
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Better the devil you know than the devil you don’t. The old adage holds true for cyberattacks. Kaspersky Labs have found that Advanced Persistent Threats (APT) were looming in the Asian region. What’s worrying is the less familiar threat actors which the researchers have little experience combating.
There have been a significant number of attackers who have targeted or timed their campaigns around sensitive geopolitical incidents.
Kaspersky laps are constantly uncovering new tools, techniques and campaigns being launched by APT groups, some of which have been dormant for years. Asia being a bustling business hub have been the epicentre of APTs over the past decade. Regional groups such as the Korean-speaking Lazarus and Scarcuft were humming with activities. Researchers also discovered an implant called LightNeuron that have been used by the Russian-speaking Turla to take Central Asia and the Middle East as prey.
The following are Kaspersky Lab’s log of global cyber-attacks.
The Olympic Destroyer makes a come back
Bad things come in pairs. Research suggests that the faceless actor responsible for Olympic Destroyer just might be the culprit for the latest Russian-speaking threat actor Sofacy. The Olympic Destroyer a potent malware that caused mass disruption in the 2018 Winter Olympics in Pyeonchang, made a comeback targeting financial organizations in Russia. It also attempted to attack biochemical threat prevention laboratories in Europe and Ukraine.
The Lazarus Group’s Cyberespionage Campaign
The Lazarus group also known as the BlueNoroff is one of the world’s most notorious cybercrime groups, made up of an unknown number of individuals. This high profile APT targeted several financial institutions in Turkey and casinos in Latin America, as part of a cyberespionage campaign. Despite the ongoing North Korean peace talks, these attacks suggests that the Lazarus Group is financially motivated.
Scarcruft the Relatively New but Potent APT
Researchers have recently observed a relatively high activity from the Scarcruft APT. This particular threat actor has taken victims from Russia, Nepal, South Korea, China, India, Kuwait and even Romania. They do this by using Android malware and launching an operation with new backdoor researchers named POORWEB.
Smell a Rat? It’s LuckyMouse APT.
LuckyMouse APT goes by APT 27. The ambiguity in name allowed the Chinese-speaking threat actor to abuse Asian Internet Service Providers (ISP). LuckyMouse APT launched a waterhole attack through high profile websites. The vicious attack targeted the website’s end users. By infecting the website, the APT is able to gain unauthorized access into the end user’s networks, and eventually their place of employment’s network.
The attacks were strife in Kazakh and Mongolian governmental entities. Unsurprisingly, the attacks were around the time when these governments had a meeting with the People’s Republic of China’s statesmen.
The VPNFilter Campaign
Domestic networking hardware and storage solutions were threatened by the VPNFilter campaign. The Campaign was uncovered by Cisco Talos and the FBI. The FBI attributes the VPNFilter campaign to Sofacy or Sandworm. [wtheck is sofacy and sandworm].
The threat can even inject malware into traffic in order to infect computers behind the infected networking device. Most worryingly, Kaspersky Lab’s analysis confirmed that traces of this campaign can be found in almost every single country.
Concluding Remarks
All in all, the second quarter of 2018 revealed interesting developments in APT activity. The threats received only confirm the fear of how destructive APT activity can be. Kaspersky advices that networking hardware is predisposed to targeted attacks. Furthermore, warnings regarding the
The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com
The Q2 APT Trends summary report can be found on Securelist
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Oak Ridge National Laboratory (ORNL) has introduced the Centre for AI Security Research (CAISER) to confront the existing threats stemming from the widespread adoption of artificial intelligence by governments and industries worldwide. This move concedes the potential benefits of AI in data processing, operational streamlining, and decision-making while acknowledging the associated security challenges.
ORNL and CAISER will collaborate with federal agencies such as the Air Force Research Laboratory’s Information Directorate and the Department of Homeland Security Science and Technology Directorate. Together, they will conduct a comprehensive scientific analysis to assess the vulnerabilities, threats, and risks associated with emerging and advanced artificial intelligence, addressing concerns ranging from individual privacy to international security.
Susan Hubbard, Deputy for Science and Technology at ORNL, emphasised this endeavour, “Understanding AI vulnerabilities and risks represents one of the most significant scientific challenges of our time. ORNL is at the forefront of advancing AI to tackle critical scientific issues for the Department of Energy, and we are confident that our laboratory can assist DOE and other federal partners in addressing crucial AI security questions, all while providing valuable insights to policymakers and the general public.”
CAISER represents an expansion of ORNL’s ongoing Artificial Intelligence for Science and National Security initiative, which leverages the laboratory’s unique capabilities, infrastructure, and data to accelerate scientific advancements.
Prasanna Balaprakash, Director of AI Programmes at ORNL, emphasised that AI technologies substantially benefit the public and government. CAISER aims to apply the lab’s expertise to comprehensively understand threats and ensure AI’s safe and secure utilisation.
Previous research has highlighted vulnerabilities in AI systems, including the potential for adversarial attacks that can corrupt AI models, manipulate output, or deceive detection algorithms. Additionally, generative AI technologies can generate convincing deepfake content.
Edmon Begoli, Head of ORNL’s Advanced Intelligent Systems section and CAISER’s founding director emphasised the importance of addressing AI vulnerabilities. CAISER aims to pioneer AI security research, developing strategies and solutions to mitigate emerging risks.
CAISER’s research endeavours will provide federal partners with a science-based understanding of AI risks and effective mitigation strategies, ensuring the reliability and resilience of AI tools against adversarial threats.
They provide educational outreach and disseminate information to inform the public, policymakers, and the national security community.
CAISER’s initial focus revolves around four national security domains aligned with ORNL’s strengths: AI for cybersecurity, biometrics, geospatial intelligence, and nuclear nonproliferation. Collaboration with national security and industry partners is critical to these efforts.
Col Fred Garcia, Director of the Air Force Research Laboratory (AFRL) Information Directorate, expressed confidence in CAISER’s role in studying AI vulnerabilities and safeguarding against potential threats in an AI-driven world.
Moreover, as ORNL celebrates its 80th anniversary, CAISER embodies the laboratory’s commitment to solving complex challenges, advancing emerging scientific fields, and making a global impact. With its established cybersecurity and AI research programmes, ORNL is well-suited to pioneer AI security research through CAISER.
Moe Khaleel, Associated Laboratory Director for National Security Sciences at ORNL, highlighted the laboratory’s legacy of scientific discovery in various fields and emphasised CAISER’s role in scientifically observing, analysing and evaluating AI models to meet national security needs.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
In its ongoing commitment to reshape the vulnerability management landscape, the Cybersecurity and Infrastructure Security Agency (CISA) announced the integration of the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard into its security advisories, tailored for Industrial Control Systems (ICS), Operational Technology (OT), and Medical Devices.
The contemporary risk environment presents organisations with an intricacy of vulnerabilities, creating challenges in effectively managing them. To address this, CISA recognises the crucial role of automation in enhancing the efficiency of vulnerability management efforts. CSAF is a pivotal solution to usher in this automation era by enabling the automated production, distribution, and consumption of security advisories.
This integration of CSAF can reduce the time lag between the vulnerabilities and their remediation by businesses. Moreover, it lays the foundation for developing future tools and mechanisms for automated vulnerability information sharing. This forward-looking approach reflects CISA’s commitment to proactively address the evolving threat landscape and empower organisations to respond effectively to emerging vulnerabilities.
By embracing CSAF Version 2.0, CISA aims to bring about a paradigm shift in vulnerability management, addressing the complexities of the contemporary digital landscape. The organisation’s focus on automation is driven by recognising that efficient responses to vulnerabilities are paramount in safeguarding critical systems and infrastructure. This initiative underscores CISA’s dedication to bolstering the cybersecurity resilience of organisations in an environment characterised by constant change and innovation.
