How businesses should level up their cloud security

ENM Editorial Staff

Rik Ferguson addressing the crowd at CLOUDSEC 2017 Singapore

With the theme "Level Up", CLOUDSEC 2017 in Singapore brought together IT and cybersecurity leaders to share and learn how they can step up their game as cloud becomes pervasive.

Hosted by Trend Micro, the event took place at the Sands Expo and Convention Centre on 22 August 2017.

According to an IDC report, worldwide spending on public cloud is expected to reach US$162 billion by 2020. While the increased adoption of the cloud enables organisations to scale, adapt and be agile, it also exposes organisations to more cyberthreats.

Hence, laws and regulations across countries are getting more stringent to ensure that companies are less likely to be vulnerable to cyberattacks. For instance, China's government approved a cybersecurity law in November 2016, designed to tighten and centralise state control over information flows and technology equipment.

"The law requires agencies and enterprises to improve their ability to defend against network intrusions, and conduct security reviews for equipment and data in strategic sectors," explained Tammie Tham, councillor & Cyber Security Chapter chairman, Singapore Infocomm Technology Federation(SiTF).

In Singapore, the government came up with a Cybersecurity Bill, which is targeted to be introduced by end of this year, said Tham. The bill will establish a framework for the oversight and maintenance of national cybersecurity in Singapore, to minimise the risks of cyberthreats, and empower the Cyber Security Agency (CSA) to carry out its functions.

"However, complying with regulations does not equate to being secure," warned Rik Ferguson, vice president for Security Research of Trend Micro. He pointed out that businesses need to improve security through technologies, people and processes.

Agreeing with him, Steven Sim, lead Group IT Security Centre of Expertise, PSA International, advised businesses to improve security through virtual patching solutions. Using intrusion detection and prevention technologies, virtual patching shields vulnerabilities before they can be exploited. This means that servers and endpoints are protected until patches can be deployed, or indefinitely when systems like Windows Server 2003 go out of support.

Steven Sim, PSA International
Steven Sim, lead Group IT Security Centre of Expertise, PSA International at a panel discussion at CLOUDSEC 2017 Singapore.

As for Dhanya Thakkar, managing director and vice president, Asia Pacific, TrendMicro, he recommended businesses to "use machine learning algorithms, such as neural networks, decision trees, nearest neighbour or clustering, to spot anomalies or classify malware versus goodware."

Dhanya Thakkar, Trend Micro 
Dhanya Thakkar, managing director and vice president, Asia Pacific, TrendMicro, during his keynote titled "Inspiring your Digital Transformation".

1  2  Next Page