Asia-Pacific Broadcasting (APB) BroadcastAsia2016 Show Daily - Day 2 | Page 23

23 BROADCASTASIA2016 SHOWDAILY 23 1 June 2016 Reaching international audiences through cloud-enabled video distribution Compared to five years ago, do you think companies are more readily embracing cloud-based technologies, and why is this so? David Siah: Definitely. Data collated by Gartner shows that by 2017, 36% of healthcare, 27% of insurance providers and 25% of governments will have a hybrid cloud model. This is significant as these verticals are the ones with the most sensitive data; if they’re migrating to cloud-based systems and software, it says something about the entire market. In Asia-Pacific, Singapore is one of the most passionate adopters of cloud technology as the country moves toward building a Smart Nation. Companies here are expected to use an average of four to five cloud service providers by 2018, up from three currently, according to Rackspace. Such enthusiasm and readiness to embrace cloud-based technologies can be attributed to several factors. First, government support is instrumental in building an ecosystem that’s cloud-friendly and making sure cloud services David Siah, country manager, Singapore, Trend Micro, and chairman of the Cloud Security Alliance, will be presenting at Thursday’s BroadcastAsia2016 International Conference Track T4: Cloud Distribution — Next Generation Media Delivery Systems. Here, he discusses cloud-based technologies, particularly from a security perspective. are compliant with international or national cloud-related standards. Singapore is the world’s first to devise a Multi-Tier Cloud Security Standard (MTCS) in 2013, and since then many cloud service providers (CSPs) and independent software vendors have achieved MTCS certification, laying the groundwork for a nationwide adoption. How is cloud security different from traditional cybersecurity? Siah: In traditional data centres, perimeter controls are the most common approach to security, including perimeter firewall, demilitarised zones (DMZ), network segmentation, intrusion detection and prevention systems (IDS/IPS), and network monitoring tools. Even in virtualisation where some of the perimeters evaporate, security mechanisms are still applied to virtualised servers. In the cloud, a perimeter is all over the map. Not only do security engineers have to extend such perimeters to cloud, but also restrict access to prevent users on shared machines from jumping to missioncritical data. When using cloud services, organisations must also establish where the data resides (domestically or overseas), who has control over the data and who is responsible when a breach happens. Stewardship of data is an important consideration in cloud deployments. As companies subscribe to multiple cloud services, the cloud environment can get complex for a company, especially when there’s no one-size-fits-all security approach across IaaS, SaaS, Platformas-a-Service (PaaS), or Databaseas-a-Service (DaaS). Typically, cloud security needs to incorporate traditional security measures, plus access control, data management, and encryption on top. What are some of the strategies/ best practices for cloud-based companies approaching security? Siah: The cornerstone of cloud security is encryption as companies are practically relinquishing control of their data and entrusting cloud service providers to protect it for them. However, cloud encryption provides an added level of management, as well as peace of mind, when transmitting information to cloud vendors. When dealing with multi-tenant public cloud, or inter-departmental shared resources of a private cloud, how encryption keys are stored and accessed is as important as securing data. In such scenarios, policybased key management can help ensure that data is only accessed in permitted locations. In addition to encryption, companies should also limit which servers can gain access to their missioncritical data. When a server makes an encryption key request, the encryption solution must be able to authenticate the server, with identity-based validations or even integrity checks, making sure that the requesting server has updated security in place before releasing the encryption keys. ADDENDUM BROADCASTASIA2016 EXHIBITORS EXHIBITOR BOOTH AMETIC...................................5K6-01 /5F6-01 APB - ASIA-PACIFIC BROADCASTING................ 4D2-27 ARISTA NETWORKS......... 5M7-02 DELUXE.................................. 4D4-25 EMOTION SYSTEMS.......... 5D4-02 ORACLE..................................5C2-01