This transition to the CSAF format signifies a pivotal development beyond document formatting. It sets the stage for broader vulnerability response and coordination initiatives at CISA, fostering greater automation and streamlining the drafting and publication processes for these increasingly critical ICS Advisories. This deliberate move aligns with CISA’s mission to proactively address vulnerabilities and bolster cybersecurity in a dynamic threat landscape.
CISA extends a proactive call to action to software and hardware vendors, encouraging them to embrace the CSAF framework for their security advisories. The OASIS CSAF 2.0 standard webpage is a comprehensive resource for vendors, offering detailed insights and background information about this framework.
By adopting CSAF, vendors can contribute to the evolution of cybersecurity practices, fostering greater standardisation and efficiency in disseminating critical security information. This collective effort ensures that stakeholders across the cybersecurity landscape can respond effectively to emerging threats and vulnerabilities, thereby enhancing the resilience of digital ecosystems.
Additionally, this alignment with CISA’s proactive strategy streamlines vulnerability management and enhances the overall security posture of software and hardware products. By adopting the CSAF 2.0 standard, vendors and providers contribute to a more efficient and coordinated response to emerging threats. This, in turn, reinforces the resilience of critical infrastructure and digital systems in an increasingly complex and dynamic threat landscape.
Embracing the CSAF framework fosters interoperability and information exchange among stakeholders. It allows for a more structured and standardised way of communicating security advisories, making it easier for organisations to understand, prioritise, and act upon vulnerabilities effectively. This collaborative approach ensures that the cybersecurity community can collectively address emerging threats quickly and precisely, reducing potential risks and minimising the impact of security incidents.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Mr Prasert Chandraruangthong, Minister of Digital Economy and Society, has highlighted the alarming issue of cybercrimes that have recently afflicted society. He acknowledged the severity of the situation, where people have been left devastated due to the scorching impact of online scams perpetrated by call centre gangs.
The rise of online thieves and the activities of call centre gangs have created an unprecedented challenge for law enforcement and security agencies. Over six months, from March 2022 to August 2023, 320,000 cases of cybercrimes have been reported. This figure averages about 600 instances daily, depicting the relentless assault on individuals and organisations.
The financial toll inflicted by these cyber criminals amounts to 43,700 million baht. This translates to an average daily loss of 80 million baht, underscoring the economic consequences of these activities.
It is abundantly clear that conventional approaches to preventing and suppressing cybercrimes are proving insufficient in the face of this growing menace. The traditional methods employed by law enforcement agencies need help to cope with these digital threats. Therefore, it has become imperative to reassess and revamp the existing strategies.
There is a compelling need for a comprehensive policy overhaul in response to this pressing issue. Mr Prasert Chandraruangthong recognises that tackling this multifaceted problem demands a more holistic and innovative approach.
- Establish the Anti Online Scam Operation Centre (AOC) as a Stop Service to monitor, prevent, and suppress online theft. They are utilising technology, including an Intelligent Assistant (IA) and a data-driven platform, to collect, analyse, and predict suspicious activities, such as financial transactions and phone usage, with AI technology and data scientists. Collaborate with banks and telecom providers to enhance efficiency and provide quick assistance to citizens.
- Create a war room under AOC to swiftly address issues like frozen financial accounts, aiming to resolve them within 1 hour of victim notification. Collaborate with relevant agencies, set KPIs, and establish timelines for bank operations.
- Form specialised teams (Special Taskforce) to promptly address financial fraud, online gambling, and other related issues.
- Enhance cooperation with major online platforms, urging them to take social responsibility by preventing fraudulent advertisements. Collaborate with mobile companies to identify and block suspicious numbers.
- Implement proactive public relations efforts to reach a wider audience and cooperate closely with law enforcement agencies, both domestically and internationally, to apprehend cybercriminal leaders and recover victims’ assets. Advocate for legal amendments to keep pace with evolving technology and online threats.
It involves enhancing cybersecurity measures and raising public awareness and cooperation to create a united front against cyber criminals. Through these concerted efforts, the government aims to stem the tide of cybercrimes and restore a sense of security and trust in the digital realm.
“I believe that swift action is key to problem-solving. Notifications should be resolved within one hour, and the use of Intelligent Assistant technology aids operators with accurate information. The focus is on eradicating online criminal syndicates, particularly in activities like horse racing accounts and horse sims, while leveraging data and comprehensive analysis. This integrated and strategic approach will significantly decrease online crime issues, with the goal of nearly eliminating financial fraud,” concluded Mr Prasert Chandraruangthong.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Senior Minister of State Dr Janil Puthucheary expressed his appreciation for the Singtel Cyber ELEVATE programme, highlighting its focus on bolstering cyber resilience among Small and Medium Enterprises (SMEs). This initiative demonstrates the importance of collective efforts in nurturing a strong cybersecurity ecosystem.
SMS Janil emphasised the critical role cybersecurity plays in realising Singapore’s Smart Nation vision. Trust in digitalisation and technology is paramount for individuals, businesses, and the nation as a whole. Maintaining this trust hinges on robust cybersecurity measures, as one breach can erode confidence and deter digital adoption.
The article underscores the significance of cybersecurity for businesses, both large corporations and SMEs. Just as individuals rely on technology for convenience and efficiency, companies harness digitalisation to reduce costs and explore new opportunities. However, poor cybersecurity can undermine trust, dissuading customers and employees from engaging with a business’s digital tools.
While SMEs may perceive cybersecurity as a daunting challenge due to limited resources, they possess an advantage in their relatively smaller attack surface. Implementing basic cybersecurity measures, such as antivirus software and data backups, can significantly improve their security posture. The government, through the Cyber Security Agency (CSA), offers resources and support to help SMEs enhance their cybersecurity.
The article also highlights CSA’s Chief Information Security Officers (CISOs)-as-a-Service scheme, which provides SMEs with funding support and tailored cybersecurity plans. The Cyber Essential and Cyber Trust marks, part of a certification scheme, enable organisations to demonstrate their commitment to cybersecurity, differentiating them in the market.
SMS Janil encourages businesses to adopt these cybersecurity initiatives, emphasising that cybersecurity is a collective effort that involves the government, industry, and the community. The Singtel Cyber ELEVATE Programme is cited as a prime example of such collaborative efforts. The programme offers workshops and incident response assistance to SMEs, with substantial funding support through SSG grants.
By stressing that cybersecurity is fundamental for Singapore’s digitalisation journey and calling on all stakeholders to contribute to strengthening the nation’s cyber defences. The Minister emphasises that active participation and commitment to cybersecurity are essential for collective advancement and a secure digital future.
Further, OpenGov Asia recently reported that the enduring warmth between Singapore and Canada finds new purpose in their robust bilateral cooperation, now extending to the realm of cybersecurity through the renewed Canada-Singapore Cybersecurity Memorandum of Understanding (MoU). This partnership underscores the paramount importance of a secure cyberspace.
One key aspect of this agreement is the facilitated exchange of critical cybersecurity information, enabling both nations to swiftly share threat intelligence, indicators, and best practices. This real-time sharing equips them to respond effectively to emerging cyber threats.
Also, the MoU places a strong emphasis on skill development, recognising the rapidly evolving nature of cybersecurity. By investing in the growth of their cybersecurity professionals, Canada and Singapore ensure they stay well-prepared and up-to-date with the latest techniques and technologies, fortifying their cyber defences.
Capacity building is another significant facet of the MoU. It empowers both nations to develop the necessary capabilities for rapid cyber incident response, including tools, processes, and expertise.
Beyond national borders, this collaboration has global implications, strengthening both countries’ positions in international cybersecurity discussions and partnerships. It underscores the importance of international cooperation in addressing the borderless challenge of cybersecurity.
The MoU also protects important assets and business interests in both countries, which is important for keeping the economy stable and safe in today’s digital, interconnected world.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
The Ministry of Information and Communications (MIC) unveiled a draft decree earlier this year concerning the management, provision, and use of internet services, slated to replace the existing Decree 72. Under the proposed regulations, social networks will be required to remove content that violates the rules, with corresponding measures taken against offending accounts, community pages, and content channels. According to MIC, these heavy sanctions are expected to help clean up cyberspace.
