-
Summary
-
Speakers
-
Schedule
-
Contact Us
<
>
Post COVID-19 Recovery: Importance of Cloud Security
COVID-19 has accelerated customer demand for cloud-based offerings. Digital transformation and cloud security are the chart-topping topics enterprises want to know more about. The results are unsurprising to an extent, given how many companies have accelerated their digital transformation projects and migration to the cloud, while the pandemic continues to wield debilitating influence over workplace collaboration, productivity, and the bottom line across many industries.
This one-day program organised by CSA APAC & CSA Singapore Chapter will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit on 18 August 2021.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csasingaporesummit2021.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
COVID-19 has accelerated customer demand for cloud-based offerings. Digital transformation and cloud security are the chart-topping topics enterprises want to know more about. The results are unsurprising to an extent, given how many companies have accelerated their digital transformation projects and migration to the cloud, while the pandemic continues to wield debilitating influence over workplace collaboration, productivity, and the bottom line across many industries.
This one-day program organised by CSA APAC & CSA Singapore Chapter will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit on 18 August 2021.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csasingaporesummit2021.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
Co - Organized by
Platinum Partner
Gold Partners
Supporting Organizations
Speakers & Panelists
Ferdinand FONG
Chair, Protem Committee, CSA Sarawak Chapter
|
Ferdinand is a certified instructor for Certificate of Cloud Security Knowledge (CCSK) and holds a Bachelor of Science degree (Physics) from the University of Auckland.
He started his career in the Flexible Printed Circuit industry in California. Later he moved back to South East Asia and headed the Business Development for a Flexible Printed Circuit and Assembly company based in Shanghai, Suzhou and later in Singapore. He brings with him 20 years of global experience in engineering, manufacturing, project management and global business development. Leveraging on his experience, he made a move to the Fintech industry in 2019, managing the migration of payment platform for a client in Hong Kong. |
Sanjeev GUPTA
Director, Certification Partners Global
|
Sanjeev has been an IS Auditor for a decade now, and a consultant for much longer before that. He leads CPG’s MTCS program globally. He has led business alignment to ongoing operations, teams that delivered projects and applications to large enterprises.
|
William HO
Co-chair, Industrial Control System Security WG, CSA
|
William is co-founder of Indonesia CIO network with over 33+ years of ICT background and extensive Business-Technology experience and exposure in IT infrastructure & architecture design, converged infrastructure solutions, cloud computing, information security, data protection & security, cloud Security, disaster recovery/business continuity management, risk management and business-IT compliance.
William is a professional committee member of China’s security standardization committee of China Society of Emergency Management, senior advisor to China Business Continuity Management, Co-chair of CSA Industrial Control System Working Group and was the founder of storage networking user group for Singapore and China, deputy project manager for the Technical Committee setting the Singapore TR19-Business Continuity Management Standard and a resource member for Singapore first BC/DR Standards SS507. William was the first Certified trainer in Asia (for CCSK V2.1 and V3), he is also the cloud trainer for Arcitura’s Cloud school on Certified Cloud Professional, certified cloud technology professional and certified cloud architects and pioneer trainer for the Fintech Essential Programme-Cloud Computing & the API Economy module. William holds the appointment of Director Education at CSA Singapore Chapter. |
Stephanie King-Chung HUNG
SVP Cloud Business, Mission Software and Services, Digital Systems, ST Engineering
|
Stephanie is an innovative and dynamic leader. She has over 30 years of working experience in technology sector at IBM, HP, Microsoft, start-ups and ST Engineering servicing clients from airlines and airports, banking and financial services institutions, to manufacturing and consumer packaged goods industry, defence, education, healthcare, government and critical infrastructure sectors accumulated many years industry knowledge in the business and IT transformation journey. She has been business advisor in providing business and technology consultancy to companies and start-ups in striving for the digital transformation, innovation, industrial internet, connectivity, and sustainability.
