering – M365 Security & Compliance, Microsoft
|
Ashish Kumar Adhikari is recognized leader in cybersecurity industry with over 24 years of experience across Engineering products, Technology consulting that help business Increase revenue, market share, enhance branding and lower Operational costs. Currently Ashish leads team that’s on mission to uncover customer cybersecurity needs and build world class security & compliance services.
Ashish personal mantra is to keep discovering new innovation in technology, accelerate its adoption in ways that de-risk these innovation for better human lives. In his professional life ashish has repeatedly demonstrated ability to lead engineering, sales and support team and achieving goals while building strong relationship with customers and partners. An Enthusiastic self starter, goal-driven achiever, motivated team player with a creative and progressive attitude. Ashish commands hands on In-depth exposure to working with people all across the globe with deep understanding on cultural differences, communication style and motivational factors. Understand difference in customer priorities, environment and sales tactics in Developed and Emerging markets. Ashish in his spare time loves spending time with Startup, Cybercrime legal professional and is advisor to Board at Various Organizations. |
Dr. Hing-Yan LEE
EVP APAC, CSA
|
Hing Yan LEE is Executive Vice President, APAC at the Cloud Security Alliance (CSA). He has over 30 years of ICT working experience in both the public and private sectors. He was global director of the CSA STAR program for 6 months in 2017. Prior to that, he was Director of National Cloud Computing Office at the Infocomm Development Authority (IDA) for 9+ years, where he was responsible for the national program for, inter alia, developing the cloud ecosystem, promoting cloud adoption by government agencies and private enterprises, and building a trusted environment (which included developing the Multi-Tier Cloud Security (MTCS) standards and Cloud Outage Incident Response guidelines).
He was previously Deputy Director of National Grid Office at the Agency for Science, Technology & Research (A*STAR), Principal Scientist at the Institute for Infocomm Research, Director of Knowledge Lab and Deputy Director of Japan-Singapore Artificial Intelligence Centre at the Kent Ridge Digital Labs as well as Deputy Director at Information Technology Institute (the applied R&D arm of the National Computer Board). He oversaw and managed industry collaborations and applied R&D in machine language translation, spoken language dialogue, expert systems, knowledge discovery, data mining, data visualization, and other knowledge-driven efforts. Hing Yan co-founded two high-tech companies in 2000 and is a technology advisor to a fintech start-up. He was an adjunct associate professor at the National University of Singapore, served on the School of Digital Media & Infocomm Technology Advisory Committee at the Singapore Polytechnic, Engineering Accreditation Board team member (2014), co-chair of the National Infocomm Competency Framework Technical Committee on Cloud Computing as well as a member of the Cloud Computing Standards Coordinating Task Force of the Singapore Infocomm Standards Committee (ITSC). He was also a member of the NatSteel Corporate R&D Advisory Panel, an advisor/member to the Singapore National Archives Board, and the Australia-Singapore Joint ICT Council. Hing Yan is a Fellow and former VP of the Cloud Chapter in Singapore Computer Society. He is active in the ITSC working group on MTCS revision, and SingAREN Lightwave Internet Exchange (SLIX 2.0) Steering Committee. He has also undertaken consultancy and research reviews for the governments of Finland, Israel, Malaysia and Singapore as well as cloud service providers. He graduated from the University of Illinois at Urbana-Champaign with PhD and MS degrees in Computer Science. He previously studied at Imperial College London in the UK where he obtained a BSc (Eng.) with 1st Class Honours in Computing and MSc in Management Science. |
Ian LOE
CTO, NE Digital
|
Ian has more than 20 years of experience in the IT industry with wide industry experience spanning public sector to financial services. He has deep knowledge in both infrastructure and application security with deep expertise in governance and security technologies. Today Ian is the SVP of Cybersecurity in a large conglomerate and responsible for the management of cybersecurity in the group. He has held other senior appointments such as Director, Government Cybersecurity Operations and was responsible for managing cybersecurity operations for the whole of government in Singapore, which includes the monitoring of and response to cybersecurity incidents.
|
Narudom ROONGSIRIWONG
SVP & Head of IT Security Kiatnakin Bank & Co-chair, Hybrid Cloud Security WG, CSA
|
Narudom Roongsiriwong is a Certified Information Systems Security Professional with experience more than 20 years. His primary areas of information security are in solution designing, data analytics and application security.
