Enterprise Singapore launches Scale-up SG to transform high-growth businesses

Enterprise Singapore kicked-off its inaugural run of the Scale-up SG programme today with 25 local companies. Scale-up SG is a 2.5-year programme that will help aspiring, high-growth local companies scale rapidly. We aim to groom future global champions in their respective fields who can contribute significantly to Singapore’s economy and create good jobs for Singaporeans.

Mr Peter Ong, Chairman of Enterprise Singapore, said, “Scale-up SG is a specially curated programme which aims to groom our high-growth local enterprises into global champions. The companies, while vastly diverse in terms of revenue size, sectors, business models, exhibit the common trait of hunger and the strong ambition to grow. Leaders learn best from leaders; the diversity of the companies will enrich peer learning, spurring each of them towards even greater growth.”

The participating companies, which displayed a good track record of growth and leadership team with strong growth ambitions, are of varying revenue sizes and come from various industry clusters like lifestyle and consumer; trade and connectivity; manufacturing and engineering; and urban solutions.

Enterprise Singapore will run the programme in collaboration with public and private sector partners, including government agencies, management consulting firms, professional services firms, institutes of higher learning , research institutes and private equity funds, among others.

The Scale-up SG companies can benefit from: Peer learning and collaboration between a close-knit community of CEOs and founders. Some may even partner up to grow their business, and serve as mentors to future cohorts of participating companies and development of leadership team and succession planning through strengthening the competencies of the next generation of leaders; and also access to expertise and networks of Enterprise Singapore and our programme partners, to support their growth objectives.

Participating companies will go through the programme in cohorts, each comprising 10 to 15 companies. The programme will be conducted in phases and include activities such as executive business programme with leading IHLs, peer networking, and industry sharing sessions.

Singapore’s IMCS Initiates Two Anti-Scam Projects

The Inter-Ministry Committee on Scams (IMCS) of Singapore has initiated two new programmes with the goal of protecting e-commerce marketplaces from fraudulent activity. These are E-commerce Marketplace Transaction Safety Ratings (“TSR”) and the Revised Technical Reference 76 on Guidelines for Electronic Commerce Transactions (“TR 76”).

The E-commerce Marketplace Transaction Safety Ratings build on these guidelines, by raising consumer awareness of the anti-scam measures on major e-commerce marketplaces in Singapore. MHA would like to thank our partners from the e-commerce industry for working with us on these initiatives to combat e-commerce scams.

– Desmond Tan, Chairman, the Inter-Ministry Committee of Scams & Minister of State, Ministry of Home Affairs & Ministry of Sustainability and the Environment

Desmond said that the adoption of anti-scam procedures in the amended TR 76 recommendations by e-commerce businesses and marketplaces would increase the security of e-commerce transactions and protect customers from e-commerce fraud.

TSR aims to provide consumers with information on anti-scam measures that major e-commerce marketplaces have in place while the TR 76 seeks to provide e-retailers and online intermediaries such as additional requirements for e-commerce marketplaces to protect e-commerce transactions from fraud.

The TSR provides consumers with information regarding the transactional security of various e-commerce marketplaces based on the range of anti-scam methods in place. It encompasses big e-commerce marketplaces that support online transactions between numerous sellers and multiple buyers and has a considerable local reach or a significant number of reported e-commerce frauds.

Major e-commerce marketplaces have been rated for their overall security. The ranking indicates the level to which anti-scam measures have been adopted to assure user authenticity; transaction safety; the availability of loss reparation channels for consumers; and the effectiveness of their anti-scam procedures. One to four ticks are available, with four ticks being the highest and best rating and will be awarded to e-commerce marketplaces that implement all essential anti-scam procedures. Annually, these ratings will be evaluated.

Consumers can also refer to the TSR microsite for safety feature warnings and specialised marketplace features. The goal of the TSR microsite is to improve consumer awareness of security measures that safeguard e-commerce transactions and to encourage the use of such features and best practises when conducting business online.

On the other hand, TR 76 as the national standard for e-commerce transactions, has been updated to incorporate additional anti-scam rules for e-retailers and e-commerce platforms in order to provide enhanced safety for online customers. Enterprise Singapore oversaw its development through a multi-stakeholder Working Group constituted by the Singapore Standards Council.

The additional anti-scam regulations will outline recommended practices for e-commerce companies and marketplaces. These best practices encompass the pre-, during-, and post-purchase phases of transactions, as well as customer assistance and merchant verification.

One of the key recommendations for TR 76 is that e-marketplaces should determine the information to acquire from merchants and the verification processes to follow. Wherever possible, e-marketplaces should check their merchant’s information against Government records or compare it to the identification document(s) provided; while the merchant verification is outsourced to a third-party service provider, the e-marketplace shall implement measures to facilitate, whenever possible, the prompt retrieval of records.

The goal is to improve merchant authentication, transaction security, and enforcement against e-commerce fraud. The new rules in TR76 are graded as part of the TSR’s safety features. In general, e-commerce platforms that adhere to TR76 standards would receive a higher TSR score.

These rules encompass the end-to-end process of e-commerce transactions and believe they will assist e-retailers and e-marketplaces in improving the traceability and security of customer transactions.

Data for All Project Serves Vulnerable Groups in Singapore

The initiative “Data for All” shows the multiplicative contributions of Digital for Life (DFL) Private Public-People partners and will benefit about 30,000 children, youths, and seniors from low-income families, as well as persons with disabilities and their caregivers.

The effort, which is part of the DFL movement, seeks to mobilise the community to pledge their support and supply individuals from vulnerable sectors with more than $3 million worth of mobile data lines. It was made feasible by the collaboration of seven public organisations, social service agencies, and community partners with the telecommunications industry.

Lim Teck Kiat, Senior Director of Social Policy and Services Group, Ministry of Social and Family Development (MSF) said that through the united efforts of corporations, community organisations, the government, and individuals, they will be able to provide citizens with a higher quality of life facilitated by technology.

“The free mobile and data plans for the families will help enhance digital connectivity for them-a one-step forward to uplifting their lives and building a caring community,” Kiat said. He added that the MSF is delighted to partner with IMDA and other private sectors in the Data for All initiative in support of the Digital for Life movement.

Some telecommunications companies have pledged to raise awareness of the Data for All campaign and encourage their consumers to join them by pledging their support or donating their unused data. Each telecommunications company has also pledged to provide 10,000 mobile data lines, which will support a total of 30,000 beneficiaries.

The Digital for Life initiative aims to inspire Singaporeans to adopt digital as a lifetime ambition and to enrich their lives. It builds on the momentum of the various community efforts witnessed during COVID-19 and engages additional community partners and resources to help all Singaporeans feel enthusiastic, empowered, and enhanced by digital technologies.

To aid in the development of a digitally inclusive society, the Digital for Life movement has been developed to promote: Digital Technology and Inclusion, which will emphasise strengthening digital resilience and excite many parts of society about how new digital technology can improve their daily life; and Digital Literacy and Wellness – which will focus on fostering healthy digital habits as society enters the digital domain, including cyber safety, media literacy, and limiting the dangers of online harms.

Since the introduction of the Digital First Movement which was backed by the Infocomm Media Development Authority (IMDA), the Singapore Digital Office (SDO) has been walking the ground to support individuals who might require a bit more hands-on aid, so that they can benefit from going digital.

On top of the 47 community hubs that are already in place, the SDO has announced late last year that it will be setting up more than 200 roving community counters across the entire island to bring its services closer to seniors. This was done to broaden its reach to a greater number of seniors.

Contributions from businesses and individuals in the community are funnelled through the DFL Fund and all of the money that is donated will be used to assist Singaporeans in embracing digital for life, particularly in the areas of digital wellness and widespread adoption of technology and digital inclusion. The last-mile support that is provided for recipients in need as part of IMDA’s digital access programmes is also funded through donations.

Singapore’s MTI Unwraps Food Services Industry Transformation Map 2025

Four major strategies on the Food Services Industry Transformation Map (ITM) 2025 have been revealed recently during its launching led by Gan Kim Yong, Singapore’s Minister for Trade and Industry fostering innovation and internationalisation as well as developing native regional brands.

The Food Services industry plays a vital role in our economy and contributes to the vibrancy of the lifestyle scene in Singapore. We want to help food services companies capture the strong consumer demand locally and, in the region, brought on by changing consumption patterns and trends in areas such as wellness and sustainability.”

– Dilys Boey, Assistant Chief Executive Officer of Enterprise SG-Lifestyle & Consumer, Food and Agritech

Boey added that to be successful in this extremely competitive field, they encourage businesses to be daring and creative in their exploration of new concepts and business models. The ITM 2025 outlines the growth strategies for the Food Services industry and bolsters the desire to create brands of which the country can be proud.

Innovating to generate new revenue streams is the first strategy. This aims to foster an innovative and vibrant Food Services industry and to develop homegrown brands with regional potential that will make the Enterprise SG collaborate with additional Food Innovate partners and larger organisations, to provide end-to-end support spanning from knowledge sharing to food product R&D and go-to-market networks.

