CSA Knowledge Sharing Event – March 2016

A Journey to Hybrid Cloud


Build application is no longer a difficult task. Many of the applications can now be developed in the cloud environment. However, many organization still have concerns in implementing mission critical application in the cloud environment because of the system availability, data protection/privacy challenges.

In order to minimise these risks, one can implement the application using Hybrid cloud architecture.

DATE: March 3, 2016 (Thursday)

TIME: 4:00 – 6:00 pm

VENUE: Room Z409, Core Z

The Hong Kong Polytechnic University, Hung Hom


Mr Steven Lau, Surface

Technology Manager, Microsoft

REGISTRATION: https://www.eventbank.com/event/533/


CSA Knowledge Sharing Event – February 2016

Turn any cloud into a trusted and compliant environment


To fully capitalize on the strategic potential of the cloud, you need to know that your data is secure, wherever it resides. By addressing cloud security challenges such as data control, accessibility, and visibility, you can ensure that you are the only one who controls access and the keys to your data – especially across multitenant, geographically distributed sites.

Whether it’s a public, private, hybrid cloud, or virtualized data center, it is crucial to ensure enterprises have confidentiality and integrity of cloud data and business processes.

DATE: February 4, 2016 (Thur)

TIME: 7:00 – 9:00 pm

VENUE: Room Z414, Core Z

The Hong Kong Polytechnic University, Hung Hom


Mr Sheung-Chi Ng, Senior

Security Consulting Manager, Identity and Data Protection, APAC, Gemalto

REGISTRATION: https://www.eventbank.com/event/510/


CSA Congress APAC 2015

Following the success and tradition of previous CSA APAC Congress renditions, the 2015 APAC Congress is the premium event for compelling presentations and interesting discussions about research, development, practice and trends related to cloud security. Attendees represent end-user, research and industry viewpoints, and there are plenty of networking and business opportunities throughout the event.

DATE: December 1-3, 2015

TIME: 9:00 – 17:00

VENUE: The Garden Hotel Guangzhou, 368 Huanshi Dong Lu, Guangzhou, China

WEBSITE: https://csacongress.org/event/apac-2015/

CSA Knowledge Sharing Event – October 2015

CSA Knowledge Sharing Event provides an excellent opportunity for cybersecurity professionals to discuss the latest trends and developments in IT and in the process build a close-knitted cybersecurity community in Hong Kong and Macau. This month we have invited Mr Terence Yeung, Head of Managed Services at Atos Information Technology HK Limited to brief us on “How to run a Cloud environment from design to implementation as secure as GovCloud”.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

DATE: October 8, 2015

TIME: 7:15 – 9:00 pm

VENUE: Room QR403, Core R

The Hong Kong Polytechnic University


  • CSA updates
  • How to run a Cloud environment from design to implementation as secure as GovCloud – Terence Yeung, Atos Information Technology HK Limited
  • CSA Training and education updates

Registration: https://www.eventbank.com/event/431/

Cloud Security Alliance Expands Star Provider Certification Into China

Guangzhou, CHINA, June 15, 2015 – The Cloud Security Alliance® (CSA) today announced the launch of CSA C-STAR Assessment, a technology-neutral assessment that leverages Chinese national standards to give customers a greater understanding of the security posture of cloud providers. Along with the launch, CSA announced that China-based Huawei and Bluedon, as well as Hong Kong-based Ribose are in the process of achieving C-STAR certification.

CSA C-STAR Assessment is the latest offering of the CSA’s Security, Trust and Assurance Registry (STAR) family, the world’s leading cloud provider assurance program. Joining CSA STAR’s self-assessment, ISO 27001 and SOC-2 products, C-STAR Assessment harmonizes CSA’s globally adopted cloud security framework with Chinese national standards, providing cloud providers and consumers with a trusted security benchmark. C-STAR’s independent assessment methodology establishes a robust security baseline for cloud providers and a roadmap for continuous improvement in security maturity.

“Organizations that outsource to cloud service providers often have a number of concerns about the security of their data and information,” said Aloysius Cheang, Managing Director of APAC for the Cloud Security Alliance. “By using the CSA C-STAR Assessment, cloud providers of every size, throughout the Greater China region, will be able to give customers a better understanding of their security management procedures.

We are pleased that leading cloud providers in the region are already achieving their certification, and look forward to expanding the number of certified providers in the coming months.”

The Managing Director of CEPREI, the Chinese national certification body, Mr. Zhao Guoxiang mentioned, ”CEPREI developed C-STAR based on CSA research results together with experience accumulated from more than 10 years of information security management work. As the first internationally aligned cloud security assessment in China, C-STAR is highly recognized by renowned corporations like Huawei, Bluedon and Ribose, and has gained nationwide attention in the cloud computing industry.”

Mainly used in the Greater China area, C-STAR is a rigorous third party independent assessment of the security management of a cloud service provider. C-STAR leverages the requirements of the GB/T 22080-2008 management system standard together with the CSA Cloud Controls Matrix. The C-STAR Assessment is based on GB/T 22080-2008 and the specified set of criteria outlined in the Cloud Controls Matrix, plus related requirements of GB/T 22239-2008 and GB/Z 28828-2012. C-STAR’s close alignment with the other STAR portfolio products provides a strong assurance bridge for Chinese cloud providers seeking to do business internationally and for international cloud providers seeking opportunities within China.

The Cloud Security Alliance C-STAR Assessment complies with all of the China national requirements and provides flexible solutions to senior management to show where the risks, threats and opportunities lie within a business.