Narudom is currently Head of IT Security at Kiatnakin Bank since 2014. He significantly improved Kiatnakin’s cybersecurity especially in secure software development lifecycle. In October 2017, Narudom was awarded “Best Application Security” and “CISO of the Year” from NetworkWorld Asia. Narudom is a committee member of Thailand Banking Sector CERT (TB-CERT), committee member of Cloud Security Alliance (CSA) Thailand Chapter, the Open Web Application Security Project (OWASP) Thailand Chapter. He is also official technical subcommittee of Thailand’s National Digital Identity (NDID) project. |
Jim REAVIS
Co-Founder & CEO, CSA
|
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame. |
Kurt SEIFRIED
Chief Blockchain Officer & Director of Special Projects, CSA
|
Kurt Seifried is currently the Chief Blockchain Officer and Director of Special Projects at the CSA. He brings a wealth of experience from companies like Red hat, iDefense, and iSIGHT, and activities such as having assigned 6,000+ CVE identifiers for OpenSource projects and software. Currently, Kurt is focused on Blockchains, Smart Contracts, market manipulation, and threat modeling for all of this.
|
Steven SIM
President
ISACA Singapore Chapter |
Steven Sim has worked for 23 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven security governance and management initiatives and headed incident response, security architecture, technology and operations at local, regional and global levels.
He currently leads Global Cybersecurity Incident Response and oversees CSIRTs in business units. He also leads the Group IT Security CoE and Technology Scanning to franchise best practices to business units and has also driven cyber initiatives, developed standards, managed threats, researched vulnerabilities and promoted awareness. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter as the President and holds a Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. He is an APMG-accredited trainer for ISACA's core certifications and a member of both the Microsoft APAC CISO Council and Fortinet Executive Cyber Exchange (ECE). He regularly shares his thoughts on cyber risk and security, lectures on an adjunct basis at National University of Singapore Institute of System Sciences, speaks and panels at both international and local conferences and published articles. He is recognised in the Peerlyst 29 Highly Influential CISOs list, a Singapore SkillsFuture Fellow and a Professional (Leaders) Finalist in Singapore’s Cybersecurity Awards 2018. Key areas of expertise and experience lie with IT Security Governance, Risk Optimisation, Compliance, Security Assessment, Incident Management, Training, Awareness. Planned and oversee deployment of solutions enabling business for large IT enterprises and critical OT infrastructure with focus on Internet of Logistics TM, CP 4.0 TM, Supply Chain 4.0 and Cyber-Physical Systems. |
Tze Meng TAN
Head of Data Cloud Department, Digital Infrastructure and Services Division, MDEC
|
Tze Meng graduated with a BSc(Eng) in Computer Engineering from Queen Mary College, University of London in 1986 and has been in the ICT industry for more than 30 years.
In 1988 he started a career with Telekom Malaysia's IT Division and in 1994 had a key role in the launch of TMnet in 1996. In 2000 he left his role of managing TMnet's international networks and was involved with two startups in data centre design, cybersecurity and Apple enterprise support. In 2007 he joined Malaysia Digital Economy Corporation (MDEC) and today he heads the Data Cloud Department which is responsible for the digital infrastructure ecosystem in the digital economy. He has also been a member of the Malaysia's mirror committee for ISO/IEC Information Security Standards development and the ISO mirror committee for Blockchain and Distributed Ledger Technology standards. |
Onn Chee WONG
CTO, Resolvo Systems Pte Ltd
|
Onn Chee is currently working as the Managing Director in Infotect Security, the Chief Technology Officer of Resolvo Systems and Technical Director of Rajah & Tann Technologies. His areas of expertise include information leakage protection, web/cloud security and security strategy. Onn Chee is also one of the co-inventors for at least six international PCT patent rights (http://www.wipo.int), besides several US, EU and Singapore patents.
