Emerging Top Threats in Cloud Computing – What We Can Do About Them

Modern multi-cloud environments are complex, noisy, and full of sensitive data. It’s critical to gain visibility and control for data in the cloud - to reduce risk, get more value from your data, and take a strategic and scalable approach to data management.


Join Dimitri Sirota, Co-founder, and CEO of BigID, to explore how to build a data visibility and control framework for the cloud. You’ll learn:
- Challenges to data visibility and control across data centers in the cloud
- How ML and automation will fuel next-generation data management that extends to privacy, security, and governance
- Key steps to building a sustainable and scalable framework for cloud data management

Panel Discussion

The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty.

MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)

PANELISTS:
- Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
- Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems,, ST Engineering)
- Ts. Saiful Bakhtiar OSMAN (Head of IT, APAC, ASCENT Fund Services)

Panel Discussion

According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise in Malaysia. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists.
​
MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)
​
PANELISTS:
- Victor LO (Head of Cyber Security, Malaysia Digital Economy Corporation (MDEC))
- Philip VICTOR (MD, Welchman Keen)
- Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)

2020 was the year of cloud computing due to the COVID19 pandemic, which required more businesses to operate remotely, and the staff to Work From Home. Though it is the obligation of the cloud service provider to take responsibility for their infrastructure and ensure security and safety at all ends, sometimes it doesn’t quite happen. There have been several large-scale incidents this year, in some cases, stemming from a surge in usage.

If there exists a gap between the requirements of the organization versus the capability of the cloud service provider, proper and formal steps must be put in place to successfully mitigate this risk to an acceptable level.

The best method to identify these gaps and address them with stakeholders is via an audit of the cloud service provider. This presentation will briefly explain the controls which need to be audited, to provide the requisite assurance to the client organization and their stakeholders. Ignorance is not bliss when migrating to the cloud.

As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance.

Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.

Panel Discussion

Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?

MODERATOR: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
​
PANELISTS:
- Faisal YAHYA (Chairman, CSA Indonesia Chapter)
- FONG Choong Fook (Director, LE Global Services, Malaysia)
- Ian LOE (CTO, NE Digital)
- Narudom ROONGSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)

Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.

As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.

CSA Malaysia Virtual Summit 2021

Introduction & Welcome Remarks
​Dr. Hing-Yan LEE (EVP APAC, CSA)
​
Opening Address
Jim REAVIS (Co-Founder & CEO, CSA)

Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security.

The "2021 Auth0 State of Secure Identity" report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies.

During this webinar, we’ll provide greater insight into which industries are:
- Most highly targeted by credential stuffing attacks
- Most highly targeted by SQL injection attacks
- Leading the way in MFA adoption to improve overall security posture

We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.

When developers build security into services at Adobe, we make it to where they don’t have to start from scratch. We provide a set of core building blocks for use such as identity service, API platform, event-based messaging system, and others. Traditionally, Adobe security has relied on manual reviews and checklists to make sure these components are being used securely. However, as the number of services grew, we found it hard to scale manual reviews. With the help of automation and “secure-by-default” settings we have created “secure blocks” – application components that have necessary security controls built-in. We’ve not only been able to keep up with the growth but also managed to improve our overall coverage. In this webcast you will learn more about our ongoing development and deployment of our “secure blocks” methodology that helps improve security and compliance across our products and services.

When developers build security into services at Adobe, we make it to where they don’t have to start from scratch. We provide a set of core building blocks for use such as identity service, API platform, event-based messaging system, and others. Traditionally, Adobe security has relied on manual reviews and checklists to make sure these components are being used securely. However, as the number of services grew, we found it hard to scale manual reviews. With the help of automation and “secure-by-default” settings we have created “secure blocks” – application components that have necessary security controls built-in. We’ve not only been able to keep up with the growth but also managed to improve our overall coverage. In this webcast you will learn more about our ongoing development and deployment of our “secure blocks” methodology that helps improve security and compliance across our products and services.

A lot of folks talk about the “what” behind DevSecOps, but few have mastered the “how” that makes it a success. With Development and Operations functions fused together in most organizations, Security must become a first-class cultural component in software engineering practices. In this talk, IntSights CISO Cindi Carter will share the story of how her team at a health IT company succeeded in implementing the secure Software Development Lifecycle for an organization with more than 3500 reluctant developers worldwide.

In this session, you will learn how to build in cybersecurity rather than bolting it on later:
- Understand the developer’s mindset and motivation
- Exploit the company culture and incentivize developers to desire security
- Expand from a few crazy early adopters to thousands of developers
- Overcome the roadblocks that arise along the way

As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security.

Recent events have created uncertainty around the viability of the third parties you depend on. Suddenly, third-party risk and business continuity have become the top priority of many board members.

We're actively working with organizations to help them execute on plans to better assess their suppliers and service providers to avoid significant operational disruptions. In this webinar, we'll share what we've learned and provide examples of what organizations are doing in practice to navigate these disruptions.

Join this webinar to learn:
- How to streamline rapid due diligence of your suppliers
- How to develop and execute business continuity plans as it relates to third parties
- Best practices on how to prepare for these incidents in the future

Many of today's organizations have as many staff resources integrating security tools and data sources as they do actually running their security programs. This is a tragic duplication of effort and not the most productive use of precious talent that often fail to create the expected value and ROI.

Join this webinar to hear how some key alliances are pushing the industry towards open, standards based interoperability, and see some tangible examples of what those gains in efficiency and efficacy look like today.