Cloud Security Alliance APAC
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice

CCSK Success Stories: From the Head of IT at a Financial Services Company

9/22/2020

 
Picture
Written by Faisal Yahya, Head of IT - Cybersecurity and Insurance Enterprise Architect, PT IBS Insurance Broking Service

In your current role at PT IBS Insurance Broking Service, as Head of IT – Cybersecurity and Insurance Enterprise Architect, you oversee the IT and security aspects in your organisation. Can you tell us about what your job involves?

I am responsible for all IT strategies and operations of the company. My position is not limited to internal activities but also covers how to connect the current architecture with multiple insurance companies, clients, and reinsurance companies in various countries. As changes in the insurance business are very dynamic; this requires planning an agile and effective IT strategy.


Can you share with us some complexities in managing cloud computing projects?

Working in the financial services industry is challenging because there are many government regulations, especially if we talk about privacy and cybersecurity. On the one hand, cloud technology makes it convenient to respond to this. On the other hand, it is not easy to transform on-premise architecture so it can be moved to the cloud. The CCSK provides comprehensive guidance on everything needed for IT professionals to build effective, efficient, and secure cloud architecture.

In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

The expenditures for any cloud service remains the most significant drawback, and storage is no different. Unforeseen costs include snapshot costs and unplanned automatic growth in storage. It is vital to ensure that you have the right resources to direct you and enforce strict deployment and budget guidelines.
  1. Cloud storage also does not require much time to prepare, build, and check properly. And still, companies can benefit from the cloud provider’s wide-range of experience. Although, by having experience in software development, we can still leverage cloud storage usability and functionality better than on-premise, including the archiving process required by compliance.
  2. Data size is another challenge. Data has bulk, which means that when it has to transfer, there is no shortcut. Failure to take sufficient account of data volume poses significant business issues. Industry experts have expressed their concern about cloud backup data.
  3. In many situations, cloud storage can make sense, but this does not mean that all your infrastructure follows. It's not a trivial task to establish a secure and robust link with your cloud provider. Many features are taken for granted in the company that are not provided with cloud storage.
  4. The security of any IT project should be at the forefront, and cloud storage is no different. Any resident, his data, and supporting infrastructure can be seen or removed by a lost encryption key or leaked administration account. Too often, companies are stuck in the cloud, and it is the responsibility of the provider.

What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work, and why?

Compliance, governance, and architecture. These three are the most relevant to my working situation. Working together with many companies outside of Indonesia requires a broad understanding of these areas, especially compliance. CCSK helps us a lot to ease the learning processes. CCSK fits all the related information under one useful framework. This framework greatly supports anyone who wants to study cloud security without any previous background.

How does CCM help communicate with customers?

Cloud Security Alliance Cloud Controls Matrix (CCM) offers a precise security mechanism to guide cloud providers. The CCM has become a general practice among many financial services (my industry in general) firms for how they manage cloud use. It is especially helping with how we can communicate the standards among peers.

What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by, say AWS? In what scenario are the different certificates important?

Cloud is about orchestrating resources. I believe, in the future, this will broaden and expand into various cloud service providers (CSPs). Meaning that, when we talk about cloud, we will be primarily talking about designing architecture that enables the connection of several different CSPs. We cannot discuss this by just referring to one specific CSP since they are all connected. We need to have standard best practices that work for all CSPs, and hence the importance of having a vendor-neutral certification.

Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?

Yes, of course. Refer to my previous answer. Cloud is not only a technology but also a platform for which we can connect to various CSPs. To efficiently and effectively design the architecture, we cannot rely on one CSP only. We need to have a vendor-neutral source from which we can learn the best practices.

What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?

Technology is changing so fast. Broaden your expertise in one specific domain you are passionate about that will keep you in the spotlight. Do not take shortcuts, and certification is just one step to gain expertise. You need to practise and practise as much as possible. And lastly, network with professionals in the same domain area to advance your skill from other learning experiences.


Read the full blog post here ​​https://cloudsecurityalliance.org/blog/2020/09/22/ccsk-success-stories-from-the-head-of-it-at-a-financial-services-company/
© COPYRIGHT 2021. Cloud Security Alliance. All Right Reserved