CSA and Google Cloud Launch Survey Report on Measuring Risk and Risk Governance

In collaboration with Google Cloud, CSA released the new survey report Measuring Risk and Risk Governance to provide a deeper understanding of public cloud adoption and risk management practices within the enterprise.

The goal of this research is to assess the maturity of public cloud and risk management within enterprises. Among the survey’s key findings:

  • There is no consistency of data classification across the use of cloud platforms and services — only 21% of users are utilizing cloud service data classification.
  • More than half (52%) of organizations reported that they did not evaluate the risk of their cloud services being used after procurement as product features or business environments changed.

This study shines a light on the opportunity enterprises can take to manage and measure their risk, and will hopefully lead to improved risk management practices.

​​“Increasingly, cloud is becoming … more of a means to manage risks. Continuously evaluating your risk status allows enterprises to properly configure and maximize the effectiveness of [your] security solutions, which in turn, protects their assets and improves business productivity,” said Phil Venables, Chief Information Security Officer and Vice President of Google Cloud. 

This study confirms that IT modernization into the cloud is the best path toward viable risk management.

Download it here.

[CSA Research] – Top Threats to Cloud Computing Pandemic Eleven

Cloud Security Alliance’s Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing.

In this sixth installment, CSA surveyed 703 industry experts on security issues in the cloud industry. This year the respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report – the ‘Pandemic Eleven’.

Download it here: https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-pandemic-eleven/

CSA HKM Knowledge Sharing Event – June 2022

Securing cloud computing environment is more than just protecting data and workloads in the cloud and cloud management platform. When more and more cloud-based applications were developed in shared model, vulnerabilities in shared environment could fall between the cracks. Thus, supply chain risk already become a serious issue to many companies.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on June 9, we will look into how to detect and mitigate supply chain risks.

Checkmarx Engineer, Richard Lee, will bring us to the practice world of security review through demonstration. He will cover:

  • The types of risks associated with open source libraries  
  • How to test the libraries you’re using for safety 
  • Tools you can use to protect your business
  • New reputational and behavioral analysis techniques to overcome obfuscation attempts

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: June 9, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Open Source Software Supply Chain: Risks and Mitigation
SPEAKER: Richard Lee, APAC Channel Sales Engineer, Checkmarx

CONTENT:

Open source libraries have become an essential part of almost all modern applications.  Without open source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need a certain functionality in an app saves time and effort, and as a result, open source isn’t going away anytime soon. If anything, it’s becoming more and more widespread.     

But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.

In this session, we discussed the importance and prevalence of open source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early, before they can become a problem or a liability. We’ll cover best practices to secure the software supply chain against errors and bad actors, along with what steps to avoid.

THE SPEAKER:
Richard Lee is currently the Checkmarx Channel Sales Engineer for the Asia Pacific Region with over 10 years’ experience in the IT, IT security and Application Security industry. He has held various positions in manufacturing, software companies and information security companies.

Richard is currently responsible for AST Platform, SAST (Static Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis) and CodeBashing technologies. Prior to joining Checkmarx he held various positions at Intel, Microsoft, HP and SafeNet.

Richard holds a bachelor’s degree in Computer Science from the University of Kansas, USA.

View the presentation: https://youtu.be/LY8Tkisq2Zs

CSA HKM Supports Digital Practice Summit Asia

Cloud Security Alliance Hong Kong & Macau Chapter is elated to be an Association Partner of Digital Practice Summit Asia, part of AF Show Asia series taking place LIVE on June 15!

Digital Practice Summit Asia is the online technology event of the year for accountants in practice. With 20+ LIVE sessions across 2 Channels, it’ll offer the audience the greatest insights to help growing the accounting practice post pandemic in 2022 and beyond.

DATE: June 15, 2022, Wednesday

TIME: From 9:00 am

FORMAT: Online

Get your FREE virtual pass now: https://bit.ly/3MWr9Qf

CSA HKM Knowledge Sharing Event – May 2022

Covid-19 situation is less severe these days. Work from home is not strictly required now. Life is now back to normal. Under the new normal situation, Cloud Computing become a critical component in our daily work. One of the main concern in using Cloud Computing environment is the security.

How can we store secret across multiple cloud environment for secure cloud workflow? In this knowledge sharing session, we invited HashiCorp Cloud Platform to provide us with some insights.

Shohei Maeda, Developer Advocate for HashiCorp APJ will share with us how secret could be and should be stored in cloud and container environment. He will also bring us to the Zero Trust Security model to secure our workflow environment.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: May 19, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Managing Secrets at scale for a Secure Cloud workflow
SPEAKER: Shohei Maeda, Developer Advocate for HashiCorp APJ

CONTENT:
Traditionally, people, applications, and services with access to resources are given their own set of long-lived, scoped credentials.  As your organization, teams, and systems scale, the number of these credentials and the access to them will only increase over time, and are used everywhere which causes what is called “Secret Sprawl”.  Static credentials that exist in your workflows are always at risk of leakage and introduce a large attack surface.

This session will show you how you can apply a Zero Trust Security model that secures your workflows by leveraging dynamic and short-lived credentials.
With this, you are able to avoid managing static, long-lived secrets across systems, and giving direct access to these secrets is no longer required.

THE SPEAKER:
Shohei is a developer advocate at HashiCorp who loves learning new technologies. He lives in Tokyo, Japan.

With his broad experience in Infrastructure, security, and web engineering, he focuses on building new tools and tackling complex problems that developer communities run into to make their life easy and happy.