He had published his works in the area of information leakage protection and application of evidence laws when designing IT systems in the ISSA Journal (Information Systems Security Association). Similarly, he had been a contributor to the Center of Internet Security (CIS) security benchmarks. Onn Chee is the current Singapore chapter lead of Open Web Application Security Project (OWASP) (http://www.owasp.org/) and the main organiser of the Security Meetup Group in Singapore. In addition, he is the Cloud Security Working Group Chair of Security & Privacy Standards Technical Committee under IT Standards Committee in Singapore and had led the Singapore national delegation to ISO/IEC JTC 1/SC 27 meetings. He is one of the contributors to Singapore first Technical Reference on public computing services (TR 31:2012) and is a member of the working group which developed Singapore's first national cloud security standard (SS 584:2013). Onn Chee is also part of the national team that developed Singapore’s first Technical References on Internet-of-Things (IoT), such as Technical Reference for IoT security for smart nation (TR 64:2018), sensor network for smart nation (public areas) (TR 38:2014) and for sensor networks for Smart Nation (homes) (TR 40:2015). Onn Chee is also a member of the Singapore's Artificial Intelligence Technical Committee. |
Rizwi WUN
Partner, RHTLaw Asia
|
Rizwi is one of the founding members of RHTLaw Asia. He has been in practice for about 20 years and is the Acting Head of the Firm’s Intellectual Property & Technology Practice.
Rizwi’s main areas of legal practice covers the creation, protection, commercialisation and enforcement of intellectual property in Singapore, and also in the region. Rizwi also advises on legal and regulatory aspects of technology-related matters, with particular emphasis on Data Protection, Cyber Security, and Competition Law issues. In addition, Rizwi’s industry focus covers developments in Telecommunications sector, Fashion & Luxury, Food & Beverage, and Games industry. Rizwi also has in-house industry experience, having previously worked as in-house legal officer and company secretary to a Singapore Government-Linked Company and legal counsel in a multi-national consumer electronics company. He contributes regularly on topics including life sciences research, data protection, and franchising and has been featured, most recently in 2016, in the Singapore Business Times and Bloomberg Asia relating to issues on cyber security and data protection. Rizwi has also advised clients such as China Mobile and Nexmo, Inc. on regulatory licences and permits with the Infocomm Development Authority of Singapore, for the provision of telecommunication services and Monster Energy on regulatory issues and permit for food importation. Rizwi was identified as one of the most highly-acclaimed legal experts in the Asia-Pacific region in the practice area of Intellectual Property by the 2007 Asialaw Leading Lawyers survey and was listed in Who’s Who Legal for Franchising in 2008 and for Patents in 2016. He has also been listed in Asia Legal 500 from 2009 to 2011 and in 2018 for Intellectual Property and TMT matters. |
Feng ZOU
Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA
|
Zou Feng (CISSP-ISSAP, CISA) has been working in IT for 20+ years with strong technical background and broad experience in heterogeneous system and multi-culture environment. Starting as Communication Engineer in ICBC, Feng had taken different roles including Support Supervisor, Regional Network Manager, Senior Security Manager in different industry.
His main responsibilities are including designing, engineering, and implementing security technologies, providing security strategic input, design and vision for board and so on. Since 2017, Feng has been working with Huawei Cloud to provide management oversight for the all the aspects of maintain cloud service security and continuously evaluate cloud security capability to cope with the new emerging threat. Feng’s specialty: Cloud Security Design, Operation and Troubleshooting; Develop Information Security Policy, Standard and Procedure; Information Security Audit; Network, Remote Access, Web and Email Security; Security incident Investigation and Forensics and Risk Management. |
Time |
Activity |
Session Link |
9:00 am |
Welcome Remarks Dr. Hing-Yan LEE (EVP APAC, CSA) Opening Address - 2021 The Cloudzilla Era of Cybersecurity Jim REAVIS (CEO & Co-Founder, CSA) Keynote - Cloud First World : IT Responsibilities & Expectations Ashish KUMAR ADHIKARI (Lead – Customer Experience Engineering – M365 Security & Compliance, Microsoft) Cloud security remains a top priority for customers. This keynote highlights the current problem, thinking model and how some Cloud service come to deliver recommended practices. It will provide you glimpse into three key issues: . What is the top risk in adoption of public cloud service and how can they be controlled? What are the unique security challenges in IaaS, SaaS and Hybrid environments and how can they be mitigated? How regulatory and privacy changes are making this risks a board discussion and how AI/automation can evolve to aid IT organization in having a controlled pane environment. |