The new draft decree includes more stringent requirements and more severe penalties for offenders. Organisations and individuals offering services, whether within Vietnam or internationally, are mandated to prevent and delete content that breaches the law immediately, once this is required by MIC. In cases where unreasonable content is not removed as instructed, MIC will employ technical measures to block websites, applications, and platforms that offer these services.
A notable addition in the draft decree compels social networks to temporarily or permanently suspend the accounts, community pages, community groups, and content channels that frequently breach regulations or engage in severe violations that impact national security. The regulations designed by MIC aim to address the sources of violations and reduce the time and resources expended by agencies in blocking and removing content in violation.
An industry expert has noted that that information is spreading rapidly across both domestic and international social networks. Failure to promptly address harmful information could lead to significant consequences for individuals and businesses. Moreover, inaccurate information concerning government policies circulating on social networks could severely undermine the reputation and functioning of state agencies.
The call for the immediate removal of violating content and the decision to suspend offending accounts can effectively resolve multiple issues simultaneously. In such a scenario, platforms will bear the responsibility of monitoring user posts, while users will need to be accountable for the content they generate.
It is essential to establish clear guidelines regarding the types of violations that need to be addressed and how much time platforms are allowed to do this. If the violations have relations with national security, they must be handled immediately. In this case, platforms must remove information in violation as soon as the watchdog agency sends links containing the violating information, with no need to send written requests. For other types of violations, it may be more practical to provide platforms with a reasonable amount of time to conduct thorough investigations into the cases before taking action.
With the ongoing digital transformation, the volume of sensitive data stored on digital platforms has surged, underscoring the importance of securing data as a critical priority. The National Cyber Security Centre (NCSC) has issued a warning regarding an increasingly serious scam involving the utilisation of deepfake technology to capture the movements and voices of unsuspecting victims for fraudulent purposes. This manipulation has resulted in financial losses for numerous individuals. It is anticipated that this artificial intelligence (AI)-based deception will evolve further in the future, becoming even more sophisticated and deceptive.
Personal data serves as the foundational building blocks for government and business databases. As a result, these data are regarded as invaluable resources for organisations and individuals to gather and use. The legitimate and lawful use of this data yields significant value. However, illegal activities that compromise personal data, leading to infringements on national security, social order, and security, can have severe consequences.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
In the rapidly evolving digital landscape of today, organisations are increasingly turning to multi-cloud systems to take advantage of their flexibility, scalability, and cost-efficiency. However, this shift often brings about complex challenges in the realms of identity management and security.
To fully capitalise on the benefits of cloud computing while safeguarding their data and operations, businesses are now placing a high priority on certain objectives. These include automating security measures, mitigating risks, and effectively managing identities within the multi-cloud environment.
Enhancing security in multi-cloud systems heavily relies on automation. Automation empowers enterprises to promptly address threats, identify vulnerabilities, and maintain continuous monitoring of their cloud infrastructure. Automated security systems possess the capability to analyse extensive datasets, pinpointing trends and anomalies that may go unnoticed by human observers.
By taking a proactive approach, businesses can not only reduce downtime and financial risks but also significantly lower the chances of data breaches. Mitigating risks in a multi-cloud setting calls for the implementation of a comprehensive strategy. This encompasses establishing robust encryption, access control, and data loss prevention protocols across all cloud providers and applications.
Additionally, it is crucial to adopt a unified security framework that provides centralised visibility and control over the entire multi-cloud ecosystem within an organisation. Such an approach streamlines risk management by ensuring consistent policy enforcement, threat detection, and incident response procedures.
Identity management plays a vital role in multi-cloud security, especially when individuals like customers, partners, and employees access resources from various devices and locations. Identity and Access Management (IAM) assume a pivotal role in this context, enabling organisations to enforce precise access controls, ensuring that only authorised users can access resources.
Furthermore, IAM systems offer single sign-on (SSO) capabilities, which not only enhance security but also simplify the user experience by allowing users to access multiple resources with a single set of credentials.
As businesses increasingly embrace multi-cloud architectures to protect their data, assets, and reputation in today’s interconnected digital landscape, the adoption of automation and robust security practices becomes imperative.
A comprehensive cloud strategy that encompasses automated security measures, risk reduction strategies, and effective identity management in multi-cloud environments is foundational. Prioritising these elements empowers organisations to mitigate risks and fully harness the benefits of multi-cloud setups.
The OpenGov Breakfast Insight on 26 September 2023 convened Singapore’s leading technology experts at the Voco Orchard Singapore to discuss the latest developments in digital integration, cybersecurity, cloud computing, and data governance.
Opening Remarks



Mohit Sagar, the CEO and Editor-in-Chief of OpenGov Asia believes the role of IT automation in bolstering cybersecurity has never been more critical, particularly in the face of the growing sophistication of cyber threats.
He highlights the escalating intricacies of modern business infrastructures, compounded by the proliferation of remote work, mobile devices, and the Internet of Things (IoT). These developments have introduced vulnerabilities that traditional security approaches find challenging to combat.
Recent data breaches in Singapore, a global financial and tech hub, also underscore the urgency of robust security measures, highlighting the severe consequences of inadequate security practices in the face of evolving cyber threats.
In this context, Mohit underlines the revolutionary nature of Zero Trust Security, which eliminates the inherent trust traditionally placed in both internal and external entities. The importance of rigorous identity verification for users, devices and applications, emphasising the use of multiple-factor authentication as a core principle of this approach, is key.
“Continuous monitoring serves as a rapid anomaly detection mechanism, while micro-segmentation effectively constrains lateral network movement, ultimately minimising the impact of potential breaches,” he elaborates. “Here, automation assumes a critical role by swiftly analysing data, enforcing access controls, and providing real-time responses to incidents.”
According to Mohit, the adoption of automation is paramount for organisations looking to bolster their security measures. Automation accelerates processes, minimises errors, and empowers proactive threat detection and swift incident responses through real-time analysis.
Additionally, automated patch management guarantees timely updates, thereby reducing exposure to vulnerabilities, while orchestration optimises security tools and processes for efficient threat management
“To defend against modern cyber threats, organisations should employ a comprehensive approach that includes secure coding, infrastructure hardening and Zero Trust principles,” Mohit is convinced. “This strategy safeguards applications with secure coding, regular testing, and continuous monitoring.”
Infrastructure hardening serves to diminish attack surfaces while extending the principles of Zero Trust through stringent access controls and identity-based authentication, thereby fortifying the overall defence. This comprehensive approach integrates application-centric security, infrastructure hardening, and the Zero Trust Architecture, offering a multi-faceted defence against a wide range of threats.
A seamless identity-based framework begins with the establishment of robust Identity and Access Management (IAM) practices, which form the cornerstone of modern security. IAM effectively manages digital identities for users, devices, and applications, enabling precise control over resource access.
Mohit stresses the importance of access control policies that are structured around roles and responsibilities, emphasising their role in mitigating unauthorised access risks. He also underscores the significance of continuous monitoring of user activities, as it bolsters security by identifying unusual behaviour and potential breaches.
Additionally, he recommends that organisations prioritise the security of credentials for critical systems and data. This can be achieved through the implementation of robust password policies and user education. He also suggests that the adoption of password management tools can prove highly beneficial in this regard.
Elevated access management includes securing privileged accounts with strict controls, regular reviews, and just-in-time access. Data encryption safeguards sensitive information at rest and in transit, making unauthorised access ineffective. Continuous monitoring, with real-time alerts for strange behaviour, enables rapid response to possible breaches and improves security overall.
“In today’s evolving cybersecurity landscape, a comprehensive approach is key,” Mohit concludes. “From IT automation to Zero Trust Security and robust identity management, organisations must implement security measures to defend against modern cyber threats and safeguard critical systems and data.”
