Asia-Pacific Broadcasting (APB) BroadcastAsia2016 Show Daily - Day 2 | Page 23
23
BROADCASTASIA2016 SHOWDAILY 23
1 June 2016
Reaching international audiences
through cloud-enabled video distribution
Compared to five years ago, do
you think companies are more
readily embracing cloud-based
technologies, and why is this so?
David Siah: Definitely. Data collated by Gartner shows that by
2017, 36% of healthcare, 27% of
insurance providers and 25% of
governments will have a hybrid
cloud model. This is significant as
these verticals are the ones with
the most sensitive data; if they’re
migrating to cloud-based systems
and software, it says something
about the entire market.
In Asia-Pacific, Singapore is one
of the most passionate adopters of
cloud technology as the country
moves toward building a Smart Nation. Companies here are expected
to use an average of four to five
cloud service providers by 2018,
up from three currently, according
to Rackspace.
Such enthusiasm and readiness to embrace cloud-based
technologies can be attributed to
several factors. First, government
support is instrumental in building
an ecosystem that’s cloud-friendly
and making sure cloud services
David Siah, country manager, Singapore,
Trend Micro, and chairman of the Cloud
Security Alliance, will be presenting at
Thursday’s BroadcastAsia2016 International
Conference Track T4: Cloud Distribution —
Next Generation Media Delivery Systems.
Here, he discusses cloud-based technologies, particularly
from a security perspective.
are compliant with international or
national cloud-related standards.
Singapore is the world’s first to
devise a Multi-Tier Cloud Security
Standard (MTCS) in 2013, and since
then many cloud service providers
(CSPs) and independent software
vendors have achieved MTCS certification, laying the groundwork
for a nationwide adoption.
How is cloud security different
from traditional cybersecurity?
Siah: In traditional data centres,
perimeter controls are the most
common approach to security,
including perimeter firewall, demilitarised zones (DMZ), network
segmentation, intrusion detection
and prevention systems (IDS/IPS),
and network monitoring tools.
Even in virtualisation where some
of the perimeters evaporate, security mechanisms are still applied to
virtualised servers.
In the cloud, a perimeter is all
over the map. Not only do security
engineers have to extend such perimeters to cloud, but also restrict
access to prevent users on shared
machines from jumping to missioncritical data.
When using cloud services,
organisations must also establish
where the data resides (domestically or overseas), who has control
over the data and who is responsible when a breach happens. Stewardship of data is an important consideration in cloud deployments.
As companies subscribe to
multiple cloud services, the cloud
environment can get complex for
a company, especially when there’s
no one-size-fits-all security approach across IaaS, SaaS, Platformas-a-Service (PaaS), or Databaseas-a-Service (DaaS). Typically,
cloud security needs to incorporate
traditional security measures, plus
access control, data management,
and encryption on top.
What are some of the strategies/
best practices for cloud-based
companies approaching security?
Siah: The cornerstone of cloud
security is encryption as companies
are practically relinquishing control
of their data and entrusting cloud
service providers to protect it for
them. However, cloud encryption
provides an added level of management, as well as peace of mind,
when transmitting information to
cloud vendors.
When dealing with multi-tenant
public cloud, or inter-departmental
shared resources of a private cloud,
how encryption keys are stored and
accessed is as important as securing data. In such scenarios, policybased key management can help
ensure that data is only accessed
in permitted locations.
In addition to encryption, companies should also limit which servers can gain access to their missioncritical data. When a server makes
an encryption key request, the
encryption solution must be able
to authenticate the server, with
identity-based validations or even
integrity checks, making sure that
the requesting server has updated
security in place before releasing
the encryption keys.
ADDENDUM
BROADCASTASIA2016
EXHIBITORS
EXHIBITOR BOOTH
AMETIC...................................5K6-01
/5F6-01
APB - ASIA-PACIFIC
BROADCASTING................ 4D2-27
ARISTA NETWORKS......... 5M7-02
DELUXE.................................. 4D4-25
EMOTION SYSTEMS.......... 5D4-02
ORACLE..................................5C2-01