The ITM will advise foodservice companies on how to strengthen their green branding to appeal to the environmentally concerned consumer, while the Enterprise SG will assist them in implementing sustainable solutions or incorporating sustainable practices into their operations like the Enterprise Sustainability Programme. A closer sustainability cooperation between foodservice companies and partners in the innovation or technology ecosystem to drive food resilience and sustainability goals will be encouraged.

The second strategy revealed was developing localised brands and assisting with internationalisation. ITM supports more food service providers to penetrate new markets, boost regional expansion, and internationalise by utilising different formats. Those new to internationalisation can utilise a carefully curated market accelerator programme to overcome potential industry-specific difficulties and launch their first international venture.

Enterprise SG will focus on assisting enterprises with an existing international presence to expand their presence by identifying new opportunities in rising locations. This is particularly pertinent for the regional markets, considering their near proximity to Singapore and their rapidly expanding populations.

Developing digital leaders and enhancing enterprise capabilities is ITM’s third strategy. Digitalisation remains essential to the transformation of the market. ITM 2025 will continue to promote the widespread use of foundational technologies through the Productivity Solutions Grant, which encourages businesses to deploy cost-effective, scalable digital and automation solutions.

With the implementation of the new Food Services Industry Digital Plan later this year, businesses will receive a revised digital road map to assist them in utilising innovative technology to meet their demands. The changes will also assist Food Services SMEs in transitioning from simple point solutions to integrated solutions to achieve efficiency and protect their organisations with data protection and cybersecurity technologies.

Food enterprises with scalability potential are encouraged to establish more comprehensive digital and data-driven strategies and champion seamless online-to-offline and offline-to-online customer experiences.

The last unveiled strategy was increasing job transformation and establishing quality positions for locals. To survive and grow in a fiercely competitive market, food and beverage firms must stay ahead of their business transformation initiatives and cultivate a resilient workforce core.

As organisations evolve, the ITM will boost local talent streams to support new business models and fulfil the rising demand for emerging employment. Enterprise SG will assist more businesses in launching talent development programmes to cultivate local talent in fields such as digital marketing, food technology, data analytics, restaurant management, chefs, and more.

The Food Services business plays a crucial role in Singapore’s economy, and in recent years it has achieved significant strides in digitisation and productivity enhancements. Enterprise SG will drive cross-sector relationships in line with ITM priorities.

Singapore, African Union’s Digital Covid-19 Vax Validation Begins

Singapore and the African Union have collaborated to establish a framework for the reciprocal acceptance of digital COVID-19 vaccination certificates using the Africa Centres for Disease Control and Prevention (CDC). This will make it easier for people to travel back and forth between Singapore and the countries of Africa.

Beginning on May 23, fully vaccinated travellers with digital COVID-19 vaccination certificates issued in the African Union via the Africa CDC’s Trusted Travel (TT) and Trusted Vaccines (TV) platforms (trustedtravel.panabios.org) can upload and validate their certificates to verify their vaccination status through the Vaccination Check Portal (VCP) or the Singapore Arrival Card (SGAC). Because of this, they will be allowed to enter Singapore without being required to go through any kind of testing or quarantine as part of the Vaccinated Travel Framework.

In the same vein, fully vaccinated passengers who possess digital COVID-19 vaccination certificates generated in Singapore like HealthCerts are eligible to get Vaccination Passes on the AU TT and TV platforms safely and reliably.

The TT and TV platforms are based on the African Union standard for unifying digital passes and health-related screening criteria throughout Africa to facilitate smooth travel. The TT ecosystem provides access to a network of systems for health credential issuing, border risk management, digital public health monitoring, and lab, clinical, and vaccine registries to governments and authorised organisations.

The platforms have been operating since the fourth quarter of 2020 and have completely onboarded or are in the process of fully onboarding 21 key African destinations, including Ethiopia, Nigeria, Ghana, Namibia, Kenya, and Rwanda, with intentions to onboard all African countries in the next months. The TT and TV systems also permit interoperability across African digital COVID-19 platforms and those from other continents using the new PolyGlot standards adaptor.

Through the Notarise website (notarise.gov.sg), residents of Singapore who have had all their recommended vaccinations are eligible to apply for a digital vaccine HealthCert that is granted by the Singapore Ministry of Health (MOH). Notarise will provide the vaccination HealthCerts to the person’s email address and/or via the Singpass mobile app, whichever the individual prefers.

Through the Global Haven program, which is sponsored by the United Nations Development Program (UNDP), the PanaBIOS Consortium, a multistakeholder effort established under the auspices of the African Union, provided technical assistance for the achievement of this Global Health milestone.

In the context of the COVID-19 pandemic, the idea of digitally documenting COVID-19-related health data of a person using an electronic certificate is being proposed as part of the concept of Digital Documentation of COVID-19 Certificates (DDCC). After that, a digital vaccination certificate that details an individual’s current immunisation status to guard against COVID-19 may be used for continuity of care or as evidence of vaccination for reasons other than those related to health care.

To assist its Member States in adopting interoperable standards for recording vaccination status, the World Health Organization (WHO) has developed a set of guidelines and the accompanying technical specifications in collaboration with a diverse group of partners and experts.

Digital vaccination certificates are electronic immunisation records that can be accessed by both the vaccinated individual and authorised health personnel, and they may be used in the same manner as paper vaccination cards. To maintain continuity of treatment or to offer evidence of vaccination are the two main purposes of digital vaccination certificates.

Exclusive! Singapore OpenGov Leadership Forum Day 4

The pandemic vaulted the governments and businesses into the next stage of digital transformation and online services. Everywhere, organisations have been compelled to accelerate and bring forward their digital transformation strategies.

Data is increasingly at the core of any business or organisation and is a critical raw material for intelligent analytics and the driving force behind digital transformation. The widespread move towards remote work and the corresponding need for better remote workforce security has also spurred investment in Zero Trust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks.

Cyberattacks are constantly evolving and getting more sophisticated, driven by accelerated digital transformation – moving to cloud, rolling out new applications and e-services at lightning speed to address the needs of citizens and customers.

With the pandemic fundamentally changing reality, the question is: How can organisations future proof their infrastructure, keep their data safe and stay resilient?

The 7th Annual Singapore OpenGov Leadership Forum 2022, Day 4, was held on 20 May 2022 at Singapore Marriott Tang Plaza Hotel. It convened digital leaders from the Singapore public sector and financial services industry to discuss, deliberate, share and plan for the next phase of transformation.

Digital transformation as the new imperative

Mohit Sagar: Technologies to cope with new demands

Mohit Sagar, Group Managing Director, and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.

We are creating a lot of data, Mohit remarks as he reflects on the metaverse. He pointed out the growing trend of the metaverse, the alternate reality and the billions that are poured into it. “This is where things are going,” Mohit firmly believes.

With the copious amount of data that we need to manage, the security of data is fast becoming imperative. Using racing as an analogy, Mohit revealed that for an F1 race car, about 30% of the cost is spent on the braking system.

“You can only go at high speeds knowing that you can safely and quickly stop. In a digital world, cybersecurity is the brake and safety net,” Mohit claims. “If you don’t know how to protect, you can’t use or democratise data.”

We have been coping the past two years with ‘band-aid’ technology, Mohit feels. These ad hoc solutions and platforms that were used during the pandemic need to be scaled up, taken forward and mainstreamed. Using COVID-19 as an excuse for temporary measures is gone.

Singapore is so connected that it is a prime target for ransomware, Mohit asserts. Accordingly, Singapore jumped to No. 11 globally for ransomware in the first half of 2021. It was 44th in the first six months of 2019 and 21st in the first half of 2020. Two in five SMEs in Singapore suffered a cyber incident over 12 months from September 2020 to 2021.

When thinking about what is happening and the number of hackers that are turning their attention to Singapore, security is no longer something that can be avoided.

The move towards cloud is inevitable, Mohit contends. However, migration is a journey and a process that needs to be safeguarded at all times and every stage. Compared to CEOs, CFOs and COOs, the CISOs of organisations are never sleeping. “The security teams have a tough job,” Mohit acknowledges.

There is a massive paradigm shift in the world and data is rapidly gaining prominence. In this digital landscape, Mohit has an acronym that helps highlight the pillars of transformation and success – ACDC². ‘A’ stands for augmented intelligence, ‘C ‘stands for convergence (of the physical and virtual), ‘D’ is data, and the last ‘Cs’ stand for cyber resilience and critical events.

The world is changing rapidly, and no one knows what will happen next. As such, Mohit urges delegates to learn from experts who are adept and experienced in keeping data safe and protected.

In conclusion, he encourages delegates to look for partners who are champions in their field of work who can help organisations keep their glass full so that they can focus on their business objectives.

Designing a Single Digital Touchpoint for Businesses

Simon Ang, Deputy Director – Moments of Life (MOL), Government Technology Agency of Singapore (GovTech) spoke next on GovTech’s journey of developing a single touchpoint across agencies.