Welcome Address



Morgan Hite, the Area Vice President for Asia at HashiCorp, recognises the growing complexity of contemporary information technology infrastructure, underscoring the significance of safeguarding and preserving valuable assets for companies.
He agrees that advanced automation solutions can effectively address the intricate security requirements within hybrid and multi-cloud environments. These solutions offer valuable insights into secure asset management, threat detection, and incident response.
The ongoing shift towards cloud adoption is compelling organisations to transition from rigid to more agile infrastructure management, particularly within the public cloud domain. Consequently, IT operations teams are confronted with emerging hurdles.
These challenges include coping with sluggish manual workflows that can lead to errors and inefficiencies. Moreover, development teams may also find themselves burdened by intricate manual processes and less-than-optimal ticketing systems.
Moreover, the obstacles associated with implementing consistent policies not only hamper productivity but also elevate the risks an organisation must contend with. Consequently, having scalable and adaptable infrastructure automation becomes crucial in tackling these challenges effectively. Hence, many organisations opt for solutions that help them steer clear of such complexities.
Morgan explains that HashiCorp assists enterprises in resolving these issues by employing infrastructure as code principles for provisioning, compliance, and management across various domains, including public clouds, private data centres, and third-party services.
“Infrastructure automation plays a pivotal role in efficiently managing the progressively intricate cloud environments that organisations encounter,” he says. “This is a critical component in efforts to maintain security and protect critical assets in a frequently changing environment.”
In a dynamic cloud environment characterised by fluctuating demands, the capability to swiftly adapt and oversee resources emerges as a critical necessity. Automation assumes a pivotal role in guaranteeing efficient scalability, enabling organisations to effortlessly adjust their capacity as required without getting entangled in time-consuming manual processes.
Further, apart from scalability, operational efficiency stands out as another compelling rationale for the implementation of infrastructure automation. Automation empowers organisations to automate routine tasks like provisioning, scheduling, and resource management. Consequently, this not only lessens the burden of manual labour but also mitigates the potential for human errors.
Ultimately, it results in significant time savings when it comes to managing the intricacies of cloud environments.
“Security is another key factor that makes infrastructure automation very important. With automation, organisations can apply security policies consistently across their infrastructure,” Morgan elaborates. “This helps prevent vulnerable configurations and ensures compliance with required security standards. In a world full of security threats, automation helps keep cloud environments safe.”
Additionally, automation serves as a critical tool for enhancing infrastructure resilience. Its capacity to swiftly identify and respond to security incidents or infrastructure failures allows organisations to uphold the availability of their services. In this regard, automation proves invaluable in addressing the challenges that arise within the ever-changing landscape of a dynamic cloud environment.
Morgan strongly emphasises the fundamental importance of implementing infrastructure automation in today’s organisational landscape. He firmly believes that automation not only boosts productivity but also has the potential to curtail risk and optimise expenses, underlining its multifaceted value.
Automation has a positive impact on organisational productivity. By eliminating valuable time-consuming manual workflows associated with cloud infrastructure, organisations can experience significant time savings. That means less time is wasted on tasks like creating, managing and provisioning cloud infrastructure. As a result, the IT team and related staff can focus on more strategic and value-added tasks.
Automation further elevates the level of security by upholding rigorous operational consistency and ensuring compliance with established security policies. In this context, automation serves as a safeguard against the risk of security incidents stemming from human error or policy deviations. By automating security measures, organisations can execute them consistently and with high efficiency, providing a sense of confidence and peace of mind.
Additionally, automation enables organisations to pinpoint and curtail unnecessary or redundant utilisation of cloud resources, leading to significant cost savings. Organisations have the potential to realise substantial savings of up to 40% on their cloud infrastructure costs.
Such significant savings represent an opportunity to allocate budgets more efficiently towards other pressing needs. Consequently, investing in infrastructure automation can yield tangible economic benefits for organisations, freeing up resources for strategic initiatives and growth.
Morgan holds a firm conviction that infrastructure automation constitutes a strategic decision that delivers not only operational advantages but also risk mitigation and the intelligent and efficient allocation of budgets.
This proactive step has proven to have a positive and far-reaching impact on various aspects of an organisation’s operations and finances. In essence, automation acts as a multifaceted asset, enhancing security, reducing costs and streamlining operations for organisations operating in dynamic cloud environments.
Knowledge Insight



Mary Wee, Director of Cloud Services and Support at CPF Board, reflected on the devastating impact of COVID-19 on countless people. The pandemic took many by surprise with its sudden shifts in employment and lifestyle. Consequently, access to essentials such as food, medical services, and education unexpectedly became more challenging for many.
She underscored the paramount importance of preserving continuity and well-being amid the prevailing uncertainty. In a post-pandemic era marked by unprecedented challenges and unforeseen disruptions, maintaining financial stability has emerged as an essential pillar of resilience.
Mary strongly advocates having sufficient financial savings to effectively cope with unforeseen emergencies, particularly those triggered by events like the pandemic. This financial cushion not only imparts a sense of security but also equips individuals and families to surmount economic hardships that may arise unexpectedly. It underscores the pivotal role played by institutions like the Central Provident Fund (CPF) in extending vital financial services to the community.
CPF stands as a pivotal mechanism for helping individuals and families enhance their financial planning. This encompasses a spectrum of considerations, from long-term investments and retirement savings to health protection. By cultivating well-managed financial savings, individuals are better poised to confront challenging circumstances such as a pandemic with a greater sense of readiness and resilience.
The CPF, in this context, serves as a valuable tool in fortifying financial security and enabling individuals to navigate the uncertainties of the future with greater confidence.
Mary also underscored the paramount importance of effectively safeguarding client data, particularly in the context of social enterprises. In an age where data serves as a linchpin for informed decision-making and enhanced client services, the preservation of data security and integrity emerges as a foremost concern.
CPF frequently handles the personal and sensitive information of their clients, including financial, medical and various other personal details. Consequently, they bear a substantial responsibility to shield this data from cyber threats and potential misuse.
The loss of data or a security breach can wield far-reaching consequences, impacting not only client trust but also the seamless functioning of an organisation. It underscores the imperative of unwavering diligence in preserving data security and ensuring the highest standards of data protection to safeguard both clients and the organisation itself.
“In an age where services and operations are increasingly tied to cloud technology, security cannot be ignored,” says Mary. “As such, upholding cloud infrastructure cybersecurity is our top goal since it boosts client satisfaction through quality support.”
When customers entrust their vital data and information to an organisation, they hold the expectation that this data will be handled and stored with the highest level of security. This is not merely a matter of practicality; it is a profound issue of trust.
Mary understands that when customers have the assurance that their data is securely managed within the CPF Board’s cloud infrastructure, their satisfaction with the service provided is assured.
Robust security forms the bedrock of customer trust, and this trust is unequivocally reflected in the quality of service delivered. It’s a symbiotic relationship where security breeds trust, and trust, in turn, elevates the calibre of service provided.
The CPF Board’s commitment to cybersecurity extends beyond the technical aspects; it focuses on instilling a sense of safety and confidence in customers regarding the security of their data. This approach not only engenders customer satisfaction but also contributes to cementing the CPF Board’s reputation as an organisation that is both responsible and trustworthy in its stewardship of client data.
In the multi-cloud era, there has been a significant shift in the locus of control. Instead of relying on physical controls, the emphasis is now shifting to trusted identities, Mary explains. This means each entity must go through an authentication and authorisation process to gain access to a system or resource. By adopting this identity-based framework, they can effectively navigate the complexities of securing dynamic multi-cloud environments while ensuring higher levels of security.
Mary reaffirms the CPF Board’s unwavering dedication to the utmost protection of their clients’ data. They have put significant measures in place by implementing stringent security protocols, which include leveraging the latest in security technology and providing comprehensive training to employees in identifying and mitigating cyber threats.
In addition to these initiatives, they have established rigorous policies governing data management and storage, ensuring compliance with all relevant privacy regulations.
