-
Summary
-
Speakers
-
Schedule
-
Contact Us
<
>
Cloud Security in the Great Reset
The COVID-19 pandemic created an instant demand for cloud-based solutions requiring the majority of organizations to accelerate their journey to the cloud. The CSA APAC Virtual Summit will focus on educating stakeholders on the key issues and trends facing cloud and cybersecurity today. The event will deliver the education, tools and knowledge you need to make this easier, faster pivot to the cloud.
This one day program organised by CSA APAC will provide insight and provide a global perspective on critical strategic cloud and cybersecurity concerns. Join leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit organized by CSA APAC on 20 April 2022.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csaapacvsummit2022.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
The COVID-19 pandemic created an instant demand for cloud-based solutions requiring the majority of organizations to accelerate their journey to the cloud. The CSA APAC Virtual Summit will focus on educating stakeholders on the key issues and trends facing cloud and cybersecurity today. The event will deliver the education, tools and knowledge you need to make this easier, faster pivot to the cloud.
This one day program organised by CSA APAC will provide insight and provide a global perspective on critical strategic cloud and cybersecurity concerns. Join leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit organized by CSA APAC on 20 April 2022.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csaapacvsummit2022.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
Organized by
Platinum Sponsors
Gold Sponsor
Supporting Organizations
Speakers & Panelists
Illena ARMSTRONG
President, CSA
|
Illena ARMSTRONG is a long-time international media and business development leader who, with the help of the talented teams she has managed over the years, successfully built and maintained a wide range of award-winning, digitally driven multimedia, intelligence/research and educational offerings serving targeted audiences. Along with her current role at CSA, she serves as a Fellow with the International Association of Certified ISAOs (IACI) and is Co-Chair of the IACI Global Security Resilience Alliance (GSRA), which serves as the IACI Advisory Board. Additionally, she currently sits on the Board of Advisors for Cybersecurity Ventures, a leading researcher and publisher covering the global cyber economy and a trusted source for cybersecurity facts, figures and statistics.
Prior to these positions, she was VP, Editorial, at SC Media, a business media brand for the information security industry. While there, she spearheaded and managed all content strategy and development, as well as played a key leadership role in driving the brand’s overall business and commercial growth with the support of team members scattered across the US and UK. Leveraging years in the cybersecurity industry and her brand-building, digital media, editorial, design, website, marketing/PR, social media, event, and overall business/commercial experience, she has established a multitude of award-winning digital content and editorial offerings, such as virtual events/webcasts, video/podcast programs, physical events, social media channels and traditional hardcopy/digital editions. Working closely with other brand and sales colleagues, she also has created and launched research-based products, single- and multi-tiered custom offerings, awards/recognition programs, and still other product lines. In addition to being named to Cyber Defense Magazine's "Top 25 Women in Cybersecurity" for 2019 (https://cyberdefenseawards.com/top-25-women-in-cybersecurity/), on her watch, SC won more than 40 awards from such industry groups as the American Society of Business Publication Editors, Trade Association Business Publications International, Folio and MIN Online. She has spoken/moderated at several domestic and international industry events, including RSA Conference, National Credit Union-ISAO Annual Conference, ACCOSCA/CU Difference Tour, Techno Security Conference, a plethora of virtual events/webcasts and others. Prior to these endeavors, she worked for various newspapers, consumer/business magazines and eldercare journals in New England and the southern United States at which she received still more honors. |
Dr. Kai CHEN
Chief Security Strategist, Strategy Department of Huawei Technologies Co Ltd & Co-chair, Cloud Security Services Management WG, CSA
|
Dr. Kai CHEN is responsible for Huawei cybersecurity strategy development and implementation focusing on cybersecurity governance, standardization, and ecosystem development. He has over 20 years work experience in applied cryptography, information and network security technical research, standard development, policy and regulation fields; published over 20 research papers and delivered speeches in security related conferences and seminars; developed or co-developed over 10 security standards in wireless communication, DRM and trusted computing; and led several information security policy and legislation research projects. He co-founded the Great China Regional Forum (GCRF) of Trusted Computing Group (TCG) and served as co-chair of GCRF from 2008 through 2015 driving the TPM2.0 standard development and industrialization; co-founded the China Information Security Law Conference; initiated the Cloud Security Service Management and Hybrid Cloud Security research groups at CSA and chairs the Cloud Security Service Management WG; serving as the governing board member of OpenSSF. Before joining Huawei, he worked at Microsoft, Intel China, Bell Labs Research China, and Lucent Technologies. He is the senior member of the China Computer Federation and Chinese Association for Cryptologic Research. Kai holds a Bachelor degree in Management Engineering, Masters degree in Computer Science, and Doctorate degree in Cryptography.