There are a plethora of things that a business owner needs to do including applying for permits and licences. What government agencies can do is ease the process so they can be spent on business development activities.

Simon shares that the main problem business owners were beset with was the prolonged amount of time required before their licenses are all approved. Most F&B business owners would find a location and will pay a deposit to secure the venue, only to spend 3-6 months afterwards applying for licences. In addition, many were not completely aware of the sequence of applications.

Tasked with the mission to streamline this process, GovTech started to understand its users. Accordingly, they: 1) Engaged 41 different F&B businesses and spoke to the owners and administrative staff 2) understood the pain points in every agency touchpoint 3) Sought views on how the license application process can be an integral part of their business process

Undertaking a service journey approach, they used the service blueprinting technique to map the user’s journey across the different agencies during their application. They grouped agencies that are in parallel processing and lay them in a sequential flow.

Instead of making the user go through the different agencies on their own, business owners would provide all the information at the start and their application will be routed automatically from one agency to the next – users will simply receive notifications when their applications advance.

The new system integrates 11 systems, which are linked through 17 APIs and enables people to get their application in 2 weeks.

GovTech’s role is to look at different sectors and industries, as well as the key moments when users are interacting with the government. Through the pandemic, GovTech adapted to the needs of users and continued to develop applications that can help lubricate processes.

In conclusion, Simon believes that technology is there to help organisations stay relevant and to improve the quality of service.

Innovation and Modernisation in the Public Sector

Vishal Ghariwala: Innovation and modernisation with open source and cloud-native technologies

Vishal Ghariwala, Chief Technology Officer, APJ and Greater China, SUSE spoke next on the trends of digital transformation through cloud-native technologies.

Vishal observes that the government’s budgets point to 3 priorities in digital transformation: 1) Meeting citizen expectations – modern and always-on services 2) Adapting to threat vectors and 3) Sustaining Resilience amidst uncertainty

Cloud migration is a journey that will continuously evolve, Vishal contends.

First, it begins with setting up a multi-cloud platform. With the fabric in place, application modernisation is the next stage. Thereafter, it is followed by adaptive security. Vishal concurs that threats are evolving rapidly, which is why technologies in security need to be updated consistently. He adds that automation needs to be looked at to streamline processes.

Vishal believes that open-source technologies provide a firm foundation for innovation and openness is the ability to interoperate with other vendors.

SUSE Rancher enables organisations to take the best of what a hybrid cloud can offer. “SUSE is committed to co-creating success,” Vishal states.

NeuVector addresses many issues of security and, because the technology is open-source, it can be used with the existing technologies of organisations.

Vishal shares a case example of an agency that needed a flexible cloud platform primarily used for data analytics in disaster detection and prevention. The organisation wanted it to be agile, scalable and able to support modern containerisation, all while being affordable and providing the highest performance. Unfortunately, affordability and high performance usually do not go hand in hand – which is why they looked to open-source solutions.

Building an entirely new, cloud-native technology needed the following:

Scalable and flexible = easily and automatically scalable across different regions based on traffic surges and peaks. Infrastructure must be built quickly to respond to emergencies
Affordable and high performance
Multi-tenant
Container-based architecture
Built using Open-Source technologies
Support mobile and remote workforces and field operations

In response to the needs of the organisation, SUSE came up with a solution with the following features:

7-Region national scale AI (Artificial Intelligence) cloud platform (2 Private cloud, 5 Edge cloud)
Each cloud region is a full OpenStack environment – Software defined provisioning of GPU and NVMe resources
Core-to-Edge architecture supports both local and mobile/remote workforces
Workloads are containerised and orchestrated using Kubernetes and SUSE Rancher Container Management Platform SUSE Rancher orchestrates via the OpenStack plugin to create a secure multi-tenant environment
Built using open-source technologies: SUSE Rancher, Kubernetes, OpenStack

Eventually, they were able to deliver the following benefits for the customer:

Regional COVID symptoms and test results can now be aggregated across two core environments
AI/ML models to detect COVID hot spots
Implement regional restrictions
Inform mass population around COVID hot spots
Easy and transparent access to COVID-related information

SUSE Rancher Benefits

Quickly adapt and scale the system
Automated orchestration and provisioning of workloads
Zero-touch deployments
Ease of administering distributed infrastructure

Vishal assured delegates that SUSE can support organisations in their transformation journey, to enable organisations to deliver impact to their users or customers. He encourages delegates to reach out to him if they are keen to find out how SUSE will be able to add value to their services.

The key to building a resilient digital infrastructure

Kamal Naresh: Focus on backup and recovery based on a changing landscape.

Kamal Naresh: The key to digital resilience is next-gen data management

Today’s Information Technology environments are beset with new challenges, Kamal contends. Issues are aplenty – increase in threat vectors due to the massive amount of remote work, increasing regulatory oversight dictating rules for privacy and retention and legacy infrastructure limitations that prevent companies from being more agile.

Almost all companies are leveraging the cloud in some capacity and many have mandates to embrace it in bigger capacities, but it is not that easy. Additionally, IT is being held to stringent SLAs and many stakeholders have zero tolerance for downtime.

Backups are often considered the last line of defence. To put that in a football context, there is an entire line (or two) of defenders that try to prevent the opponent from ever scoring. The goalkeeper acts as that last defender that saves the ball from going into the goal. Not only do goalkeepers prevent others from scoring, but they are also the ones that put the ball back in play.

What Cohesity does is very similar, Kamal explains. Not only does Cohesity protect the goal and prevent data from being lost, but they are also the company that restores it to the environment. Ransomware has evolved and is now attacking backup copies. As a result, there is a need for a different architecture.

At its core, Threat Defense is about providing customers with a highly resilient platform that ensures confidentiality, availability and integrity of the data with encryption, fault tolerance and immutability built into the platform.

Data resiliency is then further augmented with comprehensive access control capabilities that ensure that entities accessing the data management platform conform with Zero Trust principles of no implicit trust and authentication, authorisation, and access control at the UI, CLI, and API-based entry points.

Kamal explains that it is further strengthened with support for multi-factor authentication, granular and customisable role-based access control to enforce the principle of least privilege and segregation of duties and quorum-approval to prevent unitary over privilege within administrative accounts – a crucial control to protect against unintentional user error, rogue admins, or compromised accounts – as well as auditing and continuous monitoring capabilities to ensure compliance and operational integrity of the entire data management platform.

However, unique to Cohesity, the Threat Defense architecture incorporates additional layers of protection: AI-driven detection and analytics – a set of advanced capabilities ranging from data classification to near-realtime threat detection to source-side data anomaly detection to adaptive behavioural analytics.

These detection and analytics capabilities provide Cohesity customers with the knowledge of where their sensitive data resides to proactively address compliance and governance issues like data overexposure in a near-real-time manner before these threat actors manage to fully exfiltrate an organisation’s most sensitive data assets.

The final layer of Cohesity Threat Defense ensures that their data management platform can be securely operationalised by their customers. This layer ensures that Cohesity remains an open and extensible data management platform with capabilities like our Marketplace that allow leading security ISVs like SentinelOne and Tenable to build security apps that run close to the data to help protect the data, natively on the Cohesity platform.

He concludes that data is always dark in the recovery phase, which makes automation necessary to identify what is violating compliance policies. Cohesity offers organisations to do bulk recovery and integration for security operations. Cohesity Threat Defense architecture can help to keep data secure as part of an overall in-depth defence strategy.

Polling results for the morning session

Throughout the morning session, delegates were polled on different topics.

The first poll inquired about key business initiatives for the next 12-18 months. Almost a quarter (24%) are focused on improving agility and delivery through Cloud Migration. That is followed by efforts to improve employee productivity through digital technology (21%) and modernising and securing apps (17%). Other delegates were evenly split between enabling real-time performance visibility and analysis (14%) and allowing users to efficiently deploy IT services across a variety of environments (14%) while the rest (10%) are embedding compliance transparently in applications.

Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Delegates were equally divided between improving integrity and governance while reducing inefficiency (23%) and fortifying cyber resilience (23%). While 18% opted for enhancing or adopting AI and Analytics for improving outcomes through forecasting, prediction and optimisation (18%), Similarly, another set of respondents were split between digitalisation of processes to deliver better or ‘Smart’ services (14%) and embracing cloud technology, be it public or private (14%). The remaining selected leveraging IoT (Internet of Things) to improve processes and productivity (9%).

On the main motivator that is driving digital transformation, most (42%) are interested to improve their capability to manage the increasing amount of data at the edge locations while ensuring security and compliance while 32% hope to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better. The rest (26%) see a growing need to maximise value/insights from an increasing amount of data assets as a motivator.

Regarding key fears in moving to cloud, a sizeable majority (61%) were concerned about security and governance. The other delegates were split between operational costs (16%), the need to re-skill talent (13%) and vendor lock-in (10%).

The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. About 42% found people and skillset the biggest challenge and 32% opted for security and compliance risks (32%). Data classification/data sovereignty/data residency concern was an issue for 11%. The remaining delegates were equally split on legacy infrastructure (5%), executive support/top management strategy (5%) and budget (5%) challenging.