“It’s a holistic strategy where technical prowess combines with a commitment to customer trust, fostering a solid and reliable image for the organisation,” Mary concludes. “This multi-faceted approach underscores CPF’s dedication to the highest standards of data security and privacy, further cementing its reputation as a responsible custodian of client information.”
Closing Remarks



Binny Peh, Head of Partners & Alliances Singapore Public Sector, Amazon Web Services (AWS) expressed her appreciation for the attendees’ perceptive and insightful event as they came together to explore the transformative power of technology in the public sector.
“The discussions and interactions we’ve had reaffirm the pivotal role that technology plays in shaping the future of our societies, and more importantly, in improving the lives of our citizens,” she acknowledges.
Binny confirms that Amazon Web Services is deeply committed to driving innovation and enabling digital transformation for governments and organisations worldwide. “Our mission is to empower you to leverage the cloud to build more agile, efficient, and citizen-centric services. But it’s not just about technology; it’s about the partnerships and alliances we form, the collaborative spirit we nurture, and the shared vision we pursue together.”
She believes that the success they have achieved in the public sector is a collective effort. It’s the result of collaboration between government agencies, industry partners, and technology providers like AWS, “Your insights, your commitment to excellence, and your tireless efforts to push the boundaries of what’s possible are what make this transformation journey so exciting and impactful.”
Binny encouraged the participants to continue fostering innovation, build strong partnerships, and embrace the opportunities that lie ahead. She emphasised the importance of pushing boundaries and harnessing technology to tackle the most critical challenges in communities, ultimately working towards a brighter and more interconnected future for everyone.
“Thank you once again for your participation, your passion, and your dedication to the mission of OpenGov Asia. Together, we can achieve great things, and I look forward to our continued collaboration in shaping a better tomorrow,” Binny ends emphatically.
Li Wen Chi, Group Chief Technology Officer at Cloud Kinetics, expressed his appreciation to OpenGov Asia and all attendees for contributing to the event’s success, highlighting OpenGov Asia’s role as a facilitator of knowledge exchange, innovation and collaboration.
“OpenGov Asia has consistently created effective platforms for sharing ideas, stimulating discussion, building relations and driving change,” he acknowledges. “And this year has been no exception!”



As usual, Wen Chi confirms, the event featured insightful presentations, thought-provoking interactions and valuable networking opportunities, showcasing the dynamic evolution of digital transformation in Asia and the enthusiastic embrace of technology by governments, businesses, and individuals to catalyse positive change.
“One recurring theme of this event has been the pivotal role of technology in addressing our most urgent challenges. We’ve witnessed inspiring instances of technology’s potential for the common good. It’s evident that we’re not merely envisioning the future; we’re actively constructing it collectively,” Wen Chi reiterates.
Cloud Kinetics firmly believes that the cloud represents more than just a technological shift; it embodies a fundamental shift in our approach to business and society. And they are dedicated to leading this transformation, aiming to equip organisations with cutting-edge cloud solutions to navigate the intricacies of the digital era effectively, he confirms.
He encouraged the attendees to take the knowledge, insights, and connections acquired during the event and to further collaborate, share, learn from one another, and collectively strive for an inclusive, sustainable future driven by technology for the betterment of all.
“Remember that innovation knows no boundaries, and together, we can overcome any challenge that comes our way,” Wen Chi concludes, “The road ahead may be uncertain, but with the spirit of collaboration and innovation, we can navigate it successfully.”
In closing, Mohit extended his sincere gratitude to all the esteemed speakers, participants, and partners who graced the event with their presence and wisdom. Their expertise and unwavering commitment to innovation not only illuminated the discussions but charted a course for the future.
“Together, we have explored the limitless possibilities that emerge when governments, industry leaders, and technology providers join forces. We’ve delved into the transformative power of cloud computing,” Mohit appreciates.
It’s crucial, he adds, to acknowledge the transformative potential of AI, cybersecurity, and data analytics in the realm of public services. These technologies are pivotal in shaping the future of government operations and service delivery in several ways
Moreover, Mohit remains strongly convinced that in this era of unprecedented change, collaboration is not just a buzzword; it is the cornerstone of success, “It is through partnerships, alliances, and the exchange of ideas that we can unlock the full potential of technology and effectively navigate the intricate challenges that lie ahead.”
He urged the attendees to persist in the spirit of collaboration, encouraging them to forge new alliances, nurture existing partnerships, and remain open to the opportunities that technology continually unfolds.
“Let us always bear in mind that our collective mission is to enhance the well-being of citizens and stimulate comprehensive growth, “Mohit concludes, “We must keep the broader purpose of our endeavours at the fore and pave the way for a more sustainable and inclusive future for everyone.”
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Dalam lingkungan digital yang terus berubah dengan cepat saat ini, organisasi memanfaatkan sistem multi-cloud untuk mencapai fleksibilitas, skalabilitas, dan efisiensi biaya. Akan tetapi, transisi ini seringkali memunculkan tantangan kompleks terkait pengelolaan identitas dan keamanan.
Untuk sepenuhnya memanfaatkan komputasi cloud sambil melindungi data dan operasi, bisnis sekarang memberikan prioritas pada tujuan-tujuan penting seperti mengotomatiskan langkah-langkah keamanan, mengurangi risiko, dan mengelola identitas secara efektif dalam lanskap multi-cloud.
Peningkatan posisi keamanan dalam sistem multi-cloud sangat bergantung pada otomatisasi. Sebuah otomatisasi memberdayakan perusahaan untuk dengan cepat mengatasi ancaman, mendeteksi kerentanan, dan menjaga pemantauan berkelanjutan terhadap infrastruktur cloud mereka.
Sistem keamanan otomatis memiliki kapasitas untuk menganalisis kumpulan data besar, mengidentifikasi tren dan anomali yang mungkin luput dari pengamatan manusia. Dengan mengadopsi pendekatan proaktif, bisnis tidak hanya dapat mengurangi waktu henti dan risiko finansial, tetapi juga secara signifikan mengurangi kemungkinan pelanggaran data.
Mengurangi risiko dalam lingkungan multi-cloud memerlukan implementasi strategi komprehensif. Ini termasuk pembentukan enkripsi yang kuat, kontrol akses, dan protokol pencegahan kehilangan data di semua penyedia cloud dan aplikasi.
Selain itu, sangat penting untuk mengadopsi kerangka keamanan bersatu yang menawarkan visibilitas dan kontrol yang terpusat atas seluruh ekosistem multi-cloud dalam sebuah organisasi. Pendekatan seperti ini menyederhanakan pengelolaan risiko dengan memastikan penegakan kebijakan yang konsisten, deteksi ancaman, dan prosedur tanggapan insiden yang seragam.
Pengelolaan identitas adalah aspek penting dari keamanan multi-cloud, terutama ketika individu seperti pelanggan, mitra, dan karyawan mengakses sumber daya dari berbagai perangkat dan lokasi. Manajemen Identitas dan Akses (IAM) memainkan peran penting dalam konteks ini, memungkinkan organisasi untuk mengimplementasikan kontrol akses yang tepat untuk memastikan hanya pengguna yang diotorisasi yang dapat mengakses sumber daya.
Selain itu, sistem IAM menawarkan kemampuan single sign-on (SSO), yang tidak hanya meningkatkan keamanan, tetapi juga menyederhanakan pengalaman pengguna dengan memungkinkan pengguna untuk mengakses berbagai sumber daya dengan satu set kredensial.
Seiring dengan maraknya adopsi arsitektur multi-cloud untuk melindungi data, aset, dan reputasi mereka dalam lanskap digital yang saling terhubung saat ini, adopsi otomatisasi dan praktik keamanan yang kuat menjadi sangat penting.
