As part of the Singapore government’s objective to harness the capabilities of commercial cloud computing platforms to governmental systems, many public sector agencies are migrating their IT systems to the Government Commercial Cloud (GCC). Government agencies can use commercial clouds to incorporate advanced functionality into their digital services thanks to the GCC, which eliminates the need for them to set up their own data centres.
Agencies require a reliable and secure data management platform that allows for quick migration to the GCC, high data quality and managed data access for users. As a result, choosing the correct data strategy and the long-term platform is even more crucial in their migration to the GCC. In light of this, Singapore’s Government Technology Agency (GovTech) is upgrading the Government Commercial Cloud (GCC) service to make it easier for government agencies to manage and safeguard their use of public cloud services.
According to Kevin Ng, Director of Core Operations Development Environment and Exchange at GovTech, the upgraded service, dubbed GCC 2.0, boasts enhancements in user onboarding and security, among other areas. Speaking at the virtual conference, Ng said the enhancements are being made in response to feedback from GCC users and the learnings that GovTech has gleaned from managing the service. The change in mindset about cloud as code and software, rather than a distinct form of on-premise hardware infrastructure, is the foundation for GCC 2.0’s advancements.
“Today we still think of a cloud as a piece of hardware. We still like to review our architecture diagrams, but it’s also useful to put this architecture into code and deploy it,” said Goh. “And if it is incorrect, let’s tear it down and redeploy again. We no longer need to be constrained by the art of planning in a waterfall manner.”
According to GovTech, the government has around 600 systems on the cloud and is on track to have 70% of eligible systems on the cloud by the end of the year. A good chance for individuals and businesses, as well as the addition of new public services.
In addition, GovTech is making things easier with TechPass, a single sign-on service that gives users access to cloud management portals, public cloud services, and engineering tools in the Singapore Government Technology Stack (SGTS), a compendium of shared software and infrastructure services for quickly developing and testing new applications.
TechPass is part of the Seed security suite, which combines the concept of zero trust with other parts of cloud-based access restrictions to create a secure endpoint device platform. Only secure and authorised devices will be able to develop and manage government cloud apps due to this.
OpenGov Asia reported that the official opening of a Data Science and Artificial Intelligence (DS&AI) Lab was recently announced with the support of the Singapore Economic Development Board (EDB). Singapore’s IT manufacturer and Nanyang Technological University’s (NTU) collaborated to enhance local DS&AI education, empowering students with the tech tools and skills needed to inspire a brighter future.
The Lab will put together the IT firm’s cutting-edge deep-learning technology with NTU’s global strengths in artificial intelligence and data science, allowing local data scientists and AI experts to pioneer the development of meaningful AI solutions in important industries. According to NTU, the Lab was still in the planning stages in 2018, and roughly 150 NTU students enrolled in the Bachelor of Science in Data Science and Artificial Intelligence programme have benefited from the Lab’s resources since then.
These undergraduates attended lessons at the Lab and used the IT company’s sponsored servers to access computing capabilities for their projects and other activities. This effort also aims to help Singapore’s AI programme and its transition to Industry 4.0.
The Ministry of Health recently informed that it has issued more than 14 million electronic COVID-19 vaccine passports to the general public, a month after its official rollout on 15 April. The passport is available on the government’s mobile application, PC COVID-19, which is available on both iOS and Android stores or Digital Health (So suc khoe dien tu) apps. By providing a secure and easy-to-use digital mechanism to verify vaccination statuses, governments can accelerate the re-opening of the economy and build a secure and trusted foundation for further digital healthcare initiatives in the future.
The vaccine passports have 11 fields of information: name, date of birth, nationality, the targeted disease, doses of vaccines received, date of vaccination, lot number of the vaccine batch, type of vaccine, vaccine product received, the vaccine manufacturer, and a code for the certification. The digital passports display all vaccine data in both Vietnamese and English. Data has been encoded into a QR code, which expires after 12 months. Following their expiry, people will be notified, and a new QR code will be created.
According to a government statement, the health ministry has urged relevant authorities and subordinate units to complete updating information regarding 34 more million doses before 1 June to facilitate the issuance of COVID-19 vaccine passports. The ministry had also requested localities to implement vaccine information clarification procedures. Medical staff and police officers in the localities are in charge of the process. As regulated, immunisation facilities must check and verify information on vaccination data. Inaccurate information will be sent to local police officers and the corrected data will be sent back to the Department of Preventive Medicine for a digital signature. The data with a digital signature will be sent to the management system for the issuance of a vaccine passport.