Stephanie leads the cloud business at ST Engineering, responsible to build the organization capabilities and provide cloud adoption and transformation services to our customers in the new digital 5.0 with the use of cloud & edge computing, analytics & A.I. and lean & agile approach. She joined ST Engineering (Electronics) in early 2018 to lead the Singapore Business driving strategic customers engagement and experience, develop organizational capabilities in design thinking, lean and agile methods to envisioning the future use of technology and co-create innovative ideas, and strengthen strategic alliances in the digitalization and business transformation. She is also the Chairperson for Women@STEngineering council committee. She was selected as SG 100 IT Women in 2020. She also championed cross companies MentorConnect Program in 2019-2021. She is a member of the CSA APAC Research Advisory Council. She is also council member of the Chinese University of Hong Kong Vice-Chancellor’s Global Alumni Advisory Board (2021-2022). She served as a member of the Media Literacy Council (2016-2018) under the Ministry of Communications and Information, Singapore to develop public awareness and education on cyber wellness, and advise trends and development pertaining to the internet and media. She was among the early batch of certified client executives that completed IBM Cohort Client Executive Certification program at Harvard Business School, Boston USA. She led the Global Client Management Practice development in HP. She designed and conducts Insight Selling and Envisioning & Co-creation workshops at ST Engineering. She developed her passion for coaching and advocates as a coach for others in excelling in client relationship and business management. She holds a Master Degree in Business Administration with high honors from the University of Chicago Booth School of Business. She was with the Amy and Richard Wallman Scholar at the Chicago Booth School of Business. She holds a Bachelor Degree in Business Administration from the Chinese University of Hong Kong. She is fluent in both English and Chinese (Mandarin and Cantonese). |
Debashish JYOTIPRAKASH
CTSO - APAC Managing Director – India & SAARC, Qualys, Inc.
|
With over 17 years of multi-industry experience, Deb is a cybersecurity evangelist. In his current role as a CTSO at Qualys Inc, he is an avid customer advocate, SME and Security Solution Architect of the Qualys Cloud based security platform and enables Qualys customers globally to make the best out of their CyberSecurity investments and prepare them to combat the next level of Cyber threats that emerge. |
Brendan LAWS
Director, Solutions Architecture, Rapid7
|
Brendan leads the Solution Architecture team within Rapid7 Asia Pacific. I help people understand challenges, define goals and mature cyber capabilities; whilst accommodating their teams’ abilities and leveraging the diverse array of technologies and your business strategy. This journey has already consumed two decades and has provided me with vantage points that span industry sectors, and importantly, people and cultures. Above all, I aim to reduce the noise of a remarkably diverse, complex series of domains.
|
Dr. Hing-Yan LEE
EVP APAC, CSA
|
Hing Yan LEE is Executive Vice President, APAC at the Cloud Security Alliance (CSA). He has over 30 years of ICT working experience in both the public and private sectors. He was global director of the CSA STAR program for 6 months in 2017. Prior to that, he was Director of National Cloud Computing Office at the Infocomm Development Authority (IDA) for 9+ years, where he was responsible for the national program for, inter alia, developing the cloud ecosystem, promoting cloud adoption by government agencies and private enterprises, and building a trusted environment (which included developing the Multi-Tier Cloud Security (MTCS) standards and Cloud Outage Incident Response guidelines).
He was previously Deputy Director of National Grid Office at the Agency for Science, Technology & Research (A*STAR), Principal Scientist at the Institute for Infocomm Research, Director of Knowledge Lab and Deputy Director of Japan-Singapore Artificial Intelligence Centre at the Kent Ridge Digital Labs as well as Deputy Director at Information Technology Institute (the applied R&D arm of the National Computer Board). He oversaw and managed industry collaborations and applied R&D in machine language translation, spoken language dialogue, expert systems, knowledge discovery, data mining, data visualization, and other knowledge-driven efforts. Hing Yan is a Fellow and former VP of the Cloud Chapter in Singapore Computer Society. He is active in the ITSC working group on MTCS revision, and SingAREN Lightwave Internet Exchange (SLIX 2.0) Steering Committee. He has also undertaken consultancy and research reviews for the governments of Finland, Israel, Malaysia and Singapore as well as cloud service providers. He graduated from the University of Illinois at Urbana-Champaign with PhD and MS degrees in Computer Science. He previously studied at Imperial College London in the UK where he obtained a BSc (Eng.) with 1st Class Honours in Computing and MSc in Management Science. |
Ian LIM
Field Chief Security Officer, Palo Alto Networks
|
Ian Lim is field chief security officer for Asia Pacific at Palo Alto Networks. In his role, Ian helps to develop innovative solutions, threat prevention strategies, and risk management frameworks for business executives as well as the wider cybersecurity community.