|
Subhajit DEB
Head- Information Security & Privacy, Dhani Services
|
Subhajit is a cyber security and data privacy leader with 2 decades of experience in leading and managing global information security, business continuity, risk management and data privacy programs. In his current role, Subhajit works as the Head of Information Security and Privacy for the Dhani group of companies. In his earlier roles, he has worked as the CISO of Dr Reddy’s Laboratories, Max Life Insurance and Sumitomo Mitsui Bank, India.
|
John DIMARIA
Assurance Investigatory Fellow & Research Fellow, CSA
|
John DIMARIA CSSBB, HISP, MHISP, AMBCI, CERP, is Assurance Investigatory Fellow and Research Fellow with CSA. He has 30 years of successful experience in standards and management system development, including information systems, business continuity, and quality. John was one of the innovators and co-founders of the CSA STAR Program for CSPs, a contributing author of the American Bar Association’s Cybersecurity Handbook, a working group member, and a key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.
|
Sanjeev GUPTA
Director, Certification Partners Global
|
Sanjeev is Director at Certification Partners Global. He has been an IS Auditor for a decade now, and a consultant for much longer before that. He leads CPG’s Multi-Tier Cloud Security (MTCS) program globally. He has led business alignment to ongoing operations, teams that delivered projects and applications to large enterprises.
|
William HO
Co-chair, ICS Security WG, CSA
|
William HO is a co-founder of Indonesia CIO network with over 33+ years of ICT & extensive business technology experience and exposure in IT infrastructure & architecture design, converged infrastructure solutions, cloud computing, information security, data protection & security, cloud Security, disaster recovery/business continuity management, risk management and business-IT compliance.
William is a professional committee member of China’s security standardization committee of China Society of Emergency Management, senior advisor to China Business Continuity Management, co-chair of CSA Industrial Control System Working Group and was the founder of storage networking user group for Singapore and China, deputy project manager for the Technical Committee setting the Singapore TR19-Business Continuity Management Standard and a resource member for Singapore first BC/DR Standards SS507. William was the first qualified CCSK trainer in Asia (for CCSK V2.1 and V3). He is also a cloud trainer for Arcitura’s Cloud School of Certified Cloud Professional, certified cloud technology professional and certified cloud architects and pioneer trainer for the Fintech Essential Programme-Cloud Computing & the API Economy module. William is Director Education at CSA Singapore Chapter. |
Bruno HUTTNER
Co-chair, Quantum-Safe Security WG, CSA
|
Bruno HUTTNER is an engineer (Ecole Centrale Paris) and a physicist (PhD from the Technion, Israel Institute of Technology). He is Director of Strategic Quantum Initiatives, and a Quantum Key Distribution Expert at ID Quantique. He is also Co-chair of the CSA Quantum-Safe Security Working Group.
|
Anthony LIM
Fellow, SUSS
|
Anthony is a pioneer in cyber-security and governance in Asia Pacific, with over 25 years’ professional experience, as a business leader, consultant, advocate, instructor and auditor. His current domains of interest include cloud security, smart cities/nation, application security, policy & audit, operational technology and risk management.
