Unsubscribe from this newsletter by sending us an email.
    7.30.2015
CSA APAC Monthly Codebook
 
 
 
 
Welcome to the CSA APAC Cloud Codebook!
A monthly newsletter, and your source for the most up-to-date news on CSA APAC Region.
 
 
 
 
 
 

Corporate Members Spotlight

Check out what our corporate members are doing!

 
 

DBAPPSecurity (China)


 
 

CSA APAC visited DBAPPSecurity’s headquarter in Hangzhou, China in July. The CSA Managing Director, Aloysius Cheang, presented the CSA Corporate Membership Certificate to DBAPPSecurity’s CEO, Frank Fan. Aloysius presented DBAPPSecurity with the CSA quarterly research and activities update. Frank mentioned that DBAPPSecurity hoped to work together with the CSA in areas such as cloud computing and IoT, to educate and promote cloud security.

 
 

Alibaba (China)


 
 

After visiting DBAPPSecurity, the team met up with Alibaba’s Vice President of Technology, Dr. Yuejin Du, over dinner. The group talked about CSA APAC Congress partnership, Hangzhou Chapter development as well as the newly launched C-STAR Assessment.

 
 

Memoir of An Analyst

Our thoughts on cloud security

 
 

What must be done in order to achieve absolute data security and privacy?


From this month on, CSA APAC team will bring you this new initiative from an analyst’s perspective.

Data in the cloud is not as secure and private as it should be. With current technology, we have the ability to make secure and private cloud data storage a reality, but only on a small scale. Such a scenario would mean that no one, including cloud service providers or governments, should be able to read user data without their authorization as only they hold the encryption key.

A situation like that would be ideal for a thriving cloud eco-system, providing a win-win situation for the customers and the Cloud Service Provider (CSP). Customers can be assured that only they have access to their data. On the other hand, the CSPs do not have to worry about compromising the privacy of their clients when governments requests for them. They simply hand over the encrypted data. Similarly, if the CSP experiences a data breach, only encrypted data is leaked.

Traditionally, we assume that with a strong password, data at rest, in the cloud, is encrypted. In fact, that is usually not the case as it is only standard practice to encrypt data in motion, not data at rest. Even if data at rest is encrypted, it is usually done by the CSPs themselves. That presents its own set of security problems. Most CSPs provide the “Forgot my password” function which allows users to retrieve or change their passwords. The CSPs do not know the plaintext of the password; instead a cryptographic hash of the plaintext password is generated and used to encrypt the data. The cryptographic hashes are managed by the CSPs and can be used to decrypt user data. Additionally, most of the clouds are vendor-centric, and users are unable to track their data once it is uploaded to the cloud and consequently control over the data is lost. Dr Ryan Ko, CSA APAC Research Advisor, pointed out that, the uptake of cloud technology is affected by the “Trust” between cloud services providers (CSPs) and customers. In this case, trust refers to the level of confidence that users have in the cloud. Trust can be increased by mitigating technical and psychological barriers to using cloud services. If we want customers to trust cloud technology, we should improve the security, privacy, accountability and auditability in cloud. This enables customers to know what has happened to their data, thus giving them a sense of security with regards to their data in the cloud.

Thankfully, with current technology there exists a system whereby data security and privacy is ensured to a high degree, barring any compromise of password. In the ideal system, user data would be encrypted with the password, on the client side. A cryptographic hash is generated with the sole purpose of authenticating the user. The encrypted data is sent to the cloud and remains encrypted at rest. In such a scenario, the CSP does not have the encryption keys and the data at rest is encrypted. The downside is that if the user forgets his password, the data is lost as only the user knows the encryption key. The system is unable to decrypt the data without knowing what the previous key was.

 
 

Event Updates

The latest updates about CSA APAC events and activities.