With over 20 years of dedicated cybersecurity experience, Ian has led global security departments for Fortune 100 companies, deploying defense-in-depth capabilities to thwart advanced attacks. He has cross-industry cybersecurity expertise in the financial, real estate, and healthcare verticals, and has done on-the-ground work in the US, EMEA and APAC. He is also instrumental in developing governance policies and risk frameworks to meet regulatory compliance requirements. Ian graduated from University of California Irvine (UCI) with a Computer Science and English degree, and is currently an Executive Committee member at his alma mater’s Cyber Research Policy Institute. On the publishing front, Ian is the principal author of "Information Security Cost Management" and "Securing Cloud and Mobility", and a guest author in Auerbach's Information Security Management Handbook (required reading for CISSP). In his free-time, Ian enjoys filmmaking and has participated in short film competitions. |
May-Ann LIM
ED, Asia Cloud Computing Association
|
May-Ann is the Managing Director of research consultancy TRPC Pte Ltd, and is concurrently the Executive Director of the Asia Cloud Computing Association (ACCA). She has extensive experience in public policy, technology policy development, and government relations communications across the Asia Pacific, and has worked with many global, regional, and local organisations such as APEC, ASEAN, PECC, the ACCA, and the Asia Internet Coalition (AIC), on thought leadership development, government outreach and stakeholder engagement efforts, such as the development of the ASEAN ICT Masterplan 2020.
She was appointed to the Singapore Data Protection Appeal Panel 2019-2021, and also sits on various task forces, such as the World Economic Forum (WEF)’s Digital ASEAN Taskforce, the Data & Jurisdiction Team for the Internet & Jurisdiction Policy Network, and has served as Exco member for the Internet Society (ISOC) Singapore Chapter. Her career has spanned global, regional and local institutions, including the World Bank, World Vision, the Singapore Institute of International Affairs (SIIA), and the Singapore Internet Project. Based in Singapore, May-Ann also volunteers as the Head of Digital Literacy Programmes with Engineering Good, an NGO focusing on digital inclusion and assistive technology, and lectures on InfoComm Policy in the Department of Communications and New Media at her alma mater, the National University of Singapore (NUS). |
Soon Tein LIM
Co-chair, Cloud Incident Response WG, CSA
|
Lim Soon Tein started his career with Republic of Singapore Navy (RSN) and was awarded the Public Administration Medal (Military) in 2003. He left RSN in 2005 after his last appointment in Navy as Dy Commander, Naval Logistics Command.
Currently, he is head cybersecurity at ST Engineering – DPS (Defence & Public Security). Prior to this appointment, he was Vice President, Corporate Development in ST Engineering Electronics, involving in ST Engineering’s digital transformation programme after he led the implementation of private cloud for a major client as a programme director. From 2015 to 2018, he was head of IT for ST Electronics and concurrently in 2017 as head of IT service delivery for ST Engineering Group where he implemented a standardised “IT fault reporting and service requests” cloud platform. Before he moved into his IT role, he was a business unit head in ST Electronics (InfoSoftware System) for maritime & enterprise sectors for about 7 years. During his tenure as BU Head, he grew the BU workforce from about 200 staff to 300+ staff to deliver projects and service supports to local and international customers. Soon Tein is the advisor of SGTech’s Cloud & Data Chapter (CDC). He was the Chapter’s chairman from 2018 to 2020. During his tenure as chairman, he had organised many cloud activities, including the 1st two CloudAsia conferences events in partnership with Cloud Expo Asia 2018 & 2019. He is active in supporting IMDA GoCloud programme with his CDC’s cloud appreciation series. Under his chairmanship, the “Singapore Cloud & Data Driving Smart Nation” publication of Cloud & Data Canters Companies in Singapore was printed and distributed. He also contributed as member of COIR (Cloud Outage Incident Response), IMDA-ITSC and as co-chaired CIR working group at CSA. |
Jim REAVIS
Co-Founder & CEO, CSA
|
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame. |
Narudom ROONGSIRIWONG
Co-chair, Hybrid Cloud Security WG, CSA
|
Narudom Roongsiriwong is a certified information systems security professional with more than 20 years of experience. His primary areas of information security are in solution designing, data analytics and application security.