He is director for cyber managed services and project CISO at NCS, SingTel’s enterprise technology solutions provider, and has held inaugural senior regional business executive roles at CheckPoint, CA and IBM and a regional principal consultant at Fortinet. He was a member of the team which built the CCSP, ISC2’s internationally acclaimed cloud security professional certification, a joint production with CSA. He was also one of the first in APAC to take CSA’s CCAK (cloud auditor certification). Anthony is a university fellow and an adjunct instructor and module developer for several tertiary academic & professional institutions. He has presented and provided content at many government, business, industry and academic seminars, committees, executive roundtables, training and media (print, broadcast, internet) in APAC and the US. He is an ISO-27001 Lead Auditor, holds an MBA and is a life alumni member of the University of Illinois, Urbana-Champaign. |
Dr. Hing-Yan LEE
EVP APAC, CSA
|
Hing Yan LEE is Executive Vice President, APAC at the Cloud Security Alliance (CSA). He has over 30 years of ICT working experience in both the public and private sectors. He was global director of the CSA STAR program for 6 months in 2017. Prior to that, he was Director of National Cloud Computing Office at the Infocomm Development Authority (IDA) for 9+ years, where he was responsible for the national program for, inter alia, developing the cloud ecosystem, promoting cloud adoption by government agencies and private enterprises, and building a trusted environment (which included developing the Multi-Tier Cloud Security (MTCS) standards and Cloud Outage Incident Response guidelines).
He was previously Deputy Director of National Grid Office at the Agency for Science, Technology & Research (A*STAR), Principal Scientist at the Institute for Infocomm Research, Director of Knowledge Lab and Deputy Director of Japan-Singapore Artificial Intelligence Centre at the Kent Ridge Digital Labs as well as Deputy Director at Information Technology Institute (the applied R&D arm of the National Computer Board). He oversaw and managed industry collaborations and applied R&D in machine language translation, spoken language dialogue, expert systems, knowledge discovery, data mining, data visualization, and other knowledge-driven efforts. Hing Yan co-founded two high-tech companies in 2000 and is a technology advisor to a fintech start-up. He was an adjunct associate professor at the National University of Singapore, served on the School of Digital Media & Infocomm Technology Advisory Committee at the Singapore Polytechnic, Engineering Accreditation Board team member (2014), co-chair of the National Infocomm Competency Framework Technical Committee on Cloud Computing as well as a member of the Cloud Computing Standards Coordinating Task Force of the Singapore Infocomm Standards Committee (ITSC). He was also a member of the NatSteel Corporate R&D Advisory Panel, an advisor/member to the Singapore National Archives Board, and the Australia-Singapore Joint ICT Council. Hing Yan is a Fellow and former VP of the Cloud Chapter in Singapore Computer Society. He is active in the ITSC working group on MTCS revision, and SingAREN Lightwave Internet Exchange (SLIX 2.0) Steering Committee. He has also undertaken consultancy and research reviews for the governments of Finland, Israel, Malaysia and Singapore as well as cloud service providers. He graduated from the University of Illinois at Urbana-Champaign with PhD and MS degrees in Computer Science. He previously studied at Imperial College London in the UK where he obtained a BSc (Eng.) with 1st Class Honours in Computing and MSc in Management Science. |
Victor LO
Head, Cybersecurity, MDEC
|
Victor LO is an experienced professional with 20+ years of information security and risk consulting experience in both enterprise information security solutions and specializes in Cyber Threat Intelligence Framework.
Over the years, he has served businesses across the region of the Asia South countries such as India, Turkey, Thailand, Vietnam, Philippines, Indonesia, Malaysia, and Singapore. He has extensive experience dealing with vertical industries primarily in South East Asian market and Fortune 500 companies. Victor heads the Cyber Security industry development at MDEC. His key roles include driving cybersecurity as a catalyst for the digital economy and promoting collaboration among cybersecurity industry partners and innovation for the cybersecurity ecosystem. |
Mike MELLOR
VP, Security, Adobe
|
Mike MELLOR is a seasoned security executive with 17+ years of experience across multiple technology areas. Mike has designed and led security programs that have received numerous industry awards and recognitions including a SANS Cybersecurity Innovation award, CSO Magazine top 50 award, and an RSA Charge award. Mike is the VP of Cyber Operations on the corporate security team at Adobe. In his role Mike leads a global security team responsible for operational security across Adobe’s diverse set of SaaS applications across multiple cloud platforms.
|
Mike NICHOLS
Senior Director, Product Management, Security, Elastic
|
Mike NICHOLS is Senior Director and Product Lead for Elastic Security, the security focused division of Elastic. He is responsible for the roadmap and vision of the security product portfolio, including SIEM, endpoint security/XDR, and cloud security offerings. Prior to Elastic, Mike was Vice President of Product Management at Endgame, an Endpoint Protection Platform company, which was acquired by Elastic in 2019.