Strategi cloud yang komprehensif yang mencakup otomatisasi posisi keamanan, langkah-langkah pengurangan risiko, dan pengelolaan identitas yang efektif dalam konteks lingkungan multi-cloud adalah hal yang mendasar. Memberikan prioritas pada elemen-elemen ini memungkinkan organisasi untuk mengurangi risiko dan sepenuhnya memanfaatkan kelebihan dari pengaturan multi-cloud.
OpenGov Breakfast Insight telah menghadirkan para pemimpin teknologi di Singapura pada tanggal 26 September 2023 di Voco Orchard Singapore untuk mendiskusikan terkait perkembangan terbaru dalam integrasi data, kemanan siber, cloud, dan tata kelola data.
Salam Pembuka



Mohit Sagar, CEO dan Kepala Redaktur OpenGov Asia, meyakini bahwa peran otomatisasi TI dalam memperkuat keamanan siber adalah penting terutama dalam menghadapi kecanggihan ancaman siber.
Dia menyoroti kompleksitas infrastruktur bisnis modern yang semakin meningkat. Hal ini diperparah oleh peningkatan pekerjaan jarak jauh, perangkat seluler, dan Internet of Things (IoT). Perkembangan ini telah memperkenalkan kerentanan yang sulit ditangani oleh pendekatan keamanan tradisional.
Pelanggaran data baru-baru ini seperti yang terjadi di Singapura, pusat keuangan dan teknologi global, juga menggarisbawahi urgensi untuk menciptakan keamanan siber yang kuat.
Dalam konteks ini, Mohit menekankan untuk memiliki sifat revolusioner dari Keamanan Zero Trust, yang menghilangkan kepercayaan inheren yang biasanya ditempatkan pada entitas internal dan eksternal. Pentingnya verifikasi identitas yang ketat untuk pengguna, perangkat, dan aplikasi, dengan menekankan penggunaan otentikasi multi-faktor sebagai prinsip inti dari pendekatan ini, sangat penting.
“Monitoring berkelanjutan berfungsi sebagai mekanisme deteksi anomali yang cepat, sementara segmentasi mikro secara efektif membatasi pergerakan jaringan lateral, pada akhirnya meminimalkan dampak pelanggaran potensial,” jelasnya. “Di sini, otomatisasi memainkan peran penting dengan cepat menganalisis data, menegakkan kontrol akses, dan memberikan tanggapan waktu nyata terhadap insiden.”
Menurut Mohit, adopsi otomatisasi sangat penting bagi organisasi yang ingin memperkuat langkah-langkah keamanan mereka. Otomatisasi mempercepat proses, meminimalkan kesalahan, dan memberdayakan deteksi ancaman proaktif dan tanggapan cepat melalui analisis waktu nyata.
Selain itu, manajemen patch otomatis menjamin pembaruan tepat waktu, dengan demikian mengurangi paparan terhadap kerentanan, sementara orkestrasi mengoptimalkan alat dan proses keamanan untuk manajemen ancaman yang efisien.
“Untuk bertahan dari ancaman siber modern, organisasi harus menggunakan pendekatan komprehensif yang mencakup pemrograman yang aman, perkuatan infrastruktur, dan prinsip-prinsip Zero Trust,” tekan Mohit. “Strategi ini tentunya dapat melindungi aplikasi melalui pemrograman yang aman, pengujian teratur, dan pemantauan berkelanjutan.”
Pemantapan infrastruktur bertujuan untuk mengurangi permukaan serangan sambil memperluas prinsip-prinsip Zero Trust melalui kontrol akses yang ketat dan otentikasi berbasis identitas, dengan demikian memperkuat pertahanan secara keseluruhan. Pendekatan komprehensif ini mengintegrasikan keamanan berbasis aplikasi, perkuatan infrastruktur, dan Arsitektur Zero Trust, menawarkan pertahanan multi-faset terhadap berbagai ancaman.
Kerangka kerja berbasis identitas yang mulus dimulai dengan pembentukan praktik Manajemen Identitas dan Akses (IAM) yang kuat, yang merupakan dasar keamanan modern. IAM mengelola identitas digital untuk pengguna, perangkat, dan aplikasi, memungkinkan kontrol yang tepat atas akses sumber daya.
Mohit menekankan pentingnya kebijakan kontrol akses yang terstruktur berdasarkan peran dan tanggung jawab melalui penekanan peran mereka dalam mitigasi risiko akses yang tidak sah. Dia juga menekankan pentingnya pemantauan berkelanjutan terhadap aktivitas pengguna, karena ini memperkuat keamanan dengan mengidentifikasi perilaku yang tidak biasa dan potensi pelanggaran.
Selain itu, dia merekomendasikan agar organisasi memprioritaskan keamanan kredensial untuk sistem dan data penting. Hal ini dapat dicapai melalui implementasi kebijakan kata sandi yang kuat dan edukasi user yang holistik.
Manajemen akses yang ditingkatkan mencakup pengamanan akun berhak dengan kontrol ketat, tinjauan teratur, dan akses sesuai kebutuhan. Enkripsi data melindungi informasi sensitif dalam keadaan diam dan saat transit, membuat akses tidak sah tidak efektif. Pemantauan berkelanjutan, dengan peringatan waktu nyata untuk perilaku yang aneh, memungkinkan tanggapan cepat terhadap pelanggaran risiko yang mungkin terjadi dan meningkatkan keamanan secara keseluruhan.
“Dalam lanskap keamanan siber yang terus berkembang saat ini, pendekatan komprehensif sangat penting,” simpul Mohit. “Mulai dari otomatisasi TI hingga Keamanan Zero Trust dan manajemen identitas yang kuat, organisasi harus menerapkan langkah-langkah keamanan untuk membela diri dari ancaman siber modern dan melindungi sistem dan data penting.”
Welcome Address



Morgan Hite selaku Vice President untuk Asia di HashiCorp mengatakan bahwa dengan meningkatnya kompleksitas infrastruktur teknologi informasi yang modern, penting bagi perusahaan untuk mengamankan dan melindungi aset-aset pentingnya. Morgan menyoroti bahwa solusi otomatisasi mutakhir memang dapat secara efektif mengatasi kebutuhan keamanan yang rumit dalam lingkungan hybrid dan multi-cloud, memberikan wawasan tentang manajemen yang aman, deteksi ancaman, dan respons terhadap insiden.
Perubahan ke arah cloud memaksa organisasi untuk melakukan transisi dari pengelolaan infrastruktur yang kaku menjadi lebih dinamis di cloud publik. Konsekuensinya, tim operasi TI harus berurusan dengan berbagai tantangan yang baru muncul seperti kewalahan dengan alur kerja manual yang lambat dan potensi kesalahan yang tinggi. Tim pengembang juga terkadang merasa terhambat oleh proses manual yang rumit dan sistem tiket yang tidak efisien.
Tidak hanya itu, kendala dalam mengimplementasikan kebijakan yang konsisten juga memengaruhi produktivitas dan menambah risiko yang harus dihadapi. Penting bagi organisasi untuk memiliki otomatisasi infrastruktur yang dapat disesuaikan dan diskalakan untuk mengatasi tantangan ini. Oleh karena itu, banyak organisasi yang lebih memilih untuk menghindari kerumitan tersebut. Bahkan, data Cloud Thales 2023 menyebutkan bahwa hanya 41% organisasi yang telah menerapkan kontrol zero trust dalam infrastruktur cloud mereka.
Morgan menjelaskan bahwa HashiCorp memberikan pelayanan instruktur automasi. HashiCorp membantu perusahaan mengatasi masalah ini melalui infrastruktur sebagai kode untuk penyediaan, kepatuhan, dan manajemen di seluruh cloud publik, pusat data pribadi, dan layanan pihak ketiga. Automasi infrastruktur adalah elemen kunci dalam pengelolaan lingkungan cloud yang semakin kompleks. “Ini adalah komponen penting dalam upaya untuk menjaga keamanan dan melindungi aset kritis dalam lingkungan yang sering berubah-ubah.”