 
 

CSA APAC Chapter Leadership Workshop 2015, 10 June, Bangkok, Thailand

 
 

The CSA APAC had its annual leadership workshop in June in Bangkok, Thailand. Chapter leaders from India, Japan, South Korea, Taiwan, Hong Kong, Australia, New Zealand, Thailand, Malaysia and Singapore attended the workshop. The workshop’s main objective was for every chapter to share the activities they had done for the past one year and the roadmap they have for the next year. There were 23 CSA APAC chapter leaders who attended the workshop.

 
 

CSA ASEAN SUMMIT 2015, 11-12 June, Bangkok, Thailand

The CSA ASEAN Summit 2015 the 11th of June to the 12th of June at Centara Grand Hotel in Bangkok, Thailand. This was the 3rd year the CSA Thailand Chapter was organising the event.

 

There were more than 500 attendees at the event, with more than 30 experts from 12 countries and regions sharing and presenting their views and opinions. The ASEAN Summit was sponsored by CAT Telecom Public Company Limited, Huawei, CISCO, Dimension Data, Trend Micro, True Internet Data Center, INET, VMware and Lastline Inc. It was also supported by Mahidol University, CIOIG, Connect2sea, ISACA, (ISC)2, JMU and TITAA. Topics of interest at the Summit included digital innovation, smart government, smart city, cloud security research, HPC on Cloud, big data and many more.

 
 

STRATUS 3rd Quarter Meeting and Demo Session, 19 June, University of Waikato, New Zealand

 
 

The STRATUS 3rd Quarter Meeting and Demo Session was successfully held at the University of Waikato on the 19th of June. CSA, University of Waikato, University of Auckland and Unitec Institute of Technology participated in this meeting and they demonstrated their latest works with the STRATUS project to the attendees. Mickey Law, Assistant Research Analyst, demonstrated how cloud data governance can be audited with auditing guidelines and compliance regulations. During the STRATUS quarter meeting, Aloysius Cheang, CSA APAC Managing Director, presented the latest updates of CSA APAC to the STRATUS group.

 
 

New Zealand Chapter Meeting, 26 June, Auckland, New Zealand

 
 

The June New Zealand Chapter Meeting was held at the Beca building in Auckland on the 26th of June. Aloysius Cheang, CSA APAC Managing Director, attended the meeting to share the latest innovation initiatives of CSA APAC. Key initiatives such as CSA New Zealand Summit and the CSA's attempt to host the next ISO SC 27 International Meetings in New Zealand were also discussed and deliberated.

 
 

CSA Hangzhou Chapter Meeting, 13 July, Hangzhou, China

Congjun Xia, Chairman of Hangzhou Chapter (second left), Aloysius Cheang, Managing Director APAC (center), Tony Liu, Vice Chairman of Hangzhou Chapter (second right), Leo Gu, Vice Chairman of Hangzhou Chapter (first right).

 
 

The CSA Hangzhou Chapter was officially launched in July. The APAC team had the first in-person meeting with the Hangzhou Chapter at Zhejiang Senjoy Quantum Network Technology Co., Ltd (Qusenjoy). The Chairman of the Hangzhou Chapter is Mr. Congjun Xia from Qusenjoy. The Vice-chairmen are Mr. Tony Liu from DBAPPSecurity and Mr. Leo Gu from Qusenjoy.

Hangzhou Chapter’s area of interest is in the application of quantum network in cloud security. The new chapter also plan to organise activities that would help to promote and education the public about cloud security.

 
 

CSA Supported Conferences

The latest updates about CSA APAC supported conferences

 
 

Straits Mobile Internet Innovation And Entrepreneurship Conference, 26 June, Xiamen, China

 

Dr. Yushi Shen, Secretary General of Greater China Region Coordinating Body (left), Professor Chui-Chau Lin, renowned scholar (center), Profess Yale Li, Chairman of Greater China Region Coordinating Body(right).

The CSA Greater China Region Coordinating Body Chairman, Professor Yale Li, and Secretary General, Dr. Yushi Shen, attended and presented at the Straits (Mainland China and Taiwan) Mobile Internet Innovation And Entrepreneurship Conference held in Xiaman, China on the 26th of June. The Coordinating Body mentioned “The CSA has chapters within the Greater China Region, and one of them is the CSA Taiwan Chapter, which launched the MAST project with one of our corporate members, Gapertise.”