Mike has over 20 years of cybersecurity experience, starting his career in the U.S. Army as an intelligence analyst and officer, then transitioning into civilian life as a security analyst before moving into product development and product management. Besides his corporate role, he serves as an Adjunct Professor of Cybersecurity Strategy at Georgetown University in Washington, D.C. |
Alvin ONG
CIO, Nanyang Technological University
|
Alvin ONG is CIO of Nanyang Technological University (NTU) responsible for driving the IT agenda across the University. Working closely with the NTU senior management team, he leads his team to be a key partner in providing systems and technology solutions to drive and support University-wide initiatives across the academic, research and administrative domains. Currently, he is spearheading a multi-year IT strategic plan to modernize NTU’s IT portfolio and create a connected university based on cloud-first, mobile-enabled, data-driven and security-by-design digital platforms. For his work in the digital transformation of NTU and thriving through the COVID pandemic, he was named by IDG as the “CIO of the Year for Leadership” in the CIO50 ASEAN + HK 2020 award and is ranked among the top 10 CIOs in the CIO75 ASEAN + HK 2021 award.
Alvin is passionately active in professional associations and community service. He was a past President of IT Management Association Singapore, an association of CIOs and IT leaders. He serves as a board member and chairman of the Technology Committee of the National Kidney Foundation Singapore. He is also chairman of the Singapore Computer Society’s CITPM Board of Assessors, which is one of the world's first IT project management standards backed by government agencies and industry partners. |
Prakash PADARIYA
CISO, Oyo Rooms
|
Prakash is an executive who understands Bug-bounty exploits and explains to the Board of Directors. He has 19+ years of core Information/Cyber Security corporate experience with leading Fortune 100 multinational corporations like GE, Royal Bank of Scotland, IBM, Target Corporation and Accenture. His professional experience spans across Banking, Financial, Product, Telecommunications & IT service industries in India, USA, UK, Australia and EMEA countries. He has extensive exposure and "hands-on" expertise in CISO leadership at executive CxO boards, security consulting, Cyber Security, Cyber warfare, Vulnerability assessment, Ethical hacking, Strategy development, Surveillance audits, Legal Regulatory Compliance, Computer Forensics, Law Enforcement, Cyber crime prevention, Risk & Compliance based on standards & regulatory requirements of ISO27002, PCI DSS, HIPAA, GLBA, FISAP, FSA/FCA, FISMA, OCC, PIPEDA and BASEL.
|
Niel PANDYA
CTO & Business Development Lead, CyberRes APJ, Micro Focus
|
Niel is CTO and Business Development Lead for our CyberRes line of business under Micro Focus – covering APJ. Niel has over 25 years’ experience in technology and Security – ranging from Data Security to Security Operations, Application Security and Identity.
|
Ludovic PERRET
Co-chair, Quantum-Safe Security WG, CSA
|
Ludovic PERRET is co-founder and CPO of CryptoNext Security, a spin-off from INRIA Paris and Sorbonne University specialized in post-quantum cryptography. Before founding CryptoNext Security, Ludovic was an associate professor at Sorbonne University.