Inquiring about the cyber security concerns that organisations are most worried about, 42% were worried about phishing and spear-phishing campaigns. The rest of the delegates were evenly divided between attacks on public-facing websites and infrastructure,e.g., SQLi, XSS, DDOS, (21%) and social engineering campaigns targeting employees/partners/users (21%). The rest of the delegates are bothered about attacks on remote access infrastructure, e.g., VPN compromise (17%).

On their plans to implement Zero Trust across their extended environment, most (43%) have already started implementing zero trust with a primary focus on identifying our critical assets, while others (29%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust. The remaining delegates have made huge investments in different technologies and are not sure where to start due to operational complexities (21%) or are not yet ready to implement zero-trust due to a lack of resources and skills needed (7%).

Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over a third (35%) identified Security/Data Protection/Breach Prevention to be critical. It was followed identically by operational efficiency (18%) and addressing hybrid IT security issues (18%). Similarly, another set equally indicated reducing endpoint, Insider and IoT security threats (12%) and internal/Industry/Regulatory compliance (12%). The rest of the delegates are driven by the response to audit or security incidents (6%).

On the external help needed most to accelerate their digital transformation journey, about a third (35%) want assistance in managing the complexities of monitoring and managing multiple tools on on-premises and hybrid multi-cloud-based systems. That is followed by the mindset change and new ways of working (26%), agile Integration (17%), training and enablement for cloud technologies (13%) and automation (9%).

Exposing Supply Chain Attacks in Modern App Development

Tan LyeHee: Software Composition Analysis: What to look for in a solution

Tan LyeHee, Director of Sales Engineering, APAC Middle East & Africa, Checkmarx, elaborated on cyber threats in modern app deployment.

LyHee began by addressing the question of what Modern Application Development (MAD) is. MAD is a new approach to creating and increasing value through software produced. It holds the key to modernisation and software-based digital transformation. Through it, rapid innovation is powered using cloud-native architecture, loosely coupled microservices, database and service modules and it can abstract from the underlying system. It can dynamically respond to events in near real-time and offers tremendous benefit

However, MAD brings new security “risks” such as container risks, infrastructure as code risks, API (Application Programming Interfaces) Risks, Open-source code risks and Microservices Risks. Checkmarx takes the approach of modules and engines stacked on the cloud. It has been a pioneer for software security for years and is now transforming the industry to move beyond traditional security testing to managing the total software exposure across their entire SDLC at the speed of DevOps and the business.

More than 1,400 of the world’s leading organisations trust Checkmarx to power their software security program. They are a leader in the 2018 Gartner Magic Quadrant and are ranked #1 by industry peers on Gartner Peer Insights. Its proven solutions implemented by their customers have led to some phenomenal growth, we are growing 70% year-over-year and now have close to 600 employees globally.

The greatest challenge is supply chain security, opines LyHee. Checkmarx began with open-source software where codes are copied in modules from other places. The open-source module comes from other modules.

LyeHee observes that collaboration across wide communities has driven an explosion in application development based on open-source software. Highly collaborative ecosystems have myriad advantages, but zero trust security controls are not one of them, and attackers are taking advantage.

Accordingly, he shares the anatomy of an attack:

A good package goes bad
Discovery of other common packages being infected
Attackers go after the developers preparing the package
Minor and major versions were infected

Considering the prevailing trends, LyeHee believes that software composition analysis is the focus. There is also a need to understand the organisation’s open-source risk profile:

Accurate open-source library detection
Risk dashboard and detailed reporting across the organisation
New vulnerability alerting without the need to rescan
Vulnerability trends over time (project-level)
Leverage the comprehensive threat intelligence database of public (CVE) vulnerabilities and unique (Checkmarx research)

In conclusion, LyeHee believes that mitigating against supply chain attacks is an imperative that should not be ignored. Through triage scan results they can identify and visualise the dependency structure, as well as dig into transitive elements. They are also able to focus and know where the vulnerable library is from before understanding the component to remediate.

He urged delegates to reach out to Checkmarx to better understand how the technology can help their organisations.

Observability in Singapore’s digital transformation journey

Taylor Chan: Observability for government digital transformation journey

Taylor Chan, Head of Sales Engineering, Asia Pacific, SolarWinds talked about observability in digital transformation.

Taylor considers Singapore to be one of the fastest adopters of digital technologies. It is a mature market and an early adopter of new technologies, applications and solutions. The nation is forging ahead with its vision to have a world-class, secure and resilient 5G infrastructure that will be the backbone of its digital economy.

Singapore is a magnet for visionaries and businesses looking for an innovation hub in the Asia Pacific. A growing pool of highly skilled talent, solid government support schemes and an advanced IT infrastructure make up the triumvirate behind Singapore’s global competitiveness.

In addition to serving as the region’s trading centre, Singapore is universally regarded as the #1 Tech hub in the Indo-Pacific, a key reason 4,500+ U.S. companies are in the country. It has built a world-class, globally competitive tech industry and continues to explore new frontiers in innovation such as cloud computing, artificial intelligence, quantum computing, data analytics and other technologies that span healthcare, security, fintech, energy, aviation and defence.

The borrowing cost for Singapore is significantly less as it has historically maintained a high credit rating of AAA. For Taylor, Singapore is doing tremendously well in digital transformation and employs a six-fold strategy.

Some of the best examples of the Singapore government’s services include:

SingPass: Digital identity for easy and secure access to government and private sector services
MyInfo: Digitalisation of business operations via API which has resulted in an 80% improvement in application time
LifeSG: One-stop access to 70+ government services for different stages of life
GoBusiness: Connect business owners to 300+ government services, which teaches people how to apply for licenses.

For Taylor, there are some key features of a digital government:

Services that are easy to use, reliable and relevant
Seamless digital transactions
Systems and data that are secure
A digitally confident public service workforce
A digitally enabled public service workplace

Those features have enabled swift actions to be taken to support COVID-19 operations:

TraceTogther, SafeEntry; Build on existing tools like SingPass, MyInfo, FormSG
Allow rapid development within days – Maskgowhere (Within 36 hours) and SupplyAlly

The foundations allow the government to quickly build applications. A prime example is Maskgowhere, which was ready within 36 hours, including a system that tracked the mask collection progress across 743 collection centres. This allowed resources to be directed to centres where help was needed.

The COVID-19 pandemic produced an urgent need to address logistical challenges on a national scale. For example, the distribution of reusable face masks to all Singapore residents created a logistical challenge to track collection quotas and manage a flexible pool of volunteers. SupplyAlly – A mobile app developed by GovTech to facilitate nationwide logistic distributions.

The beauty of the system is that the underlying technology is hidden from the citizen. It is an elegantly engineered product which provides a secure way to connect the different Government services. The good part is that the complexity of services faded into the background, and the citizens can enjoy the benefits introduced by the systems.

Taylor points out that Core Operations, Development Environment and eXchange (CODEX) technology stack enables them to use less sensitive data outside of their infrastructure, such as commercial cloud.

The Singapore Government Technology Stack (SGTS) comes with four aspects:

Digital services: Easy to use, accessible and secure digital government services that improve the lives of citizens and businesses.
Microservices: Reusable common services that agencies utilise to build applications such as the National Digital Identify for authentication.
Middleware: Software services such as APEX (API gateway) and WOGAA (Whole of Government Application Analytics) (analytics that allows for rapid development, deployment, testing, and monitoring)
Hosting platforms: Scalable hosting containers with secure connectivity.

Hence, GovTech has created a centralised government-wide API exchange -APEX – that serves as a searchable library of APIs. Authentication protocols on APEX ensure that only authorised applications have access to highly confidential citizen data. At the same time, activities on the APEX platform are tractable as the system audits and logs the applications that have requested to pull data from government databases.

With APEX, data collected and stored by one agency can be used by numerous other approved agencies or businesses to improve and streamline their processes. For example, MyInfo leverages the capabilities of APEX to enable citizens and residents to manage the use of their personal data for a myriad of online transactions, including applying for a Housing Development Board flat and opening a bank account.

The MyInfo API for developers makes it possible for more applications to be integrated with MyInfo without significant hassle or overhead costs.

To Taylor, the goal of digital transformation in government organisations is easy-to-use, secure services for citizens, and seamless digital transactions between people, government and agencies.

Adopt new business models, operating models, and platforms: Go Digital First and Leverage data-driven insights into the services
Avoid outdated processes and disruption causing mechanisms: Adopt automation (RPA) and modernise legacy systems
Implement digital practices instead of physical counters: Leverage self-service digital practices
Leverage newer technology and Analytics: Make use of forecasting and predictive modelling
Invest in emerging technologies: Aim for a scalable and secure digital platform

Digital transformation spending is set to explode, Taylor believes that the areas of need include the revival from the pandemic, cost and productivity, and growth and results. Getting there will require faster decisions, simplified work, and the elimination of needless tasks. Considering that, full-stack visibility has never been so critical, Taylor contends.

