CSA Knowledge Sharing Event provides an excellent opportunity for cybersecurity professionals to discuss the latest trends and developments in IT and in the process build a close-knitted cybersecurity community in Hong Kong and Macau. This month we have invited Mr Terence Yeung, Head of Managed Services at Atos Information Technology HK Limited to brief us on “How to run a Cloud environment from design to implementation as secure as GovCloud”.
Please do not miss this opportunity to learn from the expert and get connected with your peers.
DATE: October 8, 2015
TIME: 7:15 – 9:00 pm
VENUE: Room QR403, Core R
The Hong Kong Polytechnic University
How to run a Cloud environment from design to implementation as secure as GovCloud – Terence Yeung, Atos Information Technology HK Limited
Guangzhou, CHINA, June 15, 2015 – The Cloud Security Alliance® (CSA) today announced the launch of CSA C-STAR Assessment, a technology-neutral assessment that leverages Chinese national standards to give customers a greater understanding of the security posture of cloud providers. Along with the launch, CSA announced that China-based Huawei and Bluedon, as well as Hong Kong-based Ribose are in the process of achieving C-STAR certification.
CSA C-STAR Assessment is the latest offering of the CSA’s Security, Trust and Assurance Registry (STAR) family, the world’s leading cloud provider assurance program. Joining CSA STAR’s self-assessment, ISO 27001 and SOC-2 products, C-STAR Assessment harmonizes CSA’s globally adopted cloud security framework with Chinese national standards, providing cloud providers and consumers with a trusted security benchmark. C-STAR’s independent assessment methodology establishes a robust security baseline for cloud providers and a roadmap for continuous improvement in security maturity.
“Organizations that outsource to cloud service providers often have a number of concerns about the security of their data and information,” said Aloysius Cheang, Managing Director of APAC for the Cloud Security Alliance. “By using the CSA C-STAR Assessment, cloud providers of every size, throughout the Greater China region, will be able to give customers a better understanding of their security management procedures.
We are pleased that leading cloud providers in the region are already achieving their certification, and look forward to expanding the number of certified providers in the coming months.”
The Managing Director of CEPREI, the Chinese national certification body, Mr. Zhao Guoxiang mentioned, ”CEPREI developed C-STAR based on CSA research results together with experience accumulated from more than 10 years of information security management work. As the first internationally aligned cloud security assessment in China, C-STAR is highly recognized by renowned corporations like Huawei, Bluedon and Ribose, and has gained nationwide attention in the cloud computing industry.”
Mainly used in the Greater China area, C-STAR is a rigorous third party independent assessment of the security management of a cloud service provider. C-STAR leverages the requirements of the GB/T 22080-2008 management system standard together with the CSA Cloud Controls Matrix. The C-STAR Assessment is based on GB/T 22080-2008 and the specified set of criteria outlined in the Cloud Controls Matrix, plus related requirements of GB/T 22239-2008 and GB/Z 28828-2012. C-STAR’s close alignment with the other STAR portfolio products provides a strong assurance bridge for Chinese cloud providers seeking to do business internationally and for international cloud providers seeking opportunities within China.
The Cloud Security Alliance C-STAR Assessment complies with all of the China national requirements and provides flexible solutions to senior management to show where the risks, threats and opportunities lie within a business.
HONG KONG, May 14, 2015 – The Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter today jointly announced results of the second year- “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey.” The report reveals more than 80% of surveyed SMEs have already adopted cloud services to varying degrees. This resulted in a significant climb compared to the 50% adoption rate among SMEs in 2014.
In addition, more than 50% of the SMEs that adopted cloud services believe their Cloud Service Providers (CSPs) can help protect their data. Aside from that, nearly 70% of the SMEs surveyed developed relevant policies to ensure the safety of their customer data since the Personal Data (Privacy) Ordinance has launched. However, over 25% of them have no knowledge regarding how their CSPs process their data and information.
The survey conducted in April this year analyzed SME cloud adoption, in addition to security and privacy readiness in Hong Kong for the second consecutive year. It aims to understand Hong Kong SMEs’ application of cloud technologies, with a key focus to analyze their level of cloud security and privacy readiness. Also, it reveals the market trends to provide useful recommendations to SMEs, by comparing the data from 2014. The survey was sponsored by Microsoft Hong Kong.