Narudom works for Thai Union Group PCL. His role is to to support the strategic decision-making, system implementations, and the adoption of new processes and procedures improving the security and robustness of Thai Union Group’s infrastructure, IT projects and associated systems. Narudom is a co-chair of CSA Hybrid Cloud Security Working Group, CSA APAC Research Advisory Council Member & consultant to the Open Web Application Security Project (OWASP) Thailand Chapter. He is also on the Security and Risk Committee at Thailand’s National Digital ID. |
Prof Alex SIOW
Chair, CSA Singapore Chapter & Co-chair, Cloud Incident Response WG, CSA
|
Prof Alex SIOW is currently Professor (Practice) in the School of Computing, NUS and concurrently Director of the Advanced Computing for Executives Centre, the Strategic Technology Management Institute (STMI) and the Centre for Health Informatics.
Prior to the current appointment, Prof Alex was the Managing Director, Health & Public Service at Accenture. Alex started his career as a Structural Engineer in the HDB in 1981 and appointed the Chief Information Officer in 1989. In 2003, Alex joined the private sector and became the Senior Vice-President in StarHub Ltd. He held various portfolios including Head, Business Market, CIO and Head, Enterprise Risk Management. Prof Alex was very active in the IT Community. He was the President of the Singapore Computer Society from 1997 to 2001. He was the President of ITMA from 1995 to 1999. He was the first President of the Singapore Chapter of the Project Management Institute and served from 2001 to 2012. From 2001 to 2005, Alex was the Chairman of the e-Learning Chapter of SiTF. Alex is currently Chairman of Toffs Technologies Pte Ltd, a member of Temasek Polytechnic Board of Governors, a member of the Board of Trustees of Singapore University of Social Sciences and a member of Board of Directors of the Ang Mo Kio Thye Hua Kwan Hospital. Previously, he was a director in several boards including National Computer Board, Cleantech Pte Ltd, Certis Cisco Pte Ltd, Singapore Science Centre, e-Cop Pte Ltd, CMC Infocomm Ltd. Prof Alex’s expertise is in IT Governance, Enterprise Risk Management, Management of Emerging Technology and Technology Roadmap Planning. He is also active in the Fintech and blockchain community. He is currently the ICO and Strategic Advisor to Nexty.io, Azbit.com, Aora.com, Gosama.io, EwaTech.io, Ekkbaz.com and Blackbox.ai. |
Arun VIVEK
Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank & Co-chair, CCM ABS Mapping WG, CSA
|
Arun is an evangelist for a security product and security lines of services in a services company in the areas of application security testing, OWASP Vulnerabilities, App security assessment. Expertise in IT Penetration Security/ISO Compliance Audit, BCP/DR Audit, Computer Forensics, App Security Assessment, Internal Audit, Vulnerability, Security Operations Management, Enterprise Security Review Continuity, 3rd Party Audit.
He has been leading the cyber security and risk/compliance conversations with financial institution customers operating in highly regulated environments across APAC. Working with CISOs to define and execute a cloud security strategy to migrate sensitive and critical workloads to AWS/Azure/EKS/AKS. Evangelist for cloud security across the APAC region, performing public speaking at industry events, forums and round tables. Topics include data protection, incident response, identity, logging & monitoring, infrastructure & application security, automating compliance. In 2018 I was a speaker at AWS -RE-Invent Singapore, ISACA and other industry conferences. Proponent of automated compliance & security by design. Former red-teamer, penetration tester, UK Defence CREST/CHECK team leader and exploit developer. Regulations: MAS Outsourcing, MAS TRM, HKMA, RBI Cyber Security, BSP808, APRA, BoT, BNM, etc. ISO27001, ISO27017, ISO27018, NIST Cyber Security Framework, PCI-DSS, CIS Top 20 and CSA CCM. |
WONG Onn Chee
Co-chair, CSA APAC Research Advisory Council & CTO, Resolvo
|
Onn Chee is currently working as the CEO of Rajah & Tann CyberSecurity, Technical Director of Rajah & Tann Technologies, Managing Director in Infotect Security and the Chief Technology Officer of Resolvo Systems. His areas of expertise include information leakage protection, web/cloud security and security strategy. Onn Chee is also one of the co-inventors for at least six international PCT patent rights (http://www.wipo.int), besides several US, EU and Singapore patents.