“The Cloud Security Alliance can provide useful technical resources for governments to use. IoT has created an excellent opportunity and platform for Mainland China and Taiwan to work together.” Other conference attendees included experts from the Fujian provincial government, Xiamen local government and the Ministry of Industry and Information Technology.

 
 

Chapter Spotlight

 
 

CSA Bangalore Chapter

Featured chapter of the month


The CSA Bangalore Chapter Chairman is Mr. Benildus Nadar, Director Mr. Sandeep Thakur and Treasurer Mr. Shashidhar. It all started back in 2011 on a pleasant and drizzling Saturday late afternoon, when a few IT Security professionals were meeting up for coffee. Under the leadership of Mr. Nadar and Mr. Thakur, the CSA Bangalore Chapter is one of the fastest growing APAC chapters with around 600 + LinkedIn members and counting.

The main mission of the Bangalore Chapter is spreading awareness about the CSA to promote cloud security education and certification (CCSK and CSA STAR) in Bangalore, to organise knowledge sharing activities to help the local security community to keep abreast with the latest technology, research and best practices from the CSA as well as around the world. The Bangalore Chapter is also excited to announce that it is organising the inaugural CSA Bangalore Summit on the 28th of August 2015.

With the new leadership from the CSA Greater China Coordinating Body, we believe that the CSA will have a higher impact and a wider influence on the Chinese-speaking cloud security industry.

 
 

APAC Volunteer Leadership Spotlight

 
 

Mr. Benildus Nadar

 

Mr. Benildus Nadar is the Chairman of the CSA Bangalore Chapter and has been leading the chapter since 2011. He is also the Head of CSA Membership APAC. He is a Senior Manager Security Specialist at Ericsson India Global India Pvt. Ltd. He provides senior advisory services in area of Information Technology with a concentration on Information Security and Risk. He has been in the industry for the past 16 years and was previously with IBM, Fidelity Investments and Comodo Security Solutions. Benildus also has strong backgrounds in Consulting, Security Operations Management, Security Policy Management, Compliance, Governance, Risk Management/Assessment, Regulatory Adherence, Data Integrity/Recovery, Business Continuity Planning, Technical Support and Infrastructure Management, Data Center Migration and Data Center Setup.

 
 

Upcoming Events

Come and Join Us!

 
    CSA APAC Events
  1. 3rd CSA Taiwan Summit, 18-20 August, 2015, Taipei, Taiwan
  2. Inaugural CSA Bangalore Summit, 28 August, 2015, Bangalore, India
  3. 6th CSA Korea Summit, 23 October, 2015, Seoul, Korea
  4. Inaugural CSA Innovation Conference, 28-29 October, 2015, Singapore
  5. Inaugural CSA New Zealand Summit, 19 November, 2015, Wellington, New Zealand
  6. 3rd CSA APAC Congress and 6th CSA Greater China Summit,1-3 December, 2015, Guangzhou, China

    Registration is open now! To register: Click Here

    For more event information: Click Here

    CSA APAC-Supported Events
  1. Cloud Computing India 2015, 6 August, 2015, New Delhi, India

    For more information and to register: Click Here

  2. CloudSEC Hong Kong 2015, 11 August 2015, Hong Kong

    For more information, please visit: Click Here

  3. 3rd Annual Global “High On Cloud” Summit, 20-21 August, Mumbai, India

    For more details and to register, please contact: [email protected]

  4. Data Privacy Asia, 25-28 August, 2015, Singapore

    For more details and to register: Click Here

  5. The IOT Show & The Cyber Security Show, 22-23 September, 2015, Singapore

    CSA Members enjoy 15 % discount; for more details and to register: Click Here

 

Contacts

 
    If you are interested in utilising the CSA Cloud Codebook for marketing purposes, please contact the co-editors.