The vaccine passports are issued free of charge to all citizens, according to officials. Citizens are not required to go through any additional procedures except to check that their data is correct and complete. In case the information is not correct or not available, they must send feedback on the vaccination portal system. The vaccine passports were rolled out on a trial basis in late March for those vaccinated against COVID-19 at Ha Noi’s three major hospitals. Vietnam has so far reached a mutual recognition of vaccine passports with 27 European Union countries and 54 nations and territories.
Earlier this month, ASEAN member countries announced their support for a digital technology convergence to develop a globally-accepted vaccine passport. The Indonesian Health Minister, Budi Gunadi Sadikin, said at a press conference that ASEAN will issue a joint statement on its countries’ adoption of health protocol standards. The proposed vaccine passport will adopt an overseas travel passport mechanism utilised by each country’s immigration authority for ascertaining a traveller’s identity. Sadikin also noted that ASEAN health ministers have approved the establishment of an ASEAN Centre for Public Health Emergencies and Emerging Diseases (ACPHEED) as a collaborative effort to deal with extraordinary events and future pandemics. The three pillars of ACPHEED are surveillance or detection, response, and risk management, which are supported by three ASEAN representative countries, namely Vietnam, Thailand, and Indonesia.
Thailand’s Digital Economy Promotion Agency (DEPA) offers a Smart Living Solutions programme that intends to link the demands of digital technology applications in the government, municipal, and regional sectors with the private sector, which is willing to work on Smart City Services via public-private partnerships (PPP).
Along with increasing expertise, the goal is to create awareness and prepare cities and the business sector to develop initiatives for sustainable smart city services. DEPA promoted cooperative partnerships to build and extend a model for offering smart city services to local governments in the future. It also encourages collaboration in the creation of tangible smart city services.
The initiative, which was the first of its kind to create a matching channel between the city and the private sector for digital service providers, was carried out with the participation of over a hundred persons.
Meanwhile, to drive the development of smart cities the city must have a clear and ongoing roadmap. Nattapon Nimmanphatcharin, DEPA Chief Executive stated that smart cities need a clear, continuing strategy to enhance the quality of life and assure sustainability of the residents.
“The city must have a clear and ongoing roadmap and efficient management of city-data as well as the infrastructure investment must be planned to improve the quality of life of people. These would find available solutions to meet the needs of different areas of the city and are supervised by residents to ensure sustainability,” said Nimmanphatcharin during the recently held seminar titled Smart City Roadshow 2022 organized by Surat Thani Provincial Administrative Organization and partner agencies from both the public and private sectors.
Surat Thani Province joins the Smart Cities of Thailand, and a combination of the government, the corporate, the academic, and the people’s sectors will boost their digital demands.
In order for Surat Thani Province to reach its goal of being a vibrant smart city with a high quality of life, the province continuously organizes conferences and seminars for urban development with technology and innovation as well as exhibitions and talks to promote technology and smart city’s innovation knowledge.
Furthermore, DEPA recently took part in a seminar called Intensive Cybersecurity Fundamentals for Smart Cities. The cybersecurity professionals from Carnegie Mellon University’s Software Engineering Institute led the workshops and provided the training material for the event.
It is essential for those who are driving the development of smart cities to have an awareness of the primary cybersecurity components that comprise a smart city. Participants in this event will have access to suggestions that will help them develop strategies for the integration of all key industries.
Activities that are useful to the development of smart cities in Thailand are going to be organized and new activities are going to be created to secure a foundation for the development of intelligent cities while maintaining a focus on data privacy and protection.
Training courses may cover a broad range of subjects, from improving the understanding of what precisely a “Smart City” is to discover the most effective methods for governance and risk management across a spectrum of different sorts of smart cities.
The Centre for Development of Telematics (C-DOT) recently inked a memorandum of understanding (MoU) with one of India’s largest telecom operators to help simplify the deployment of Internet of Things (IoT) solutions and foster interoperability among devices and applications as per oneM2M (machine to machine) architecture.
IoT adoption has become critical in any organisation’s digital transformation journey. However, in the current deployments, certain operational challenges prevent businesses from taping into the technology’s true potential. Some issues include device network compatibility, over-the-air firmware upgrades, remote device configuration, security vulnerabilities, and implementation in siloes with proprietary protocols.