Chester Soong, Chairman of Internet Society Hong Kong, said, “Compared to last year, this year’s survey shows SMEs in Hong Kong have seen the importance of data security, especially those who hired external parties to conduct security audit and certification reviews in the past. An increase of 40% SMEs have started to formulate policies towards data security. The report also reveals, more than 50% of surveyed SMEs consider cloud services as one of the solutions to resolve data security issues. This indicates SMEs started to realize the higher level of data security they can enjoy, by adopting reliable cloud services.”
Claudius Lam, Chairman of Cloud Security Alliance Hong Kong and Macau Chapter, analyzed, “In response to the recent public concern towards personal data privacy, we added in particular questions. The results indicated around 70% of the respondents have policies to comply with the ordinance since the Personal Data (Privacy) Ordinance has been enacted, representing their concern on protection of personal data. However, a quarter of the surveyed SMEs using cloud services have uncertainty on how their CSPs would use their data and personal information. More than half of them will disapprove their CSPs to look at and use their company or customer data for marketing purpose. We recommend SMEs should look for CSPs who comply with international standards, like ISO/IEC 27018. The latter provides guidelines for CSPs concerning the protection of personally identifiable information.”
Alan Chan, National Technology Officer of Microsoft Hong Kong Limited, stated, “Microsoft has been committed to helping SMEs utilize technology to strive for greater competitiveness. In fact, given the pace of the cloud services market rapidly being developed, we have recorded triple-digit growths year-on-year. And, 80% of the SMEs in the survey also adopt and benefit from a myriad of cloud services. In view of the limited resources and expertise SMEs encounter, it is recommended to consider reliable and enterprise-class CSPs to provide proper cloud services with the right business models. This would help to better protect its business data and property with an efficient approach. Aside from that, SMEs can now enjoy enterprise-class data and privacy protection such as data loss prevention and email encryption at a more affordable cost.
Pushpa Jayanna, Chief Operating Officer of Just Service, shared: “Just Service, a SME in Hong Kong, is a specialist service provider and a licensed life insurance broker. We have started deploying Microsoft Office 365 and CRM online half a year ago. Like many other local enterprises, we strictly comply with the Personal Data (Privacy) Ordinance provision, to ensure our business governance and sustainability. Therefore, we have to ensure our CSP is qualified in conjunction with the ordinance, and is able to provide relevant services at international standards. An example of these standards is ISO/IEC 27018, the code of practice for protection of personally identifiable information, released earlier. This guideline helps SMEs to select an appropriate CSP and do overall management more easily and effectively.”
The Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security and Privacy Readiness Survey was conducted by the Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter, who commissioned the Hong Kong Productivity Council (The Council) to carry out telephone interviews to Hong Kong SMEs (10 – 100 employees) over the course of three weeks and to review data from the Census and Statistics Bureau. The Council successfully collected 168 responses to the survey. The research covered major industry sectors in Hong Kong. The survey questionnaire was developed based on the Cloud Security Alliance Cloud Control Matrix international standard with questions adapted to local conditions. The survey was sponsored by Microsoft Hong Kong.
2012 年 5 月 17 日，雲端安全聯盟香港及澳門分會正式成立，當日聯盟更於香港數碼港舉行名為“建立對雲端運算之信心”(Building Trust in Cloud Computing) 峰會，出席演講嘉賓包括香港政府資訊科技總監賴鍚璋，雲端安全聯盟行政總裁 Jim Reavis，美國國家標準技術研究所高級計算機科學家 Tim Grance 等等，Linuxpilot 一直關注雲端運算產業發展，於會上訪問了雲端安全聯盟亞太區執行委員會主席 Ken Low，他本人同時是趨勢科技新加坡公司企業安全部總監，是雲端安全領域的專家。
A 我們也明白用戶在選擇雲端運算供應商時需要指引，所以在 2011 年第四季推出 CSA Security, Trust & Assurance Registry（CSA STAR），作為一個免費、公開的安全信任保證登錄。不論大小的 IaaS、SaaS 與 Paas 雲端供應商，如通過內部審核，確認已遵照我們的指引執行安全措施，便可以在 CSA STAR 上免費註冊，用戶在與雲端供應商簽約之前，可先行查詢其資安狀況，從而加速評估速度，創造更佳的採購經驗。