For more information about the Cloud Security Alliance C-STAR Assessment, please visit www.cloudsecurityalliance.org/star/c-star.

Hong Kong SME Cloud Adoption, Security and Privacy Readiness Survey Results Announced

SME Survey 2015
The Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter today jointly announced the results of the second year- “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey”, which sponsored by Microsoft Hong Kong to facilitate the Cloud development in Hong Kong.

HONG KONG, May 14, 2015 – The Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter today jointly announced results of the second year- “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey.” The report reveals more than 80% of surveyed SMEs have already adopted cloud services to varying degrees. This resulted in a significant climb compared to the 50% adoption rate among SMEs in 2014.

In addition, more than 50% of the SMEs that adopted cloud services believe their Cloud Service Providers (CSPs) can help protect their data. Aside from that, nearly 70% of the SMEs surveyed developed relevant policies to ensure the safety of their customer data since the Personal Data (Privacy) Ordinance has launched. However, over 25% of them have no knowledge regarding how their CSPs process their data and information.

The survey conducted in April this year analyzed SME cloud adoption, in addition to security and privacy readiness in Hong Kong for the second consecutive year. It aims to understand Hong Kong SMEs’ application of cloud technologies, with a key focus to analyze their level of cloud security and privacy readiness. Also, it reveals the market trends to provide useful recommendations to SMEs, by comparing the data from 2014. The survey was sponsored by Microsoft Hong Kong.

Chester Soong, Chairman of Internet Society Hong Kong, said, “Compared to last year, this year’s survey shows SMEs in Hong Kong have seen the importance of data security, especially those who hired external parties to conduct security audit and certification reviews in the past. An increase of 40% SMEs have started to formulate policies towards data security. The report also reveals, more than 50% of surveyed SMEs consider cloud services as one of the solutions to resolve data security issues. This indicates SMEs started to realize the higher level of data security they can enjoy, by adopting reliable cloud services.”

Claudius Lam, Chairman of Cloud Security Alliance Hong Kong and Macau Chapter, analyzed, “In response to the recent public concern towards personal data privacy, we added in particular questions. The results indicated around 70% of the respondents have policies to comply with the ordinance since the Personal Data (Privacy) Ordinance has been enacted, representing their concern on protection of personal data. However, a quarter of the surveyed SMEs using cloud services have uncertainty on how their CSPs would use their data and personal information. More than half of them will disapprove their CSPs to look at and use their company or customer data for marketing purpose. We recommend SMEs should look for CSPs who comply with international standards, like ISO/IEC 27018. The latter provides guidelines for CSPs concerning the protection of personally identifiable information.”

Alan Chan, National Technology Officer of Microsoft Hong Kong Limited, stated, “Microsoft has been committed to helping SMEs utilize technology to strive for greater competitiveness. In fact, given the pace of the cloud services market rapidly being developed, we have recorded triple-digit growths year-on-year. And, 80% of the SMEs in the survey also adopt and benefit from a myriad of cloud services. In view of the limited resources and expertise SMEs encounter, it is recommended to consider reliable and enterprise-class CSPs to provide proper cloud services with the right business models. This would help to better protect its business data and property with an efficient approach. Aside from that, SMEs can now enjoy enterprise-class data and privacy protection such as data loss prevention and email encryption at a more affordable cost.

Pushpa Jayanna, Chief Operating Officer of Just Service, shared: “Just Service, a SME in Hong Kong, is a specialist service provider and a licensed life insurance broker. We have started deploying Microsoft Office 365 and CRM online half a year ago. Like many other local enterprises, we strictly comply with the Personal Data (Privacy) Ordinance provision, to ensure our business governance and sustainability. Therefore, we have to ensure our CSP is qualified in conjunction with the ordinance, and is able to provide relevant services at international standards. An example of these standards is ISO/IEC 27018, the code of practice for protection of personally identifiable information, released earlier. This guideline helps SMEs to select an appropriate CSP and do overall management more easily and effectively.”

The Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security and Privacy Readiness Survey was conducted by the Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter, who commissioned the Hong Kong Productivity Council (The Council) to carry out telephone interviews to Hong Kong SMEs (10 – 100 employees) over the course of three weeks and to review data from the Census and Statistics Bureau. The Council successfully collected 168 responses to the survey. The research covered major industry sectors in Hong Kong. The survey questionnaire was developed based on the Cloud Security Alliance Cloud Control Matrix international standard with questions adapted to local conditions. The survey was sponsored by Microsoft Hong Kong.

Cloud Computing Events Supported by CSA Hong Kong & Macau Chapter


ICT Conference 2012 – Cloud Technology

Organised by Informatics & Control Technologies Section , Insitute of Engineering Technology

Date: 14 September 2012      Time: 0900 – 1700

Venue: Regal Hong Kong Hotel, 68 Yee Wo Street, Causeway Bay,  Hong Kong

Supporting Organization’s Member: HK$500 (lunch included)


Cloud Security Forum 2012

Organised by KORNERSTONE and ComputerWorld

Date: 27 September 2012        Time: 1:30 – 6:15p.m.

Venue: 15/F, Hong Kong Club Building, 3A Chater Road, Central, Hong Kong

Admission: Early bird Rate: HK$970 (on or before 15 September 2012)   Standard Rate: HK$1,260


The 3rd Annual Cloud World Forum Asia 2012

Organised by Cloud World Series 2012

Date: 13th – 14th November 2012          Time: 0800 – 1730

Venue : Eaton Hotel, Hong Kong, 80 Nathan Road, Kowloon, Hong Kong


contact : event< @ > hkm.chapters.cloudsecurityalliance.org if you need more information