Where SolarWinds can help is in proactive monitoring. With different tools and technology being adopted by companies the IT teams are left with spending most of their time dealing with performance issues. When organisations have too many tools, it can cause slow root-cause analysis. This leads to downtime, added cost and operational inefficiencies.

In conclusion, Taylor shares that the SolarWinds platform can support and power the digital transformation journeys of organisations, delivering superior ROI in various industries. He encourages delegates to reach out to his team to find out more about how SolarWinds can help with their organisation’s journey.

Mitigating digital asset disruption in a time of flux

Nathan Stevens: Digital asset disruption: Solving the visibility problem in a rapidly evolving IT landscape

Nathan Stevens, Head of Solution Consulting – APAC, Snow Software, shared on the complex and evolving space of digital asset disruption and how it can be addressed it.

“We are in a continuous state of disruption,” Nathan observes. “What we consider a digital asset has changed dramatically, and the emergence of new asset classes has made managing them even more challenging.”

He believes that IT leaders must leverage technology that delivers comprehensive visibility and contextual insight – Technology Intelligence. It allows for the management of organisations’ complete technology landscape and to drive transformation with precision and agility.

Digital assets have significantly changed in the last 40-50 years, but that rate of change has been exponential with the emergence of new technologies.

What is seen in this disruption is an increase in complexity. Buying practices have changed, and the world is very much in a consumption economy, and moving into a per second per minute economy as well – transforming into business-led procurement. Cyber-security exposure is larger than ever and very much high on the radar for all CIOs, especially as attacks become common. Identifications of vulnerabilities and foreign agents launching new attack has everyone on all on high alert.

The utility in which we associate these digital assets has expanded greatly – everything from ensuring your plants have enough water, to full automation of a mining site with driverless trucks – the possibilities are endless

Looking at how the modern digital asset was formed, Nathan wants to assess each of these distinct ages of modern technology against the spectrums of visibility, optimisation potential, and risk.

Visibility – achieve a holistic view of data, applications, and spending across on-premises data centre, cloud, and SaaS (Software as a Service) environments
Optimisation – leverage intelligent insights and recommendations about your data to optimise spending and drive operational efficiencies
Governance – manage security risk and compliance without affecting business performance

All this points to common themes for 2022 and beyond, namely the rise of IoT, 5G, AI/Machine Learning, RPA, low code applications and edge computing and, more recently the meta-verse. All are rapidly changing how people consume technology and how we approach data and IT operations.

Nathan points out that cyberattacks on IoT devices skyrocketed in 2018 and surpassed 300% in 2019. Accordingly, malware attacks are now affecting a vast number of IoT devices. According to Forbes, the number of malware incidents involving IoT devices has grown from 813 million in 2018 to a staggering 2.9 billion already the following year.

The results of not having adequate visibility in place are:

Lack of optimisation and increased risk
Increase in SaaS spend that we are locked into and grown comfortable then, then the price increase
Huge uptake in new technologies that need to be managed and will have huge impacts I.e., Containers
85% of CMDB projects fail – trying to achieve too much or being too ambitious; completeness for completeness’s sake or trying to achieve 100% coverage in a dynamic and ever-changing environment

“We don’t need a single source of truth, we need to have different data sets that give us a different perspective or insight – and integrate those best of breed datasets into the CMDB only where it makes sense,” Nathan asserts.

Snow’s solution for Technology Intelligence – what we see as the future of Software Asset Management is to provide complete insight and manageability across all technology

For Snow Software, the approach to technology intelligence requires additional levels of visibility, which involves understanding the usage of all technologies, leveraging data to negotiate the most value and obtaining baselines for intelligent migrations to the cloud.

If managing Microsoft spending as one key use case, it is possible to apply the same logic to Oracle or VMware as well. There is a movement beyond software or hardware asset management – it is time for technology asset management.

In conclusion, Snow Software can help organisations provide intelligence on the data that is collected to make business decisions on that data. The platform allows them to bring real value to customers. Nathan adds that they are also able to integrate with business processes.

Polling results for the afternoon session

Throughout the afternoon session, delegates were polled on different topics.

The first poll inquired about key business initiatives for the next 12-18 months. Over a third (37%) were focused on improving agility and delivery through Cloud Migration. This is followed by efforts to modernise and secure apps (21%) and enable real-time performance visibility and analysis (21%) and improve employee productivity through digital technology (11%). The rest were focused on allowing users to efficiently deploy IT services across a variety of environments (5%) and embedding compliance transparently in applications (5%).

Delegates were then asked about what would have the bulk of their budget in 2022 –2023. Just under a third (32%) have committed to embracing cloud technology, be it public or private (32%), followed by the digitalisation of processes to deliver better or ‘Smart’ services (26%). The remaining delegates have their allocation for n enhancing or adopting AI and Analytics for improving outcomes through forecasting, prediction and optimisation (16%), fortifying cyber resilience (16%) or improving integrity and governance whilst reducing inefficiency (11%).

On the main motivator that is driving digital transformation, 39% are driven by the desire to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better, followed by the growing need to maximise value/insights from an increasing amount of data assets as a motivator (26%). The rest of the delegates opted for providing a consistent and seamless cloud-everywhere experience across a distributed organisation (22%) and improving their capability to manage the increasing amount of data at the edge locations while ensuring security and compliance (13%).

Regarding key fears in moving to cloud, well over half (58%) were concerned about security and governance. The other delegates were split between the need to re-skill talent (25%), operational costs (8%), and vendor lock-in (8%).

The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. Delegates were evenly split between people and skillset (21%), legacy infrastructure (21%) and executive support/top management strategy (21%). The rest of the delegates equally found security and compliance risks (14%), budget (14%) and data classification/data sovereignty/data residency concerns (7%) challenging.

Inquiring about the cyber security concerns that organisations are most worried about, most delegates (42%) were worried about phishing and spear-phishing campaigns. The rest of the delegates were split between attacks on public-facing websites and infrastructure, e.g., SQLi, XSS, DDOS (21%) and social engineering campaigns targeting employees/partners/users (21%). The rest of the delegates are concerned about attacks on remote access infrastructure, e.g., VPN compromise (17%).

On their plans to implement Zero Trust across their extended environment, delegates are evenly split between partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero-trust (28%), having made huge investments in different technologies and not sure where to start due to operational complexities (28%). Others (17%) have already started implementing zero trust with a primary focus on identifying their critical assets while about 7% are not ready to implement zero-trust due to a lack of resources and skills needed.

Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over a third (35%) identified Security/Data Protection/Breach Prevention to be essential. It was followed by internal/Industry/Regulatory compliance (36%) and addressing hybrid IT security issues (14%), The rest of the delegates are driven by the response to audit or security incidents (7%).

On the external help needed most to accelerate their digital transformation journey, most (42%) need assistance with a mindset change and new ways of working, followed by managing the complexities of monitoring and managing multiple tools on on-premises and hybrid multi-cloud-based systems (26%), training and enablement for cloud technologies (21%), automation (5%) and agile integration (5%).

Closing

To conclude the day, Mohit stresses the importance of getting started on the journey of securing data and information because “data is the new oil.”

For Mohit, attacks are inevitable, and organisations need to ramp up security to continue delivering business outcomes and value. He believes that the key is to work with partners who have the expertise and knowledge so that energies can be channelled into driving business objectives.

Singapore’s CAS, NTU Unveils NiCE for Cybersecurity Measures

The Cyber Security Agency of Singapore (CSA) together with the Nanyang Technological University, Singapore (NTU Singapore) inaugurated the National Integrated Centre for Evaluation also tagged as NiCE -a partnership that intends to modernise the country’s national hardware security evaluation and certification ecosystem.

This collaboration between CSA and NTU underlines CSA’s continual commitment to working with institutions of higher learning and industry to build up the cybersecurity manpower pipeline and facilitate a national cybersecurity ecosystem that will provide good business opportunities and jobs.

– David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore

Koh noted that as the nation progresses toward a digital future, it is crucial that new developing technologies be created securely. The cutting-edge facilities will serve as a “one-stop-shop” for hardware device product research, testing, and security review. It will support a Community of Practice for Testing, Inspection, and Certification. NiCE provides a one-stop shop for manufacturers and developers to test and certify their devices. The SGD 19.5 million centres will help the sector in three ways: by establishing a community of practice, generating a research eco-system, and expanding education and training.

The start of the Internet of Things (IoT) and the rising use of cyber-physical systems have resulted in an increase in the number of devices and hardware components in such devices, such as communication points, storage, sensors, and actuators.

Meanwhile, to create a community of practice, NiCE will provide access to advanced technology that can be used by evaluators and developers to conduct evaluations at the highest assurance level, 3. The centre will retain a pool of research and technical staff with equipment-operating expertise. This will add to Singapore’s product review and certification ecosystem, and it will help develop the Testing, Inspection, and Certification (TIC) business by assessing software and hardware vulnerabilities, physical hardware attacks, and their countermeasures.

