Emerging Top Threats in Cloud Computing – What We Can Do About Them

The principle of least privilege access – in which all human and machine identities should have only the permissions essential to perform their intended function – is a cloud security best practice promoted by cloud providers like Azure, GCP and leading industry frameworks like MITRE ATT&CK and Cloud Security Alliance’s Cloud Controls Matrix. In this webinar, attendees will learn about the risks of overly broad permissions and how to address them.

What you’ll walk away with:

- Discover the role of excessive permissions in data breaches
- Learn best practices for identifying and remediating excessive permissions in cloud environments
- Explore free and open source tools to gain visibility across multiple cloud environments
- Develop a plan to continuously verify least privilege and meet regulatory + Industry compliance objectives

Navigating Through the Pandemic: A MAVCOM's Cloud Journey
​Ts. Saiful Bakhtiar OSMAN (Head of ICT, Malaysian Aviation Commission)

Protecting the Cloud - New Approach
Soumo MUKHERJEE (Head of Strategy & Architecture - Cyber Security, Petronas)

Panel Discussion

The global pandemic and the associated lockdown in many countries have been an inflexion point in the adoption of cloud computing; we have observed increased usage and adoption. The increased usage as well as new cloud adoption during the current crisis is a positive outcome of the lockdown. The distinguished panel will offer their views and perspectives.

The current COVID19 pandemic outbreak has arguably been a wakeup call for most organizations that faced increasing difficulties operating from the traditional on-premise model. Unknowingly, many organizations might not have been aware that they have been directly or indirectly accessing a wide variety of cloud computing services with services such as Microsoft 0365, emerging technologies such as Internet of Things (IoT) and practices such as big data analytics. As another example, Malaysia's central bank releasing of its Risk Management in Technology (RMiT) guidelines last year has arguably spurred disruption that led to more rapid digital transformation which includes the movement to the cloud within the financial services industry. Based on the guideline's recommendation, financial institutions could adopt cloud services as long as they have performed comprehensive risk assessment prior to the adoption.

This presentation will deliver awareness of cloud security by covering some of the common cloud risks and potential challenges faced with cloud adoption. There will be sharing as well of appropriate security controls be it from management or assurance perspectives that organizations should consider when moving to the cloud.

Introduction
Sureen SUBRAMANIAN (Chairman, Protem Committee, CSA Malaysia Chapter)

​Welcome Remarks
​Dr. Hing-Yan LEE (EVP APAC, CSA)

Opening Keynote - Cloud Security Landscape: Challenges & it's Possible Solutions
Dato' Dr. Haji Amirudin bin Abdul WAHAD (CEO, Cyber Security Malaysia)

The topic will cover the current digital landscape whereby the population is now highly connected and due to the global Covid-19 pandemic the interconnectivity also increases exponentially. It also relates to the convergence of technologies, which adds more complexities to the cyberspace. Due to these complexities it has created a lot of concern on the risk to the users, organizations and industries. Apart from that, it has also created opportunities for unscrupulous persons to conduct illegal activities, scams, Denial of Services (DOS) and disruption of businesses online. Over the years, there were a lot of viruses and malwares that created a lot of problems and disruption not only on the personal level but also to giant corporations and nations.​

The presentation also includes cloud security precautionary measures on how to overcome the security and privacy challenges. Like any other digital technology, cloud computing is also vulnerable and open to cyber abuses and cyber threats which are quite rampant in some parts of the world. Another issue would be about policies governing the usage of cloud computing when the server is based abroad and could only be accessed by a few for importing of data
domestically. There could be some legal ramifications on such matters.

The biggest shift due to COVID-19 was the immediate move of the workforce to the “home office.” But the "home office" is really just your home environment and your organization’s computer. This leaves employees vulnerable without the comprehensive cyber defense protocols corporate office networks provide. Threat actors have identified this and are actively taking advantage of the situation.

In this session, we will cover the various attacks targeting the “home office,” how attackers can easily collect data about their targets, and what type of data cybercriminals have been selling in underground forums in the past year.

Engage early, engage often. Continuously delivering products with enhanced security capabilities in a cross-functional, multi-platform environment is no easy task; It takes a lot of commitment to collaborate and communicate on the part of every individual involved throughout the development process, especially when working with globally dispersed teams.  To overcome these challenges, organizations should leverage five principles of collaboration to help their security and compliance teams collaborate more effectively and efficiently with their product development and operations teams. By adhering to these collaboration principles, organizations can improve efficiencies throughout their products and services while keeping their internal stakeholders happy.