To address these challenges, C-DOT and the telecom operator have agreed to evaluate applications and devices from various solution providers against oneM2M specifications and offer joint certificates. A government official said that the partnership is an opportunity to “see the oneM2M specifications in action” in a diverse set of sectors and applications, from smart energy to connected cars. C-DOT’s indigenously-developed oneM2M-based Common Services Platform (CCSP) is expected to benefit the IoT industry. The collaboration presents opportunities for device and application providers to deploy their solutions in telecom operators’ networks. The platform will enable application providers to use a robust middleware framework with all necessary underlying common services to deploy a secure oneM2M-compliant solution.
C-DOT is a leading telecommunications research and development organisation that runs under the Ministry of Communications. It carries out advanced research activities in optical communication, wireless technologies, switching and routing, IoT/M2M, artificial intelligence, and advanced security solutions, among others.
Over the years, the automotive, energy, healthcare, smart cities, and logistics industries have ramped up IoT investments. A recent survey showed that the IoT market in India could touch US$ 9.28 billion by 2025, up from US$ 4.98 billion in 2020.
Government agencies are also working together to foster the IoT ecosystem in the country. For instance, earlier this month, C-DOT signed an MoU with the Centre for Development of Advanced Computing (C-DAC) to collaborate in areas of telecommunications and information communication technologies (ICT), activities in 4G/5G services, broadband, IoT/M2M, packet core, and computing. As OpenGov Asia reported, the two sides also planned to sign Specific Project Agreements as and when required to enumerate the specific roles and responsibilities.
C-DOT is keen on aligning its indigenous R&D endeavours with C-DAC’s to meet the overarching objectives of national development, an official had stated. Both C-DOT and C-DAC are leaders in their respective areas and the MoU can foster strong cooperation and develop state-of-the-art technologies. The agreement will strengthen and secure national networks, boost seamless connectivity, and deploy advanced tech-based applications to make India self-reliant.
C-DAC is a premier institute for the design, development, and deployment of electronic and ICT technologies and applications for socio-economic advancement. It aims to expand the frontiers of ICT in the country, and evolve technology solutions, architectures, systems, and standards for India-specific problems. It rapidly and effectively spreads digital knowledge by overcoming language barriers through cutting-edge technologies, sharing IT experience and expertise, fostering digital inclusion, and utilising the intellectual property generated by converting it into business opportunities.
Researchers from the California Institute of Technology (Caltech) discovered that a deep-learning technology tag, known as Neural-Fly, could assist flying robots known as “drones” in adapting to any weather conditions.
Drones are now flown under controlled conditions, without wind, or by people using software or remote controls. The flying robots have been trained to take off in formation in the open air, although these flights are typically undertaken under perfect conditions.
However, for drones to autonomously perform important but mundane duties, such as package delivery or airlifting injured drivers from traffic accidents, they must be able to adapt to real-time wind conditions.
With this, a team of Caltech engineers has created Neural-Fly, a deep-learning technology that enables drones to adapt to new and unexpected wind conditions in real-time by merely adjusting a few essential parameters. Neural-Fly is discussed in newly published research titled “Neural-Fly Enables Rapid Learning for Agile Flight in Strong Winds” in Science Robotics.
The issue is that the direct and specific effect of various wind conditions on aircraft dynamics, performance, and stability cannot be accurately characterised as a simple mathematical model.
– Soon-Jo Chung, Bren Professor of Aerospace and Control and Dynamical Systems and Jet Propulsion Laboratory Research Scientist
Chung added that they employ a combined approach of deep learning and adaptive control that enables the aircraft to learn from past experiences and adapt to new conditions on the fly, with stability and robustness guarantees, as opposed to attempting to qualify and quantify each effect of the turbulent and unpredictable wind conditions they frequently encounter when flying.
Neural-Fly was evaluated at Caltech’s Center for Autonomous Systems and Technologies (CAST) utilising its Real Weather Wind Tunnel, a 10-foot-by-10-foot array of more than 1,200 tiny computer-controlled fans that enables engineers to mimic everything from a mild breeze to a gale.
Numerous models derived from fluid mechanics are available to researchers but getting the appropriate model quality and tweaking that model for each vehicle, wind condition, and operating mode is difficult.
Existing machine learning methods, on the other hand, demand massive amounts of data for training, but cannot match the flying performance attained by classical physics-based methods. Adapting a complete deep neural network in real-time is a monumental, if not impossible, undertaking.