Dalam dunia cloud yang dinamis, di mana permintaan dapat berfluktuasi secara drastis, kemampuan untuk dengan cepat menyesuaikan dan mengelola sumber daya menjadi sangat penting. Automasi memainkan peran kunci dalam memastikan skalabilitas yang efisien, memungkinkan organisasi untuk menambah atau mengurangi kapasitas sesuai kebutuhan tanpa melibatkan tindakan manual yang memakan waktu.
Selain skalabilitas, efisiensi operasional adalah alasan penting lainnya untuk menerapkan automasi infrastruktur. Dengan otomatisasi, tugas-tugas rutin seperti penyediaan, penjadwalan, dan manajemen sumber daya dapat diotomatiskan. Hal ini mengurangi beban kerja manual, menghindari kesalahan manusia, dan menghemat waktu yang berharga dalam pengelolaan lingkungan cloud yang kompleks.
Lebih lanjut, Morgan menjelaskan bahwa keamanan adalah faktor kunci lainnya yang menjadikan automasi infrastruktur sangat penting. Dengan otomatisasi, organisasi dapat menerapkan kebijakan keamanan secara konsisten di seluruh infrastruktur mereka. Ini membantu mencegah konfigurasi yang rentan dan memastikan kepatuhan terhadap standar keamanan yang diperlukan. Dalam dunia yang penuh dengan ancaman keamanan, automasi membantu menjaga lingkungan cloud tetap aman.
Selain itu, automasi juga membantu meningkatkan resiliensi infrastruktur. Dengan kemampuan mendeteksi dan merespons insiden keamanan atau kegagalan infrastruktur dengan cepat, organisasi dapat menjaga ketersediaan layanan mereka. Dalam hal ini, automasi membantu menghadapi tantangan-tantangan yang timbul di lingkungan cloud yang dinamis.
Morgan dengan tegas menggarisbawahi betapa esensialnya langkah penerapan otomatisasi infrastruktur dalam lingkungan organisasi saat ini. Dalam pandangannya, otomatisasi tidak hanya berperan dalam meningkatkan produktivitas, tetapi juga berpotensi mengurangi risiko dan mengoptimalkan pengeluaran.
Pertama-tama, otomatisasi membawa dampak positif terhadap produktivitas organisasi. Dengan menghilangkan berbagai alur kerja manual yang sebelumnya memakan waktu berharga terkait infrastruktur cloud, organisasi dapat merasakan penghematan waktu yang signifikan. Itu berarti ada lebih sedikit waktu yang terbuang untuk tugas-tugas seperti penciptaan, pengelolaan, dan penyediaan infrastruktur cloud. Sebagai hasilnya, tim TI dan staf terkait dapat fokus pada tugas-tugas yang lebih strategis dan bernilai tambah.
Selanjutnya, otomatisasi juga berkontribusi pada peningkatan tingkat keamanan. Ini terwujud melalui pemeliharaan konsistensi operasional yang ketat dan penegakan kepatuhan terhadap kebijakan keamanan yang telah ditetapkan. Dalam konteks ini, otomatisasi membantu mengurangi risiko insiden keamanan yang mungkin timbul akibat kesalahan manusia atau pelanggaran kebijakan. Dengan otomatisasi, langkah-langkah keamanan dapat dijalankan dengan konsisten dan efisien, memberikan ketenangan pikiran kepada organisasi.
Namun, salah satu manfaat paling mencolok dari otomatisasi adalah aspek ekonomisnya. Dengan memungkinkan organisasi untuk mengidentifikasi dan mengurangi penggunaan sumber daya cloud yang tidak diperlukan atau berlebihan, otomatisasi dapat menghasilkan penghematan biaya yang substansial.
Bahkan, Morgan mengungkapkan bahwa organisasi dapat menghemat hingga 40% dari biaya infrastruktur cloud mereka. Ini adalah potensi penghematan yang signifikan, yang berarti anggaran yang tersedia dapat dialokasikan dengan lebih efisien untuk kebutuhan lain yang mendesak. Sebagai akibatnya, organisasi dapat mencapai manfaat ekonomis yang nyata melalui investasi dalam otomatisasi infrastruktur.
Dengan demikian, dalam pandangan Morgan, otomatisasi infrastruktur adalah langkah strategis yang tidak hanya memberikan keuntungan operasional, tetapi juga memitigasi risiko serta memastikan penggunaan anggaran yang cerdas dan efisien. Itu adalah langkah yang membawa dampak positif dalam berbagai aspek operasional dan keuangan organisasi.
Knowledge Insight



Pandemi telah menjadi pukulan telak bagi banyak individu, dan telah menyadarkan betapa pentingnya memiliki keamanan finansial di tengah ketidakpastian. Perubahan mendadak dalam gaya hidup dan cara kerja selama pandemi membuat banyak orang merasa tidak siap menghadapinya. Akses ke berbagai kebutuhan dasar seperti makanan, perawatan kesehatan, dan pendidikan tiba-tiba menjadi lebih sulit.
Penting untuk memiliki simpanan finansial yang memadai untuk menghadapi situasi darurat seperti yang disebabkan oleh pandemi. Keamanan finansial ini dapat memberikan ketenangan pikiran dan membantu individu dan keluarga mengatasi tantangan ekonomi yang mungkin muncul. Itu sebabnya keberadaan CPF, atau Central Provident Fund, sangat penting dalam memberikan pelayanan keuangan kepada masyarakat.
CPF adalah salah satu cara untuk membantu individu dan keluarga merencanakan keuangan mereka dengan lebih baik. Ini dapat mencakup investasi jangka panjang, tabungan pensiun, dan perlindungan kesehatan. Dengan memiliki simpanan finansial yang dikelola dengan baik, individu dapat merasa lebih siap menghadapi masa-masa sulit seperti pandemi.
Mary Wee, Director, Cloud Services and Support di CPF Board, mengatakan betapa pentingnya menjaga data klien dengan baik, terutama dalam konteks perusahaan sosial. Dalam era di mana data memiliki peran kunci dalam menginformasikan keputusan dan memberikan layanan yang lebih baik kepada klien, menjaga keamanan dan integritas data merupakan prioritas utama.
CPF seringkali memiliki akses ke informasi pribadi dan sensitif dari klien mereka, termasuk informasi keuangan, medis, atau pribadi lainnya. Oleh karena itu, mereka memiliki tanggung jawab besar untuk melindungi data ini dari ancaman siber dan potensi penyalahgunaan. Kehilangan data atau pelanggaran keamanan dapat berdampak serius tidak hanya pada kepercayaan klien, tetapi juga pada operasi organisasi.
“Menjaga keamanan siber untuk infrastruktur cloud adalah prioritas kami. Dengan menjaga keamanan cloud, kepuasan pelanggan karena pelayanan yang baik akan semakin meningkat,” ujar Mary.
Dalam era di mana layanan dan operasi semakin terkait dengan teknologi cloud, keamanan tidak bisa diabaikan. Ketika pelanggan mempercayakan data dan informasi penting mereka kepada suatu organisasi, mereka mengharapkan bahwa data tersebut akan dikelola dan disimpan dengan sangat aman. Ini bukan hanya masalah praktis, tetapi juga masalah kepercayaan.
Mary Wee memahami bahwa ketika pelanggan merasa yakin data mereka aman dalam infrastruktur cloud CPF Board, mereka akan merasa puas dengan layanan yang diberikan. Keamanan yang kuat adalah dasar dari kepercayaan pelanggan, dan hal ini tercermin dalam kualitas pelayanan yang diberikan.
Oleh karena itu, CPF Board tidak hanya berfokus pada aspek teknis keamanan siber, tetapi juga pada memastikan bahwa pelanggan merasa aman dan yakin dengan keamanan data mereka. Hal ini tidak hanya menciptakan kepuasan pelanggan, tetapi juga membangun reputasi CPF Board sebagai organisasi yang bertanggung jawab dan dapat dipercaya dalam pengelolaan data klien.