In addition, NiCE will encourage research and development in advanced security evaluation methodologies, including software and hardware security protections, to strengthen the industry ecosystem for cybersecurity testing and evaluation.

In turn, this will help the development of capabilities and the transfer of knowledge to the TIC industry, allowing TIC companies specialising in cybersecurity testing and certification to assist CSA and NiCE in providing quality services to end-users.

The Singapore Accreditation Council (SAC) will collaborate closely with NiCE and CSA to develop relevant accreditation programmes and facilitate the development of local TIC capabilities to support the cybersecurity ecosystem.

These include SAC’s IT testing programmes, which will enable accredited TIC businesses to provide assurances on the integrity and consistency of their test reports and certificates in support of CSA’s programmes such as the Cybersecurity Labelling Scheme (CLS).

NiCE will provide training, development, and certification for students and professionals so they can transfer into the industry effortlessly and will integrate security evaluation into the cybersecurity curriculum for students. NiCE also offers cybersecurity internships.

CSA also introduces ‘CLS-Ready’ initiative

NiCE’s work is consistent with the CSA’s goal of fostering Security-by-Design through security evaluation. CSA began certifying Infocomm devices in 2019 and 2020 with Singapore’s Common Criteria Scheme and CLS.

CSA and the Singapore Standards Council issued Technical Reference 91 on Consumer IoT Cybersecurity Labelling. This outlines how to design and construct secure consumer IoT devices according to CLS criteria.

At the end of April 2022, the two schemes were acknowledged by the manufacturers and more than two hundred products have been submitted for labelling under the four levels of CLS while twenty more products were submitted for evaluation at higher assurance levels under the SCCS.

CSA’s initiative through the “CLS-Ready” project helps manufacturers achieve the highest CLS security grade. This new programme was announced by Josephine Teo, Minister for Communications and Information and Minister-in-Charge of Smart Nation and Cybersecurity adding that the security functionalities provided by CLSReady hardware will no longer be needed to be tested again at the end-device level, allowing developers and manufacturers to save time and cost while not compromising on security.

Exclusive! Singapore OpenGov Leadership Forum Day 3

With the onset of the pandemic, there is no doubt that agencies and companies feel a more pressing need to ramp up cybersecurity infrastructure and network security models. Cyberattacks are getting more sophisticated, driven by accelerated digital transformation – moving to cloud, rolling out new applications and e-services at lightning speed – to address the needs of citizens and customers.

Combined with the surge in the use of end-point devices for remote working and the entry of new emerging technologies like IoT (Internet of Things), cybercriminals are having a field day, creating havoc in customer records, causing huge financial and intellectual property losses in public and private sector organisations alike.

The widespread move towards remote work and hence, the need for access and security have spurred investment in ZeroTrust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks.

The pandemic changed things and there is no turning back to an old reality. The question is: How can organisations keep up with the never-ending threat of cyberattacks and futureproofing themselves?

The 7th Annual Singapore OpenGov Leadership Forum 2022, Day 3, was held on 19 May 2022 at Singapore Marriott Tang Plaza Hotel. It convened digital leaders from the Singapore public sector and financial services industry to discuss, deliberate, share and plan for the next phase of transformation.

Security in a post-covid reality

Mohit Sagar: Technologies to cope with new demands in the new normal

Mohit Sagar, Group Managing Director, and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.

“We’re in the age of the metaverse,” Mohit claims, pointing out the growing trend of the metaverse. “The metaverse is where all the information will be sitting very soon. Everyone who does not know cryptocurrency will think that it is bad.”

Being a digital-first nation, Singapore is at the centre of attention. If the nation is not future-ready, it cannot be said to be prepared at all, Mohit claims. And in a future-ready country, data is foundational. Safe and wide access to data then becomes the challenge and goal.

With consumers and businesses operating in a more distributed fashion, the attack surface has widened more than ever before as well. Like in other parts of the world, cyber-attacks are becoming increasingly common in Singapore, Mohit acknowledges. Ransomware cases in Singapore rose 154% in 2020, clearly becoming a growing threat.

Against this backdrop, a new ransomware economy has emerged for attackers, enabled by ransomware-as-a-service providers. Attackers have grown sophisticated in executing double extortion attacks whereby sensitive data is exfiltrated under threat of release.

“The world is not the same as it was, but are organisations keeping up with the changes?” Mohit asks. “ About 95% of all successful cyber-attacks are caused by human error.”

People need more intel because the threat is ongoing. Cyberthreats will continue to evolve, Mohit claims. People can no longer hide behind security o stifle development and innovation. Organisations must embrace the risks, plan for them and push the envelope as far as possible.

In conclusion, he feels, the best approach to safeguard data is to look for partners who are experts in their field of work who can help organisations keep their glass full so that they can focus on their business objectives.

Acknowledging the changing frontiers of technology

Bidyut Dumra: Immerse, converse, traverse – life in the Metaverse

Bidyut Dumra, Executive Director & Head of Innovation DBS Bank spoke next on the rising trend of the metaverse.

In his current role, Bidyut looks after innovation in the bank and also furthers other areas of interest – metaverse, running an online gaming tournament and a network of gaming cafes. Bidyut begins by sharing his experience of working in different sectors.

As part of innovation at DBS, they do trend spotting and create a house field that dictates when to jump on a trend and how. According to Bidyut, the semblance of the metaverse came in 2019 and there were a few indicators that heralded it: 1) The typical persona of a gamer changed significantly. The number of gaming personas increased and the financial activity online has increased dramatically. 2) There was a dramatic increase in the popularity of e-sports and 3) Technology pushed that bridge between digital and physical experience.

Considering the trends, DBS began sponsoring championships, creating their team to compete and addressing gamer incentives. They invested heavily in understanding blockchain and went about creating their platform, tokens and digital assets.

“To put it simply, the metaverse is a digital reality,” Bidyut opines. “It is characterised by being real-time, its persistence and the experience of identity and assets. Within the metaverse, there can be multiple experiences of work, life, and play. With the metaverse, one can take on multiple avatars to mimic what people can do in their physical life.”

Each metaverse is a planet, where you can own land, assets (characters, clothes, etc.) and privileges, which can sometimes be transferred into the physical world. For instance, a ticket in the metaverse might grant you access to the physical world, and vice-versa. All transactions in the metaverse are stored in a blockchain – it is an underlying tech.

To serve and take advantage of this market and business opportunity, people are creating ancillary services and businesses, he notes. There are a lot of people are in the space – investments have gone up.

Ultimately, it is code, and code is built by people. This means that security falls back on the integrity of the code and the coder. He encourages delegates to take a closer look at metaverses because that is where the money and sentiment are heading towards.

Staying secure with Zero Trust

Scott Hesford: The Path the Zero Trust with least privilege

Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust elaborated on Zero Trust and how privileges can be applied.

“What is Zero Trust?” Scott begins. “It is an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users, assets, and resources.”

The Zero Trust framework is still fairly vague in terms of what specific technology is required and how to implement it. It has mostly been left up to technology vendors, agencies and organisations to determine what Zero Trust is. Consequently, it has become an industry buzzword that can mean many different things, depending on the vendor offering it.

Assets, users and devices are no longer confined in a physical structure behind a secured perimeter but instead scattered in a new cloud-based universe. Organisations can no longer rely on typical network controls for their security. Digital transformation – including cloud and workforce mobility – has vastly expanded the attack surface.

The Zero Trust model brings a lot of focus to the potential that something or someone within the network perimeter has been compromised.

Under the assumption that every user, request and server is untrusted until proven otherwise, a zero-trust solution dynamically and continually assesses trust every time a user or device requests access to a resource.

This approach prevents attackers from exploiting weaknesses in the perimeter to gain entry, and, once inside, move laterally to access confidential applications and data.

On the path to Zero Trust, NIST provides a clear playbook on how to adopt zero trust principles. He emphasises that zero trust is not a single set of technologies an organisation can purchase, but a guiding set of principles that organisations will gradually adopt as they shift resources from on-premises to the cloud and retire legacy architecture. In the implementation process, hybrid implementations are expected to continue, given the challenges of modernising legacy systems that may be incompatible with zero trust

In the adoption journey, the role of Privileged Access Management (PAM) is critical, Scott asserts. Applying the granularity of PAM to achieve Zero Trust objectives ensures all access is appropriate, managed and documented – regardless of how the perimeter has been redefined.

According to Scott, PAM enables Zero Trust in 8 ways:

Continuously enforces adaptive and just-in-time access controls based on context
Manages and enforces credential security best practices for all privileged passwords, secrets, and keys for accounts
Applies least privilege controls for every identity and account – human, application, machine, employee, vendor, etc.
Implements segmentation and micro-segmentation to isolate various assets, resources, and users to restrict lateral movement
Secures remote access with granular least privilege and adaptive capabilities well beyond that of VPNs, RDP, and other common remote access technologies
Secures access to control planes (cloud, virtual, DevOps) and sensitive applications
Continuously monitors, manages and audits every privileged session that touches the enterprise

BeyondTrust and ZeroTrust are solutions that support the smart, practical implementation of NIST’s Zero Trust security model without disrupting business processes. BeyondTrust solutions can be implemented with a Zero Trust Architecture (ZTA). Scott concludes that the hybrid approach provides companies with the ability to select the parts of the Zero Trust model that make sense to implement in their environment with a common-sense approach toward long-term security. In closing, he urges the delegates to consider Zero Trust adoption – a vital framework to keep the data safe.