|
10:00 am |
Hybrid Cloud and Its Associated Risks Narudom ROONSIRIWONG (SVP, IT Security, Kiatnakin Phatra Bank, Thailand & Co-chair, Hybrid Cloud Security WG, CSA) As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases. |
|
10:45 am |
Mitigation Measures for Risks, Threats, and Vulnerabilities in Hybrid Cloud Environment Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG) Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices. |
|
11:30 am |
Embracing ICS with Cloud Computing Necessitate Clarity of Vision William HO (Co-chair, ICS Security WG, CSA) Understanding the trends, security concerns and state of Industrial Control Systems (ICS) cloud helps pave the way. ICS with access to the cloud via web-enabled services are where IT and OT (Operational Technology) converge resulting in an integrated process and information flow that brings with it a more complex architecture. As ICS advances from communicating with networks within the enterprise to interacting externally via IoT platforms and the cloud, the efficiency, effectiveness and scalability, improve. These advances create additional complexity and a larger attack surface which in turn has increased the opportunity for cyberattacks. |
|
12:15 pm |
Cloud Security in the Age of Hybrid Clouds Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds? MODERATOR : Onn Chee WONG (CTO, Resolvo Systems Pte Ltd) PANELISTS:
|
|
1:00 pm |
Break |
- |
1:30 pm |
Blockchain is here to Stay and Being Attacked - How we fix it? Kurt SEIFRIED (Chief Blockchain Officer & Director of Special Projects, CSA) Blockchains are here to stay, and they’re being attacked. Why? Because that’s where the money is, literally (have you seen the price of Ethereum lately?). Combine this with Turing complete smart-contracts (often with security flaws) and it becomes obvious why attackers are so interested. The good news is that we’ve done this before, and we can not only learn from the past but we know what the gaps are this time around and we can close them faster. In this session, I’ll cover the real attacks we’re seeing today, and the attacks we can expect to see tomorrow. We’ll also talk about how to prevent them, and what the future (might) bring with respect to Blockchain security. |
|
2:15 pm |
The Promise and Pitfalls of Committing to Cloud : Securing Authorization and Architecture Off - Premise Steven SIM (President, ISACA Singapore Chapter) With accelerated cloud adoption particularly during the COVID-19 pandemic, cloud has become a life-line to numerous organizations for sustaining their operations working from home, but yet it also raises the concern of embroiling into a cyber pandemic of malware outbreak, data breaches and disrupted operations. This presentation hopes to help the audience to navigate the realities of on-premise to cloud migration and address key security concerns relating to new vectors of attack that off-premise operations invite. |
|
3:00 pm |
An In-depth Look at the Obligations Arising from Data Breaches Rizwi WUN (Partner, RHTLaw Asia) The presentation will look at obligations and desired responses arising from data breaches. |
|
3:45 pm |
How privacy & security professionals can cooperate to achieve better compliance with laws & standards, reduce risks & costs to their organization Francoise GILBERT (Global Privacy Strategist, CEO of DataMinding, Inc.) The pandemic has caused drastic changes in the way in which most entities operate. In this new ecosystem, cloud services have become the primary source of computing and processing capabilities. Increased use of cloud services requires increased workforce to manage and operate these systems, and ensure that compliance requirements are met and best practices maintained. Cloud services encompass numerous privacy and security issues. At a time when privacy and security professionals are scarce, organization may help increase efficiency and do more with less if they can encourage privacy and security professionals to cooperate in their tasks. In this session we will discuss some of the new privacy and security issues that cloud users and providers may be facing, and how cooperation between privacy and security professionals might help increase efficiency. |
|
4:30 pm |
Panel Discussion - Security Meets Privacy on the Cloud - A Better Understanding Security and privacy are twins when it comes to providing tools to secure the users' data. However, they are un-identical twins; they are different. Security relates to the protection of data from threats, such as hackers, while privacy encompasses how personal data is collected, managed, stored and shared. Enterprises today are realizing the importance of both, since business impact will be immense if these issues are ignored. MODERATOR : Tze Meng TAN (Head of Data Cloud Department, Digital Infrastructure and Services Division, MDEC) PANELISTS:
|
Disclaimer : The ordering & timing is subject to change