According to the researchers, Neural-Fly addresses these challenges by utilising a technique known as separation, which requires only a few parameters of the neural network to be altered in real-time. This is accomplished using their innovative meta-learning technique, which pre-trains the neural network so that only these critical parameters need to be changed in order to successfully capture the changing environment.
After only 12 minutes of flying data, autonomous quadrotor drones outfitted with Neural-Fly learn how to respond to severe winds so well that their performance improves dramatically as judged by their ability to precisely follow a flight route.
When compared to drones equipped with current state-of-the-art adaptive control algorithms that identify and respond to aerodynamic effects but lack deep neural networks, the error rate following that flight path is between 2.5 to 4 times lower.
Landing may appear more difficult than flight, however, Neural-Fly can learn in real-time, unlike previous systems. As a result, it can react on the fly to wind variations and does not require post-processing.
In-flight tests were done outside of the CAST facility; Neural-Fly functioned just as well as it did in the wind tunnel. Additionally, the researchers showed that flight data collected by one drone can be transferred to another, establishing a knowledge pool for autonomous cars.
The drones were outfitted with a typical, off-the-shelf flight control computer utilised by the drone research and enthusiast communities. Neural-Fly was built into an onboard Raspberry Pi 4 computer, which is the size of a credit card and costs roughly $20.
Australia’s national science agency, CSIRO, and a Finnish industrial machinery company have signed a global exclusive cooperation agreement on the delivery of SwirlFlow® agitation technology for the Bauxite and Alumina sector outside of China.
The combination of the companies’ leading expertise in their respective fields will allow the parties to create the strongest offering to the market for the use of this technology in the refinery precipitation tanks.
The Director of Light Metals at the industrial machinery company stated that sustainability is a top priority for the firm. In addition to their own investments to develop technology for sustainable alumina processing, they announced their cooperation with CSIRO. This partnership will allow the firm to meet its customers’ growing demands such as lower capital installation, reduced spare parts costs and an increase in precipitation tank availability.
CSIRO’s leading technology in SwirlFlow® agitation has been pioneered at a tier-one refinery precipitation tanks, leading to significantly reduced maintenance costs and improved operational time between descaling events stated that the Research Program Director for Processing at CSIRO.
In the minerals processing industry, large mixing tanks are utilised to provide a variety of continuous hydrometallurgical processes including leaching (digestion), precipitation, adsorption, oxidation, tailings washing and neutralisation. Usually, single or multiple impellers with vertical baffles inside these tanks are utilised for mixing and to create suspensions of solid materials.
Traditional long-shaft agitators are expensive and difficult to clean during maintenance shutdowns. They may also bog in solids that settle on the bottom of the tank. These issues result in losses of production as well as high maintenance costs.
The technology has significantly lower capital and operating costs compared to traditional agitation systems, cutting installation costs by up to a third. It incorporates a short shaft and a novel impeller design to create a tornado-like vortex flow. As it integrates a short shaft, the technology does not bog in settled solids and is easier to clean. This reduces downtime and maintenance costs. Furthermore, it can achieve the same mixing performance as traditional agitators with lower power consumption, further reducing operating costs.
The technology has been deployed at the Queensland Alumina refinery in Australia and is being evaluated for other alumina refineries in Australia and overseas. In addition, it is also being tested for leaching applications in iron ore, gold, and uranium plants.
The technology has been designed for slurry tanks:
- as a short-shaft system to reduce the mechanical failure risks common in conventional agitator systems
- as a low-weight, lower-cost replacement or new agitator system for gold carbon-in-pulp (CIP) leach and process tanks.
- where downstream pumps are starved of feed due to sedimentation blockage of the pump inlet pipe
- to address the build-up of inventory, scale or sediment that reduces tank online time, or results in a premature stoppage of the tanks.
The capital cost of the technology is around 50% less than traditional technologies and, similarly, the maintenance costs are also much lower, in part due to the lower wear rates than for the impellers used in traditional systems.
Conversion to the technology is both a major capital cost saving and provides long-term operating advantages including a significantly lower tank scaling rate. This means that the tank can stay operational for much longer, increasing production and reducing costs.
The Material Engineering Student Association (MTM) of the Bandung Institute of Technology (ITB) in Indonesia has built a 1 kWh-capable electric turbine. This activity was a part of the institute’s Bright Wind Programme, a community service whose primary focus is on advancing the local community.
In their latest project, Bright Wind MTM Team has done a preliminary site inspection to gather some information on the site’s location, soil qualities, wind conditions, and the quantity of power (kWh) required by the site. After performing a survey and collecting data, the Kanaan Elementary School was selected as the receiver of a 1 kWh system.