Ludovic has expertise in the design, analysis and deployment of post-quantum cryptography; publishing more than 60 scientific articles in these topics. In 2018, Ludovic was awarded the Atos-Joseph Fourier First Prize in the area of Quantum Technologies for his contributions to post-quantum cryptography. Ludovic is also deeply involved in the standardization of post-quantum cryptography : co-author of the GeMSS digital signature scheme selected to the on-going third round of the NIST post-quantum standardization process, Co-chair of the CSA Quantum-Safe Security working group and an active member of the ATARC Quantum working group, the quantum-safe cryptography specification group at ETSI (TC Cyber QSC) and the ASC X9 Quantum Computing Risk Study Group. |
Narudom ROONGSIRIWONG
SVP & Senior Cloud Architect, Digital Innovation & Data Group, Bank of Ayudhya & Co-chair, Hybrid Cloud Security WG, CSA
|
Narudom ROONGSIRIWONG is certified information security professional with more than 20 years experience. His primary areas of information security are in solution designing, data analytic and application security. Narudom is also proficient in enterprise architecture especially in application, security and technology architecture.
Narudom is a co-chair of Hybrid Cloud Security Working Group at CSA APAC Research Advisory Council Member at CSA Asia Pacific, and consultant to the Open Web Application Security Project (OWASP) Thailand Chapter. He is also a member of the Security and Risk Committee for Thailand’s National Digital ID. |
Jim REAVIS
Co-Founder & CEO, CSA
|
For many years, Jim REAVIS has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame. |
Onn Chee WONG
CTO, Resolvo Systems & Research Fellow, CSA
|
Onn Chee is currently working as the Managing Director in Infotect Security, the Chief Technology Officer of Resolvo Systems and Technical Director of Rajah & Tann Technologies. His areas of expertise include information leakage protection, web/cloud security and security strategy. Onn Chee is also one of the co-inventors for at least six international PCT patent rights (http://www.wipo.int), besides several US, EU and Singapore patents.
He had published his works in the area of information leakage protection and application of evidence laws when designing IT systems in the ISSA Journal (Information Systems Security Association). Similarly, he had been a contributor to the Center of Internet Security (CIS) security benchmarks. Onn Chee is the current Singapore chapter lead of Open Web Application Security Project (OWASP) (http://www.owasp.org/) and the main organiser of the Security Meetup Group in Singapore. In addition, he is the Cloud Security Working Group Chair of Security & Privacy Standards Technical Committee under IT Standards Committee in Singapore and had led the Singapore national delegation to ISO/IEC JTC 1/SC 27 meetings. He is one of the contributors to Singapore first Technical Reference on public computing services (TR 31:2012) and is a member of the working group which developed Singapore's first national cloud security standard (SS 584:2013). Onn Chee is also part of the national team that developed Singapore’s first Technical References on Internet-of-Things (IoT), such as Technical Reference for IoT security for smart nation (TR 64:2018), sensor network for smart nation (public areas) (TR 38:2014) and for sensor networks for Smart Nation (homes) (TR 40:2015). Onn Chee is also a member of the Singapore's Artificial Intelligence Technical Committee. |
ZOU Feng
Director, Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA
|
ZOU Feng (CISSP-ISSAP, CISA) has been working in IT for 20+ years with strong technical background and broad experience in heterogeneous system and multi-culture environment. Starting as Communication Engineer in ICBC, Feng had taken different roles including Support Supervisor, Regional Network Manager, Senior Security Manager in different industry.