Cyber resilience in face of evolving challenges

Soh Kiat Hiong: Keeping critical services resilient in the age of cyber threats

Soh Kiat Hiong, Head of System Engineering, Rubrik, shared thoughts on cyber resilience in the new normal.

“As we all know, ransomware is a clear and growing threat,” Kiat Hiong observes. “With consumers and businesses operating in a more distributed fashion, the attack surface has widened more than ever before as well”

Agreeing with Mohit, he acknowledges that a new ransomware economy has emerged for attackers, enabled by ransomware-as-a-service providers. Attackers have grown increasingly clever in deploying double extortion attacks in which critical data is taken under threat of release. There is a shift from an opportunistic approach to a targeted approach.

Ransomware as a service is making it easier for criminals to commit crimes. There is also a rise in high-profile ransomware incidences. “How do we secure and eliminate the surface area and ensure that data is encrypted?” Kiat Hiong asks.

For Kiat Hiong, resilience is about having data security that aligns with the Zero Trust data security framework. It is not just about backup and recovery but about understanding the magnitude of impact – about understanding, identifying the sensitive data, and tiering the recovery. To do that requires one to streamline the valuable information, understand the high-value data that is impacted and prevent re-infection.

Additionally, Kiat Hiong shares that Rubrik is also able to offer insights on cyber-attacks. Rubrik saw an opportunity in understanding what has happened and what has changed. When data is ingested, it allows them to understand the environment and prevent ransomware from reinfecting customers.

He highlights the use case in the public sector in Singapore. Before Rubrik stepped in, there were legacy platforms without an air gap, which has a big surface area for attack due to the separation between the backup and storage. As such, Rubrik implemented zero-trust data security to eliminate the surface area for an attack so that no data is presented online.

With Rubrik’s Zero Trust Data Security, the organisation:

Scaled-Out Simplicity with Zero Data Security
Removed storage online or on the network (native logical air gap)
Ensured that backups cannot be modified/encrypted (immutable file system)
Integrated with AWS S3 Immutable Object Lock
Guaranteed that major attacks are now recoverable events from the 1st copy

As a result, the organisation achieved:

80% Productivity Improvement
Accelerated DevTest with API (application programming interfaces) automation
Reduced Business Downtime with Instant Live Mount
Near 100% success rate

In concluding his presentation, Kiat Hiong outlined the 3 key pillars of Rubrik’s Zero Trust Data Security – Data Resilience, Data Observability and Data Recovery. More importantly, Rubrik is also able to give insights, conduct ransomware investigation and sensitive data discovery, and carry out threat hunting. He encourages the delegates to speak with him to further understand how Rubrik can assist organisations in the security of their data.

Polling results in the morning session

Throughout the morning session, delegates were polled on different topics.

The first poll inquired about key business initiatives for the next 12-18 months. Over a third (35%) are focused on improving employee productivity through digital technology, followed by modernising, and securing apps (29%), embedding compliance transparently in applications (18%), enabling real-time performance visibility and analysis (9%) and improving agility and delivery through Cloud Migration (9%).

Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Under a quarter (23%) indicated embracing cloud technology, be it public or private as the bulk of their budget. One section was equally divided between allocating the bulk of their budget to the digitalisation of processes to deliver better or ‘Smart’ services (19%) and improving integrity and governance while reducing inefficiency (19%). The rest indicated they would invest in leveraging IoT to improve processes and productivity (15%), enhancing or adopting AI (Artificial Intelligence) and Analytics for improving outcomes through forecasting, prediction, and optimisation (12%) or fortifying resilience (12%).

On the main motivator that is driving digital transformation, most (40%) are influenced by the desire to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better. Just over a quarter (28%) see a growing need to maximise value/insights from an increasing amount of data assets as a motivator. Others were split between the improved capability to manage an increasing amount of data at the edge locations while ensuring security and compliance (16%) and providing a consistent and seamless cloud-everywhere experience across a distributed organisation (16%).

Inquiring about concerns in the consideration to move to cloud, over half (52%) were anxious about security and governance. Other delegates were focussing on the need to re-skill talent (28%), operational costs (17%) or vendor lock-in (3%).

The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. Over a third (38%) found people and skillset the biggest issue, under a quarter chose data classification/data sovereignty/data residency and just over a fifth (21%) went with security and compliance risk. One group of the remaining delegates was evenly divided over executive support/top management strategy (7%) and legacy infrastructure (7%) while the rest (3%) said the budget was of concern.

Inquiring about the cyber security concerns that organisations are most worried about, about a third (32%) were concerned about phishing and spear-phishing campaigns. The remaining delegates are concerned about social engineering campaigns targeting employees/partners/users (29%), attacks on public-facing websites and infrastructure, e.g. SQLi, XSS, DDOS (25%) and attacks on remote access infrastructure, e.g. VPN compromise (14%).

On their plans to implement Zero Trust across their extended environment, most (47%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust. Other delegates were split between implementing zero trust with a primary focus on identifying our critical assets (42%) and making huge investments in different technologies and not sure where to start due to operational complexities (11%).

On the key driver for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over half (58%) identified Security/Data Protection/Breach Prevention as a key driver. That is followed by the desire to reduce endpoint, Insider and IoT security threats (16%). The remaining delegates were split between internal/Industry/Regulatory compliance (11%), operational efficiency (11%), and addressing hybrid IT (Information Technology) security issues (5%).

When asked about the approach that is for their organisation in evolving to SASE (Secure Access Service Edge), an overwhelming majority would take a best of breed approach to select partners that are most appropriate to my organisation’s needs (73%), followed by looking for partners who can provide complete SASE solution (27%).

In conversation: Digital Sovereignty – the impact on your cloud strategy

Melvin Koh, Head of Sales Engineering ASEAN, Thales

The polling was followed by a conversation between Mohit Sagar, Group Managing Director & Editor-In-Chief OpenGov Asia, Kenny Seah, Head of Identity Access Management, Adnovum Singapore and Melvin Koh, Head of Sales Engineering ASEAN, Thales.

The rapid and pervasive development of digital technology has brought ‘digital sovereignty’ to the forefront of many governments’ policy agendas. Many countries have introduced digital sovereignty laws of varying scope on account of concerns about cybersecurity, data privacy and sensitivity and cyber capabilities, often imposing broad restrictions on cross-border data transfer or introducing local content requirements for digital-related services.

Melvin explains that digital sovereignty is about an organisation’s control over hardware software and data controlled by the organisation, which is related to the data privacy act. It shifts the responsibility to the organisation to protect the data. He notes that the prevailing data protection challenge lies in instances where data is shared outwards or in use and emphasises the importance of seeing where the data is shared.

Mohit was curious about Kenny’s thoughts on the impact of digital sovereignty on the deployment of cloud strategy, to which Kenny observes the trend that more organisations are embarking on a cloud strategy. However, the missing focus is on the migration process – knowing how to do it and choosing the approaches. Organisations need to be aware of the different strategies.

Mohit adds that it is not a lift-and-shift play and that organisations need to re-organise their data when they adopt cloud technology. Kenny believes that the process of determining whether data can migrate to cloud is understanding whether data is protected through encryption, generalisation, tokenisation, and anonymisation to maintain the control.

Mohit concurs that data classification is a complex question and when thinking about a successful cloud strategy, 3 major pillars support digital sovereignty objectives: data sovereignty, operational sovereignty and software sovereignty.

Besides data sovereignty, which was mentioned by Melvin, Kenny offers definitions of the other two terms: 1) Operational Sovereignty – maintaining resilience and having control over operations and managing incidence when a breach is detected and 2) Software sovereignty – propriety control over the software that organisations or their vendor have developed or co-sourced. That arrangement needs to be well-protected through legal means so that organisations will have ownership of the software

Melvin feels that when moving to cloud, it always begins as hybrid cloud. Organisations at the start of the journey will need to classify what can be moved to cloud. They will have to understand the security they have on-prem and on their cloud service provider. It would be crucial to maintain the same level of security for both systems.

For organisations already in the cloud and have multiple clouds, management becomes an issue. There needs to be a centralised component to manage both clouds and maintain the lifecycle of the key.

In conclusion, Kenny added that data classification and complexity of multi-cloud strategy are considerations for organisations planning their cloud strategy and Melvin added that it is a journey that will require time and patience.

Strengthening security through SaaS

Lim Wee Jian: Transforming and security our apps: A SaaS approach

Lim Wee Jian, Senior Solutions Engineer Public Sector, VMware talked about the SaaS approach toward security.

VMware’s goal is to run more with existing resources and make their business run faster. He notes that the cloud migration has made data more distributed and VMware’s mission is to help organisations run more apps on any of the cloud at scale.