Join Sandhya Narayan, Principal Program Manager at Adobe, as she discusses these principles and how Adobe applies them to improve collaboration between their security, engineering, and operations teams throughout the company.

In this CloudBytes webinar, Cloud Security Alliance CEO Jim Reavis will go into a hypnotic trance and summons otherworldly forces to banish 2020 and all of its evil incarnations into an endless pit of fire, freeing humanity from its evil clutches. Jim will also review the current state of cybersecurity, how the industry has coped with the unexpected events, how cloud has functioned, how businesses are pivoting and what meaningful lessons we take from the year.

Panel Discussion : Cloud Security Threat Landscape in the New Normal
The pandemic has accelerated the digital transformation initiatives of many organizations in the Indonesia. Local companies jumped to the cloud with survival response as the prime consideration. Join our fellow panelists in this panel discussion on the business impact of the top threats on the Cloud. We will also discuss on the cloud-security-first mindset and how CSA can help the industries in Indonesia in their cloud security journey.

Moderator: Budi Hermawan (Education Director, CSA Indonesia Chapter)
Panelists:
Hana ABRIYANSYAH (CISO of Midtrans and VP of Information Security at GO-JEK)
Andri PURNOMO (VP IT Security, Dana Indonesia)
Fransiskus INDROMOJO (Senior Technical Specialist, Microsoft Indonesia)
Muhammad SUHADA (VP Information Technology, PT Blue Bird Tbk)

Closing Remarks
Densi REFWALU (Marketing Director, CSA Indonesia Chapter)

(in Bahasa Indonesia)

Cyber Threat Intelligence is known as cyber threat knowledge or information which is expected to help implement more effective security controls to provide us with various advantages in building a safe cyber environment. Organizations are then become more proactive rather than reactive to cyber attacks, they are also quicker to mitigate risks and respond to incidents. However, with the rapid development of cyber space and our entry into the industrial era 4.0, threat information become abundant, the biggest challenge for CTI is to provide right information in the right time, so that it will not only technically help but also be useful in decision-making. CTI that only provides non-selective information will eventually become regular news that will not have an impact on increasing cybersecurity awareness. This presentation tries to provide some information on the CTI in Indonesia and see whether it is effective or not to bring awareness to the public or its decision makers. Which intel threat can make us more concerned about our cyber situation?

(The presentation is in Bahasa Indonesia)

Customers are turning to the cloud to reduce capital expenses and increase agility as part of their digital innovation (DI) initiatives. Despite the benefits, cloud migration results in business-critical data and services being scattered across clouds and data centers. This leads to an expanded attack surface and a corresponding increase in security risk.
Some organizations are unknowingly stumbling into a new security paradigm - the shared responsibility model, a model that is built on the assumption that the cloud infrastructure will be secured by cloud providers, while security for services used in the cloud are the responsibility of the organization.
The Fortinet Security Fabric was purpose-built to close these cloud-driven security gaps through native integration with public cloud infrastructures, a broad set of security services and products, and cross-cloud security management, automation, and analytics.

CSA Indonesia Virtual Summit 2020

Introduction
Faisal YAHYA (Chairman, CSA Indonesia Chapter)

​Welcome Message
Dr. Hing-Yan LEE (EVP APAC, CSA)

Cloud Computing & Cloud Security Landscape in Indonesia: Challenges & it's Possible Solutions
Semeul Abrijani PANGERAPAN (Director General of ICT Applications, Ministry of Communication and Information Technology, Indonesia)​

Infrastructure as Code and Security Automation for Container Native Applications

Competition and the pursuit for business superiority is shortening product to market cycles, requiring enterprises to reevaluate current application architectures. It doesn’t take long to come to the conclusion that the “right” solution requires embarking on a journey of digital transformation, involving the rapid adoption of the cloud, containers, microservices and devops processes. However, the combination of deploying container native applications at scale, as immutable infrastructure and frequent deploy and tear down cycles, has required DevOps to automate all aspects of the infrastructure as well as security.

In this talk we introduce the “Cloud Security Automation Stack”, which is a framework for representing all aspects of infrastructure and security as code, coupled with automation, applied throughout the build, deploy and run phases. In this manner DevOps and Security teams leverage automation and infrastructure as code with security natively injected at the appropriate points, in order to secure critical cloud native assets. Additionally, in this talk we will demo the adoption of the Cloud Security Automation Stack to comprehensively secure microservices running as containers on the Kubernetes platform.