View the Presentation: https://www.youtube.com/watch?v=RZ3-rKiAEvY

CSA HKM Supports Hong Kong ICT Award 2022

The Hong Kong ICT Awards aims at recognising and promoting outstanding information and communications technology inventions and applications, thereby encouraging innovation and excellence among Hong Kong’s ICT talent and enterprises in their constant pursuit of creative and better solutions to meet business and social needs.

The Award was established in 2006 with the collaborative efforts of the industry, academia and the Government. Steered by the Office of the Government Chief Information Officer, and organised by Hong Kong ICT industry associations and professional bodies. The Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organisation this year.

There are eight categories under the Hong Kong ICT Awards 2022. There will be one Grand Award in each category, and an “Award of the Year” will be selected from the eight Grand Awards by the Grand Judging Panel. HKCS is officially appointed by OGCIO to be the Leading Organiser of the Hong Kong ICT Awards 2022 – Smart Business Award category. The Smart Business Award covers 3 streams, including Solution for Business and Public Sector Enterprise, Solution for SME as well as Emerging Technologies.

For details please visit: https://hkcs.org.hk/ictawards/

CSA HKM Announces 2022/2023 Management Team

Cloud Security Alliance Hong Kong & Macau Chapter announced a new management team for 2022/2023 after their AGM on March 31, 2022.

PositionName
ChairmanClaudius Lam
Deputy Chairman (Hong Kong)Harry Pun
Deputy Chairman (Macau)Terry Cheung
Vice Chairman – Secretarial & TreasurerOtto Lee
Vice Chairman – Membership & External AffairsVince Wan
–      Membership (Events & Activities) DirectorHenry Ng
Vice Chairman – Programs & ResearchSamuel Ng
–      Research DirectorFrank Chow
Vice Chairman – Professional DevelopmentRicci Ieong
–      Education Director (Hong Kong)Kevin Liu

The team will work together to further the development of CSA HKM in the year to come.

Member Discount for HKPC Courses: Securing Public Cloud Deployment / Securing PaaS Cloud Deployment

Cloud Security Alliance Hong Kong & Macau Chapter is the supporting organisation of these two courses organised by  the Hong Kong Productivity Council.  Our member will receive special discount when joining these courses:

Securing Public Cloud Deployment
The unforeseeable pandemic has accelerated digital transformation of many corporations. Some of them will consider migrating their company data from premise servers to cloud services. However, IT practitioners should be aware of the potential risks and security threats of this move. HKPC will soon host the “Securing Public Cloud Deployment” 2-day training course. This intensive course will cover practical knowledge to deploy web applications in typical public cloud environments as well as theories and hands-on cases of cloud-based architecture design and management.

Date: 28-29 June 2022
Time: 09:30-17:00
Venue: HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon
Details: http://u.hkpc.org/public-cloud

Securing PaaS Cloud Deployment 
There are more and more software developers use Serverless PaaS cloud computing to deploy containerised applications these days. If you want to enjoy the convenience of the cloud computing and keep your application safe, you are recommended to join the upcoming “Securing PaaS Cloud Deployment Cloud” course hosted by HKPC. Experts in the field will provide you with practical knowledge of deploying microservices with Dockers and Kubernetes securely in a public cloud environment.

Date: 5-6 July 2022
Time: 09:30-17:30
Venue: HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon
Details: http://u.hkpc.org/paas-cloud

CSA HKM Knowledge Sharing Event – April 2022

Covid-19 brings us a lot of challenges but at the same time with Work / Study at Home opportunity. We have secure a number of new study opportunities and learning opportunities to our members.

Firstly, as a CSA HKM Chapter member, you can enjoy our knowledge sharing session and claim CPE. Besides, if you are our member and have attended 3 of our knowledge sharing event sessions, you can then entitle to register for our CCSK course and CCAK course with special member discount (Membership – Associate Member).

In April we invited Mr Ken Zhang, Head of Security Hong Kong, Google Cloud, to join us again to share the new topic on Security Framework SLSA for CI/CD pipeline. Ken has delivered a talk for us on Cloud Infrastructure Continuous Compliance in November last year.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: April 21, 2022 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ken Zhang, Head of Security Hong Kong, Google Cloud

TOPIC: Supply chain Levels for Software Artifacts (SLSA) – Open-source Security framework for Serverless and CI/CD Pipeline.

CONTENT:

SLSA is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. The solution takes the conceptual framework and turns it into a reference architecture and actual implementation on GCP using native, serverless GCP CI/CD toolchain and Binary Authorisation.

You can directly borrow the solution demo setup & code to start their GCP based CI/CD pipeline design and build. You can also leverage the reference architecture to build out their own pipeline leveraging GCP Binary Authorisation and GKE, or your own pipeline on-premises or on other cloud.

THE SPEAKER:

Ken led multi-cloud security and transformation projects in Australia and the Greater China Region. He has experience helping organisations with their security and transformation journeys in banking, insurance, retail, health service and manufacturing industries

View the Presentation: https://youtu.be/C8h6mfM_VhY

CSA HKM Supports “Building a Cyber Security, Cloud Protection and Privacy Framework” Workshop

Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organisation of the “Building a Cyber Security, Cloud Protection and Privacy Framework” Workshop organised by the Hong Kong Productivity Council.

This workshop will explain in detail the CSF & CCM frameworks and how they can be applied to protect an organisation’s critical assets and cloud usage. Practical examples will be shared to illustrate the best practices and tips of adopting these two frameworks.

Date:                     11 May 2022

Time:                     09:30-17:00

Venue:                 HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon

Details and enrolment: http://u.hkpc.org/cloud-protection.

CSA HKM members will receive special discount on the workshop fee.