His main responsibilities are including designing, engineering, and implementing security technologies, providing security strategic input, design and vision for board and so on. Since 2017, Feng has been working with Huawei Cloud to provide management oversight for the all the aspects of maintain cloud service security and continuously evaluate cloud security capability to cope with the new emerging threat. Feng’s specialty: Cloud Security Design, Operation and Troubleshooting; Develop Information Security Policy, Standard and Procedure; Information Security Audit; Network, Remote Access, Web and Email Security; Security incident Investigation and Forensics and Risk Management. |
Time |
Activity |
Session Link |
9:00 am |
Welcome Remarks Dr. Hing-Yan LEE (EVP APAC, CSA) Opening Address - 2021 The Cloudzilla Era of Cybersecurity Jim REAVIS (CEO & Co-Founder, CSA) |
|
9:30 am |
Keynote : Building a Better Playbook for Incident Response Mike MELLOR (VP, Security, Adobe) Recent industry-wide security issues, in open-source software in particular, have energized companies to revisit their playbooks and processes for handling these types of issues. This is especially true now that vulnerabilities are now affecting software libraries that are used broadly to perform very common, basic service functions. Compound this with the fact that the situations around these vulnerabilities can change by the day or even the hour – resulting in a unique level of both visibility and complexity for any in our industry affected. For the industry in general, such broadly applicable incidents are relatively new – and we are all adapting to how we deal with and help mitigate them moving forward. Standard security practices need to be revisited regularly to adapt to these broader potential issues. These types of vulnerabilities can impact many applications and services – and are also often too new to be flagged by widely used commercial scanning tools. You need to mobilize the entire company to effectively deal with these issues and properly manage customer expectations. Mike MELLOR will share best practices Adobe has learned to help enhance our own playbooks to better deal with the evolving complexity and scope of industry-wide vulnerabilities. He will provide guidance and best practices that can be valuable as we work together as an industry to get better at managing and mitigating similar incidents in the future. |
|
10:15 am |
Keynote : Assessing the Stakes at Play in our Cloud Journeys Illena ARMSTRONG (President, CSA) As we move through 2022, we’re understanding more of its challenges while also trying to ensure our cloud and cybersecurity strategies are in motion to hit the goals we set for the year. We see that fundamental to these is our respective organizations’ digital transformations and the various priorities associated with these. We also fully grasp the stakes at play and the security, privacy and business requirements that can’t be wagered. For instance, most organizations are embracing multi-cloud environments and see the various challenges that come with this choice. They’re also setting priorities around the implementation of zero-trust models, privacy-by-design, serverless architectures, AI and more. All the while, they’re still contending with myriad cybercriminals and other bad actors, both organized and wholly independent, who are aware of these evolving infrastructures on which we all rely, too, of course. Taking into account organizations’ evolving business needs, this presentation will review some of the CxO’s priorities for 2022 and beyond, review how still advancing digital transformation are continuing to evolve, examine some of the more pressing risks and threats these present, and show how CSA can support CxO’s aims to achieve and maintain successes along their continued cloud journeys. |
|
11:00 am |
Panel Discussion : Key Priorities & Challenges in a Digitally Transforming Business World Organizations that had not already moved to the cloud certainly were forced to make these decisions in some form or another during this last year. Now that most organizations have begun or are well along on their cloud journeys, what are some of the challenges they face and how should they prioritize their cybersecurity strategies to continue to tackle this next year? We assemble a panel of industry leaders to provide some practical insight. MODERATOR : Illena ARMSTRONG (President, CSA) PANELISTS :
|
|
12:00 pm |
Secure Connection Requirements for Hybrid Clouds Narudom ROONGSIRIWONG (SVP & Senior Cloud Architect, Digital Innovation & Data Group, Bank of Ayudhya & Co-chair, Hybrid Cloud Security WG, CSA) & Zou FENG (Director, Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA) Hybrid cloud is becoming an essential enterprise cloud model that allows the best of both worlds, providing customers with diverse resources to run different workloads depending on their needs. To successfully secure this complex landscape, enterprises should develop and employ perimeter, transmission, storage, and management cross-cloud security capabilities. This talk will cover best practices for these four areas of security, along with their applicability to the Cloud Controls Matrix. |
|
12:30 pm |
Break |
- |
1:00 pm |