Mary Wee telah menegaskan bahwa CPF Board berkomitmen untuk menjaga data klien mereka dengan sangat baik. Mereka telah mengambil langkah-langkah penting dalam mengimplementasikan protokol keamanan yang ketat, termasuk penggunaan teknologi keamanan terkini dan pelatihan karyawan dalam mengenali ancaman siber. Selain itu, mereka juga memiliki kebijakan ketat dalam hal pengelolaan dan penyimpanan data yang mematuhi peraturan privasi yang berlaku.
“Di era multi-cloud, terjadi pergeseran signifikan dalam lokus kontrol. Alih-alih mengandalkan kontrol fisik, sekarang penekanannya beralih ke identitas yang terpercaya. Ini berarti setiap entitas harus melalui proses otentikasi dan otorisasi untuk mendapatkan akses ke sistem atau sumber daya.
Dengan mengadopsi kerangka kerja berbasis identitas ini, organisasi dapat secara efektif menavigasi kompleksitas pengamanan lingkungan multi-cloud yang dinamis sambil memastikan tingkat keamanan yang lebih tinggi,” tutup Mary
Salam Penutup



Binny Peh, Head of Partners & Alliances untuk Singapore Public Sector, Amazon Web Services (AWS), mengungkapkan apresiasinya atas kehadiran peserta yang berwawasan dan berpandangan tajam dalam acara ini saat mereka bersatu untuk menjelajahi kekuatan transformasional teknologi dalam sektor publik.
“Diskusi dan interaksi yang telah kita lakukan telah mengonfirmasi peran sentral teknologi dalam membentuk masa depan masyarakat kita, dan yang lebih penting, dalam meningkatkan kehidupan warga negara kita,” katanya.
Binny mengonfirmasi bahwa Amazon Web Services sangat berkomitmen untuk mendorong inovasi dan memungkinkan transformasi digital bagi pemerintah dan organisasi di seluruh dunia. “Misi kami adalah memberdayakan Anda untuk memanfaatkan cloud untuk membangun layanan yang lebih lincah, efisien, dan berorientasi pada warga. Tapi, ini bukan hanya tentang teknologi; ini tentang kemitraan dan aliansi yang kita bentuk, semangat kolaboratif yang kita pelihara, dan visi yang kita kejar bersama.”
Dia percaya bahwa kesuksesan yang telah mereka capai di sektor publik adalah hasil dari kerja sama antara lembaga pemerintah, mitra industri, dan penyedia teknologi seperti AWS, “Wawasan Anda, komitmen Anda terhadap keunggulan, dan upaya tanpa lelah Anda untuk mendorong batas-batas apa yang memungkinkan telah membuat perjalanan transformasi ini begitu menarik dan berdampak.”
Binny mendorong peserta untuk terus melakukan inovasi, membangun kemitraan yang kuat, dan merangkul peluang yang ada. Dia menekankan pentingnya untuk mendorong batas-batas dan memanfaatkan teknologi untuk mengatasi tantangan paling kritis dalam masyarakat, dengan tujuan akhirnya bekerja menuju masa depan yang lebih cerah dan lebih terhubung untuk semua orang.
“Terima kasih sekali lagi atas partisipasi Anda, semangat Anda, dan dedikasi Anda terhadap misi OpenGov Asia. Bersama-sama, kita dapat mencapai hal-hal besar, dan saya menantikan kerjasama berkelanjutan kita dalam membentuk hari esok yang lebih baik,” Binny mengakhiri dengan tegas.



Li Wen Chi, Group Chief Technology Officer at Cloud Kinetics, Dia menyatakan apresiasinya kepada OpenGov Asia dan semua peserta atas kontribusinya dalam kesuksesan acara tersebut, menyoroti peran OpenGov Asia sebagai fasilitator pertukaran pengetahuan, inovasi, dan kolaborasi.
“OpenGov Asia secara konsisten telah menciptakan platform efektif untuk berbagi ide, merangsang diskusi, membangun hubungan, dan mendorong perubahan,” katanya. “Dan tahun ini tidak terkecuali!”
Sesuai dengan biasanya, Wen Chi memastikan bahwa acara tersebut menampilkan presentasi yang penuh wawasan, interaksi yang merangsang pemikiran, dan peluang jaringan berharga, memamerkan evolusi dinamis transformasi digital di Asia dan dukungan antusiasme terhadap teknologi oleh pemerintah, bisnis, dan individu untuk memacu perubahan positif.
“Salah satu tema berulang dalam acara ini adalah peran penting teknologi dalam mengatasi tantangan-tantangan mendesak kita. Kami telah menyaksikan contoh-contoh inspiratif dari potensi teknologi untuk kebaikan bersama. Jelas bahwa kita tidak hanya membayangkan masa depan; kita sedang secara aktif membangunnya bersama,” tegas Wen Chi.
Cloud Kinetics yakin bahwa cloud mewakili lebih dari sekadar pergeseran teknologi; itu mencerminkan pergeseran mendasar dalam pendekatan kita terhadap bisnis dan masyarakat, dan mereka berkomitmen untuk memimpin transformasi ini, bertujuan untuk memberikan organisasi solusi cloud mutakhir untuk mengarungi kompleksitas era digital dengan efektif.
Wen Chi mendorong para peserta untuk mengambil pengetahuan, wawasan, dan koneksi yang diperoleh selama acara ini dan untuk lebih berkolaborasi, berbagi, belajar satu sama lain, dan bersama-sama berusaha untuk masa depan yang inklusif dan berkelanjutan yang didorong oleh teknologi demi kesejahteraan semua.
“Perlu diingat bahwa inovasi tidak mengenal batas, dan bersama-sama, kita dapat mengatasi setiap tantangan yang datang,” tutup Wen Chi, “Jalan ke depan mungkin tidak pasti, tetapi dengan semangat kolaborasi dan inovasi, kita dapat menavigasinya dengan sukses.”
Dalam penutupan tersebut, Mohit menyampaikan rasa terima kasih yang tulus kepada semua pembicara terhormat, peserta, dan mitra yang memeriahkan acara ini dengan kehadiran dan kebijaksanaan mereka. Keahlian mereka dan komitmen yang teguh terhadap inovasi tidak hanya menerangi diskusi tetapi juga merancang arah untuk masa depan.
“Bersama-sama, kita telah menjelajahi kemungkinan tanpa batas yang muncul ketika pemerintah, pemimpin industri, dan penyedia teknologi bergabung. Kita telah mendalami kekuatan transformatif komputasi awan,” Mohit mengapresiasi.
Hal ini penting, tambahnya, untuk mengakui potensi transformatif dari kecerdasan buatan (AI), keamanan siber, dan analitik data dalam ranah pelayanan publik. Teknologi-teknologi ini sangat penting dalam membentuk masa depan operasi pemerintah dan penyampaian layanan dalam beberapa cara.
Selain itu, Mohit tetap kuat yakin bahwa di era perubahan yang belum pernah terjadi sebelumnya ini, kolaborasi bukan hanya sekadar kata-kata yang digembar-gemborkan; itu adalah pondasi kesuksesan, “Melalui kemitraan, aliansi, dan pertukaran ide, kita dapat membuka potensi penuh teknologi dan secara efektif mengatasi tantangan yang rumit yang ada di depan.”
Dia mendorong peserta untuk terus bergerak dalam semangat kolaborasi, mendorong mereka untuk membentuk aliansi baru, merawat kemitraan yang ada, dan tetap terbuka terhadap peluang yang terus-menerus muncul dari teknologi.
“Marilah kita selalu mengingat bahwa misi kolektif kita adalah untuk meningkatkan kesejahteraan warga negara dan merangsang pertumbuhan yang komprehensif,” Mohit mengakhiri, “Kita harus selalu mempertimbangkan tujuan yang lebih luas dari usaha kita dan membuka jalan menuju masa depan yang lebih berkelanjutan dan inklusif untuk semua orang.”