He had published his works in the area of information leakage protection and application of evidence laws when designing IT systems in the ISSA Journal. In addition, he had been a former contributor to the CIS security benchmarks. Onn Chee is the current Singapore chapter lead of OWASP and the main organiser of the one of the largest Security Meetup Groups in Singapore. In addition, he is the Cloud Security Working Group Chair of Security & Privacy Standards Technical Committee under IT Standards Committee in Singapore and had led the Singapore national delegation to ISO/IEC JTC 1/SC 27 meetings. He is one of the contributors to Singapore first Technical Reference on public computing services (TR 31:2012) and is a member of the working group which developed Singapore's first national cloud security standard (SS 584:2013). Onn Chee was also a former member of the International Standardization Council of Cloud Security Alliance, a leading global cloud security association. Onn Chee is also part of the national team that developed Singapore’s first Technical References on Internet-of-Things (IoT), such as Technical Reference for Sensor Network for Smart Nation (Public Areas) (TR 38:2014) and Technical Reference for Sensor Networks for Smart Nation (Homes) (TR 40:2015). |
Faisal YAHYA
Chair, CSA Indonesia Chapter
|
Faisal has two decades of progressive leadership experience in cyber security and enterprise architecture. Selected as Top 50 CIO in Southeast Asia, according to CIO[dot]com and IBM in 2019. He plays an integral role in spearheading all integration of IS/IT, cloud security, IT infosec strategy, security technology roadmaps, cyber security architecture, incident response team, and Red/Blue teaming (cross functional team leadership). Proven role model, Virtual CISO, and an engineering mentor, including university postgraduate lecturer. Faisal is an official Certified EC-Council and Cloud Security Alliance instructor.
Apart of his role as CSA Indonesia Chapter chair, Faisal is engaged with the Asian IT communities by actively researching, speaking as keynote at public conferences, and advocating for better Cybersecurity. Experience in white paper development, capability briefings, technical presentations to clients and technical writing. He also a contributor for InfoKomputer magazine, APACCIO Outlook, and Peerlyst - an online cybersecurity wiki. He is passionate about applying the latest technology securely and efficiently. |
Shoen Yih YUM
Director, Cyber Security Programme Centre, Cybersecurity Agency
|
Yum Shoen Yih is a Director at the Cyber Security Agency (CSA) of Singapore, leading the Cyber Security Programme Centre (CSPC), which is responsible for securing government networks and systems and implement programmes to enable a resilient nation and safer cyberspace. He served in the Republic of Singapore Navy and other units in Ministry of Defence (MINDEF) defending the country for over 30 years and is now securing its cyberspace. He is working with local security industry to implement the concepts in his CSA publications on securing businesses that use the Internet in the face of cyberattacks. In his cybersecurity appointments, he has presented in international and local conferences in Singapore as well as overseas.