Keynote : Data-Centric Acceleration to Cloud for Secure & Efficient Workload Management Niel PANDYA (CTO & Business Development Lead, CyberRes APJ, Micro Focus) In today’s cloud world, running workloads is not just only about performance, scalability and data security – but how portable your data is for hybrid and multi-cloud usage without compromise to security. A data-centric approach across hybrid IT will support organizations to reduce risks to sensitive data, accelerate safe migration to cloud environments (hybrid and multi-cloud) and allow cloud platforms to enable business for growth. Wherever you may be in your cloud journey, let us examine some practical areas to run your business with resiliency, including
|
|
1:45 pm |
Roles & Responsibilities of Third-Party Security Providers Dr. Kai CHEN (Chief Security Strategist, Strategy Department of Huawei Technologies Co Ltd & Co-chair, Cloud Security Services Management WG, CSA) As we witness the broader adoption of cloud services, it is no surprise that third-party outsourced services are also on the rise. The security responsibilities are typically split between the CSPs and CSCs. However, in reality, third-party security services providers increasingly play essential roles, such as providing consultancy or managing security services for CSCs. They have a part in securing the cloud platform as well. The roles of a Third-Party Security Service Provider (TPSSPs) can be pivotal in the security of these SMEs. The talk will highlight the guidelines that will help CSCs when signing Service Level Agreements with TPSSPs. |
|
2:30 pm |
State of ICS Security in the Age of Cloud William HO (Co-chair, ICS Security WG, CSA) Cloud computing has been gaining steady adoption due to its numerous benefits to handle dynamic business requirements. It has also become a technology that ICS industries can’t afford to ignore, especially the trends will inexorably increase to support the convergence of modern IT and OT. Are ICS in the Cloud still a myth? “The State of ICS Security in the Age of Cloud” attempts to share insights and security considerations for Cloud adoption in ICS. |
|
3:15 pm |
Cybersecurity in the Quantum Era Bruno HUTTNER & Ludovic PERRET (Co-chairs, Quantum-Safe Security WG, CSA) As emphasized by the recent announcements on the quantum advantage, quantum computers can already perform computations, deemed impossible or at least very lengthy with classical computers. Having access to improved computing power is great news in many areas. However, this also represents a threat for most of our communications. Indeed, cryptography, which is underpinning the security of our communication infrastructure, is based on some hard mathematical problems, which will become tractable with a quantum computer. Our complete cybersecurity infrastructure has to be revamped. In this talk, we start with a brief explanation of the quantum computer and explain the quantum threat. We then present possible solutions. Some solutions are based on new algorithms. They are known as quantum-resistant algorithms. These can be complemented with quantum solutions, which utilize the same peculiar properties of the quantum world to thwart the quantum computer threat. Together, they will be part of a new quantum-safe infrastructure. Any organisation or person relying on secure communication for his business or personal life has to start taking this new threat into account. |
|
4:00 pm |
Multi-party Recognition - Reduces Cost & Facilitates Lower Risk all the while Building a Culture of Resiliency John DIMARIA (Assurance Investigatory Fellow & Research Fellow, CSA) Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes and has observed that many security requirements and control objectives in different standards are largely overlapping. As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity. The idea behind the MPR is not to create yet another cloud certification or auditing architecture. Instead, it aims to provide a unified method of systematic and consistent activities with the goal of minimizing the burden and complexity of compliance and obtaining certification. Join us as we discuss this State of the art in cloud service monitoring and certification. Learning objectives : Discuss the MPR model and architecture, MPR lifecycle process & use case stories on How multiparty recognition helps |
|
4: 45pm |
Panel Discussion : Clearing the Confusion Pertaining to Third Party Certification Given the pandemic and tremendous growth of cloud adoption over the past few years, cloud providers have seen more mandates for standards and certifications, as well as struggling to maintain their business and declining consumer confidence. Therefore, market competition is also contributing to the rise of third-party certification bodies. With the constant emergence of new innovations, companies need to take control to prevent breaches & poor maturity. As these concerns as well as breaches increase, cloud users as well as government agencies need to be able to validate as well as monitor compliance. Enter accredited certifying bodies. To ensure consumer trust in the certification agencies themselves, there is a series of checks and audits in place. Third-party certifiers have overarching organizations monitoring the enforcement of proper standards. CSA ensures that the STAR assessments are carried out by only the most highly qualified certifying bodies. Join us as our panel of experts and certifying bodies get together to discuss clear prevailing views of the confusion pertaining to mainstream certifications and sector specific programs like CSA STAR. MODERATOR : John DIMARIA (Assurance Investigatory Fellow & Research Fellow, CSA) PANELISTS :
|
Disclaimer : The ordering & timing is subject to change