Cloud technology has its own set of complications, Wee Jian believes. It can be an inconsistent experience for operations or development – applications are leveraging on a cloud-native architecture which makes running applications and multi-cloud complicated.

There are many compelling reasons for modernising applications. COVID-19 has brought about a radical change in how businesses operate and deliver to consumer expectations. Technologies like Grabfood, Shopping website, Netflix and most importantly, Tracetogether, are good examples of the user experience becoming a digitally driven one.

Digital transactions are the new currency for services and this requires modern applications and systems that support a digital ecosystem. The ability to deliver new features and services rapidly is essential.

For businesses to remain competitive and agile, they would require systems that are fast, automated, and repeatable capabilities. Capabilities such as automated application building and deployment within hours or minutes including all phases of code and security testing.

More importantly, a digital system drives the need for cultural and operational change, and this needs a digital ecosystem that is well integrated and automated.

While building our modern application using cloud-native approach, we will need to inject security during development or operation time.

DevSecOps is a way of approaching IT security with an “everyone is responsible for security” mindset. It involves injecting security practices into an organization’s DevOps pipeline. The goal is to incorporate security into all stages of the software development workflow. The obvious advantage of doing this is that organisations can identify potential vulnerabilities and work on resolving them sooner – the earlier you find any bugs, the cheaper it will be for you to fix them.

About the factors contributing to the SaaS trend, Wee Jian mentioned:

Operational efficiency – Customers are looking at the time and cost benefits of using vendor-managed services.
Security – Customer looking at a vendor to take up the responsibility to maintain and update the software to resolve security vulnerabilities
Reliability – SLA is always sometime on top of our customer’s minds to ensure that the availability of services is guaranteed.
Allow enterprises to focus more on business and less on maintaining operations, security, and high availability

Using the Tanzu portfolio, Wee Jian demonstrates the processes involved in the context of the day-to-day work of building, delivering, and managing modern apps – from how to support developer velocity to operating in production at scale.

Wee Jian emphasises that it is an effort that requires tight collaboration across development, security, and operational teams, ensuring each team’s needs are met, but with a clear separation of concerns so that each role can be optimised for their jobs. Developers can focus on delivering key business logic. Security teams can ensure security and compliance guardrails are inserted end-to-end (and automated), and operations teams (or platform teams) can focus on the platform —and the applications and clusters running there.

In conclusion, Wee Jian believes that great modern software is not just about the tools but about the people and culture. Tanzu Lab is a consultancy service that can help the team scale their practice.

Buttressing your cyber recovery capabilities

Marcus Loh: Ransomware: Do you trust your current recovery capabilities?

Marcus Loh, General Manager, South Asia Data Protection Solutions, Dell Technologies spoke next on cyber recovery.

Marcus begins by emphasising that people cannot afford to be walled off even though that is the most secure position – businesses need a productive solution that can be deployed in their environments.

Unpacking the concept of cyber resiliency, Marcus explains, “Cybersecurity describes a company’s ability to protect against and avoid the increasing threat from cybercrime. Meanwhile, cyber resilience refers to a company’s ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. In essence, cyber resilience is about reducing the impact of a cyber event.”

The explosion of data is a pressing issue that many organisations face. COVID-19 expedited the process because brick-and-mortar establishments are going online. However, most organisations do not know what info they have and why they are keeping them.

What is making data retention policy problematic is when organisations keep it forever. He shares that only 15% of all data are mission-critical. Keeping data increases the attack surface – and especially so because people are working from home.

What he also observes is the unequal attention on prevention but not on recovery. However, he highlights that ransomware has been designed to target the backup.

He believes that traditional strategies are not enough to do the following:

Backup Server encryption
Backup encryption
DNS/AD down/corruption
Recovery performance in massive change rate, full application recovery
Full-stack recovery
Primary data encryption
Restore targets

It is easy to say that data recovery is about identifying the correct backup version and recovery but it is hard to tell if your backup is dirty. “How do you ensure that you have a clean backup copy?” Marcus asks.

In conclusion, he emphasises the importance of finding out the MVO (minimal viable organisation) of an organisation. He reiterates that organisations only need 15% of mission-critical applications to run their business in the event of a cyber event. “When you protect everything, you protect nothing,” Marcus claims.

Polling results in the afternoon session

Throughout the afternoon session, delegates were polled on different topics.

The first poll inquired about key business initiatives for the next 12-18 months. Most (47%) are focused on improving employee productivity through digital technology, followed by modernising and securing apps (27%) and improving agility and delivery through Cloud Migration (13%). The remainder were equally split over embedding compliance transparently in applications (7%) and enabling real-time performance visibility and analysis (7%).

Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Half (50%) indicated embracing cloud technology, be it public or private as the bulk of their budget. The remaining delegates allocated the bulk of their budget to fortifying cyber resilience (22%), digitalisation of processes to deliver better or ‘Smart’ services (17%), improving integrity and governance whilst reducing inefficiency (6%) and enhancing or adopting AI and Analytics for improving outcomes through forecasting, prediction, and optimisation (6%).

On the main motivator that is driving digital transformation, delegates were equally divided between speeding up their time-to-market to fully capitalise on business opportunities or to serve citizens better (31%) and improving their capability to manage an increasing amount of data at the edge locations while ensuring security and compliance (31%). The rest of the delegates are driven by the need to provide a consistent and seamless cloud-everywhere experience across a distributed organisation (15%).

Regarding key concerns in the consideration to move to cloud, most (47%) were focused on the need to re-skill talent (47%), followed by security and governance (40%) while the rest were looking at operational costs (13%).

About what they saw as the biggest challenge in digitalisation and cloud migration, half (50%) found people and skillset the biggest issue. The rest of the delegates found data classification/data sovereignty/data residency (21%) and security and compliance risk (21%) challenging. The remaining delegates found budget (7%) to be of concern.

Inquiring about the cyber security concerns that organisations are most worried about, most delegates (40%) were concerned about attacks on public-facing websites and infrastructure. (e.g., SQLi, XSS, DDOS). A third (33%) are concerned about phishing and spear-phishing campaigns. The remaining delegates are bothered about social engineering campaigns targeting employees/partners/users (20%) and attacks on remote access infrastructure, e.g., VPN compromise (7%).

On their plans to implement Zero Trust across their extended environment, most (67%) have already started implementing zero trust with a primary focus on identifying our critical assets and a third (33%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust.

Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, most (45%) identified Security/Data Protection/Breach Prevention as critical and was followed by internal/Industry/Regulatory compliance (18%). The rest of the delegates are evenly split between the desire to reduce endpoint, Insider and IoT security threats (9%), operational efficiency (9%), response to audit or security incidents (9%) and addressing hybrid IT security issues (9%).

Inquiring about the approach for their organisation in evolving to SASE (Secure Access Service Edge), an overwhelming majority (75%) would take a best-of-breed approach to select partners that are most appropriate to the organisation’s needs. The rest said they would be staying with existing partners, consolidating as necessary (17%) or are looking for partners who can provide a complete SASE solution (8%).

Closing

To conclude the day, Mohit stresses the importance of getting started on the journey of securing data and information. It is the only way to stay relevant in face of changing realities. For Mohit, there is a need to take a serious look at security and data recovery – attacks are inevitable. It is crucial because organisations are focusing on technologies to keep their most vulnerable populations safe and secure – kids, seniors, families and communities.

May 28, 2022

Join our 7th Annual Singapore OpenGov Leadership Forum 17 - 20 May 2022 - Click here for more details

We are creating some awesome events for you. Kindly bear with us.

Enterprise Singapore launches Scale-up SG to transform high-growth businesses

Singapore’s IMCS Initiates Two Anti-Scam Projects

Data for All Project Serves Vulnerable Groups in Singapore

Singapore’s MTI Unwraps Food Services Industry Transformation Map 2025

Singapore, African Union’s Digital Covid-19 Vax Validation Begins

Exclusive! Singapore OpenGov Leadership Forum Day 4

Singapore’s CAS, NTU Unveils NiCE for Cybersecurity Measures

Exclusive! Singapore OpenGov Leadership Forum Day 3

Recommended Stories

Singapore’s IMCS Initiates Two Anti-Scam Projects

Data for All Project Serves Vulnerable Groups in Singapore

Singapore’s MTI Unwraps Food Services Industry Transformation Map 2025

Singapore, African Union’s Digital Covid-19 Vax Validation Begins

Exclusive! Singapore OpenGov Leadership Forum Day 4

Singapore’s CAS, NTU Unveils NiCE for Cybersecurity Measures

Cyber Security Legislation Proposed in Hong Kong

U.S. Study Identifies ML Framework to Increase Productivity

NSW Investing In ‘Smart Spaces’

Digital Trading, MSMEs Boost Indonesia’s Digital Economy

IPOPHL Creates Geographical Markers to Enhance Unique Products

Singapore’s IMCS Initiates Two Anti-Scam Projects

Exclusive! Unlocking Critical Business Insights for Growth