|
Time |
Activity |
Session Link |
9:00 am |
Introduction & Welcome Remarks Dr. Hing-Yan LEE (EVP APAC, CSA) Opening Remarks Prof Alex SIOW (Chair, CSA Singapore Chapter) Opening Address Jim REAVIS (Co-Founder & CEO, CSA) |
|
9:45 am |
Keynote Address : Zero Trust – Your Way to the Cloud for post-COVID Recovery YUM Shoen Yih (Director, Cyber Security Programme Centre, Cybersecurity Agency, Singapore) The recent economic situation showed that companies that used cloud technologies to serve the customers anywhere anytime thrived better than companies whose businesses rely on customers visiting their shops physically. Companies that used cloud technologies also allowed their staff to work from home effectively and safely. Thus, the Cloud will definitely be a factor in your post-Covid recovery plan since the Covid virus will not be disappearing anytime soon. How can you fulfil your side of the ‘shared responsibility’ of using Cloud platforms and services when attackers have made Cloud one of their favourite hunting-grounds? Cyber Security Agency of Singapore is implementing a “Zero Trust” solution to help you especially the small and medium enterprises which have many constrains due to the Covid pandemic. |
|
10:30 am |
Keynote Address : The Remote Workforce Cyber Problem – Resistance to Adoption Debashish JYOTIPRAKASH (CTSO - APAC Managing Director – India & SAARC, Qualys, Inc.) As we celebrate the Workers aren’t going to be returning to the office in 2021. Work from home is going to be in place until there is a full vaccine rollout, and maybe even longer. That means whatever cybersecurity systems that are incorporated now are going to have to stay in effect or be modified for workers who are in a hybrid model of home/office work weeks. Cybercriminals know this, so they will target remote workers with phishing and other targeted attacks. This topic will also cover devices that went home permanently and challenges now and when they begin to come back to office again. |
|
11:15 am |
Cloud Incident Response Framework Prof Alex SIOW (Co-chair, Cloud Incident Response WG, CSA) LIM Soon Tein (Co-chair, Cloud Incident Response WG, CSA) In cloud incidents, it is necessary to coordinate and share information with stakeholders and other organizations which will be discussed. This presentation is for all cloud customers as well as cloud service providers who need a clear framework for sharing incident response practices with customers. |
|
12:00 pm |
COVID 19 : Challenging the OT-IT Convergent William HO (Co-chair, Industrial Control System Security WG, CSA) Operational Technology (OT) systems, especially Industrial Control Systems (ICS), are an increasingly attractive target for highly-sophisticate cyber actors around the world. A more worrying trend has developed with the increased connectivity between IT and ICS (IT-OT convergent). This creates a potential opportunity for adversaries who are now able to compromise IT systems connected to the Internet, secure their footholds, and move to the ICS to disrupt industrial processes if not enough attention directed to secure the IT-OT convergent endeavor. The COVID-19 situation further challenged the convergent journey, just to name a few emerging challenges such as resources contention, supply chain cyber breaches, prevalent remote connections, etc are things seems to become the new normal. Leveraging Cloud Computing may be one of the strategies to help alleviate the challenges ahead. |
|
12:45 pm |
Panel discussion: Hybrid Cloud Security: Risks & Mitigation Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? What are the risks in a hybrid cloud environment compared to on-prem and how does one go about mitigating each of these risks. How does one assess the effectiveness of these mitigation measures? And finally how would these mitigation measures benefit organizations/businesses? Moderator: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter) Panelists:
|
|
1:30 pm |
Break |
- |
2:00 pm |
CCM Addendum - Mapping of ABS Cloud Computing Implementation Guide 2.0 to CCM Arun Vivek IYER (Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank & Co-chair, CCM ABS Mapping WG, CSA) In the technology space, there are also multiple frameworks and guidelines available, such as the above-mentioned TRM, ISO/IEC 27001 & 27002 and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP and the Cloud Computing Implementation Guide (CCIG) v2.0 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies. Because of this complex landscape, cross-mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. This presentation will cover the mapping exercise the CSA WG did to evaluate the similarities and gaps between CCIG and the numerous frameworks mapped in the Cloud Controls Matrix (CCM). Singapore FIs who are already in line with CCIG will benefit through being able to easily identify and fulfill additional controls (gaps) on top of the CCIG to achieve adherence to another targeted framework within CCM, which is useful when expanding to other markets. |
|
2:45 pm |
MTCS: The New Edition (SS584:2020): What's New Sanjeev GUPTA (Director, Certification Partners Global) The Multi-Tier Cloud Security (MTCS) Singapore Standard was revised in 2020, and some changes have been made to reflect user concerns and changing technology. We look at what is new, and what is unchanged, and what (in the speaker's biased view) remains undone. |
|
3:30 pm |
Cloud Native Security Guidelines from Singapore TR 82:2020, NIST and CSA WONG Onn Chee (Co-chair, CSA APAC Research Advisory Council & CTO, Resolvo) Cloud native computing is a new software development approach, not an infrastructure approach as commonly miscontrued. Come and hear what constitutes cloud native and learn more about the various security guidelines from Singapore, NIST and CSA, which can guide you to adopt cloud native computing in a secure manner. |
|
4:15 pm |
Panel discussion: Data Sovereignty - What’s the Big Fuss About? The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty. Moderator: Dr. LEE Hing-Yan (EVP APAC, CSA) Panelists:
|
Disclaimer : The ordering & timing is subject to change