“First, when electricity is successfully supplied through this PLTB, the children in Indragiri [District] Village are happy and excited because they can do gymnastics using songs electronically,” said Dede Iskandar Usman, Kanaan Elementary School Principal.
Usman continued by saying that the Bright Wind Project will undoubtedly bring about alterations and modifications for the Indragiri residents’ chances of survival. The Bright Wind MTM Team then proceeded to carry out the design of the wind power plant (Pembangkit Listrik Tenaga Bayu/PLTB) after having first determined the amount of electricity that would be produced and its precise location. PLTB is a type of power plant known as a wind power plant that generates electricity by harnessing the power of the wind.
The design is geared toward making the PLTB meet its requirements, which include things like height, the shape of the turbine blades, the structure, the material, and other requirements.
The process of manufacturing is helped along in this company by its partners. Beginning with the provision of workshops and continuing through the assistance provided in the production of draft drawings from existing blueprints and the supervision of student work via the provision of instructions regarding the production of the PLTB itself.
In the same workshop where the PLTB was first broken down into its component parts, the Bright Wind Team later put everything back together. After the assembly was finished, it was evaluated to determine whether it met the requirements. At that point, the Bright Wind Team removed the PLTB, which was then transported to Kanaan to be re-installed. This is essential when one considers the treacherous nature of the landscape that must be traversed to get to the destination.
During the process of this installation, the Bright Wind team was able to save time because there was basically already a mains cable that had already been installed. This is because in the previous years there were electric turbine installations, but the electricity that they produced was of lower quality.
To supply electricity to the entirety of the Kanaan Elementary School building, the Bright Wind team only needed to connect the control panel to the main cable, which was made possible by the main cable itself.
The Bright Wind project is also very helpful in making the activities of teaching and learning at Kanaan Elementary School run more smoothly because it has been made possible by the availability of electricity.
ITB was Indonesia’s first technical high school, and it was the first school in the country to provide socialization classes for elementary children as well as entrance exams for state universities for high school students. After being without electricity for 39 years, the village was finally able to get power thanks to a combined effort from many research projects and business partners.
With the onset of the pandemic, there is no doubt that agencies and companies feel a more pressing need to ramp up cybersecurity infrastructure and network security models. Cyberattacks are getting more sophisticated, driven by accelerated digital transformation – moving to cloud, rolling out new applications and e-services at lightning speed – to address the needs of citizens and customers.
Combined with the surge in the use of end-point devices for remote working and the entry of new emerging technologies like IoT (Internet of Things), cybercriminals are having a field day, creating havoc in customer records, causing huge financial and intellectual property losses in public and private sector organisations alike.
The widespread move towards remote work and hence, the need for access and security have spurred investment in ZeroTrust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks.
The pandemic changed things and there is no turning back to an old reality. The question is: How can organisations keep up with the never-ending threat of cyberattacks and futureproofing themselves?
The 7th Annual Singapore OpenGov Leadership Forum 2022, Day 3, was held on 19 May 2022 at Singapore Marriott Tang Plaza Hotel. It convened digital leaders from the Singapore public sector and financial services industry to discuss, deliberate, share and plan for the next phase of transformation.
Security in a post-covid reality
Mohit Sagar, Group Managing Director, and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
“We’re in the age of the metaverse,” Mohit claims, pointing out the growing trend of the metaverse. “The metaverse is where all the information will be sitting very soon. Everyone who does not know cryptocurrency will think that it is bad.”
Being a digital-first nation, Singapore is at the centre of attention. If the nation is not future-ready, it cannot be said to be prepared at all, Mohit claims. And in a future-ready country, data is foundational. Safe and wide access to data then becomes the challenge and goal.
With consumers and businesses operating in a more distributed fashion, the attack surface has widened more than ever before as well. Like in other parts of the world, cyber-attacks are becoming increasingly common in Singapore, Mohit acknowledges. Ransomware cases in Singapore rose 154% in 2020, clearly becoming a growing threat.
Against this backdrop, a new ransomware economy has emerged for attackers, enabled by ransomware-as-a-service providers. Attackers have grown sophisticated in executing double extortion attacks whereby sensitive data is exfiltrated under threat of release.
“The world is not the same as it was, but are organisations keeping up with the changes?” Mohit asks. “ About 95% of all successful cyber-attacks are caused by human error.”
People need more intel because the threat is ongoing. Cyberthreats will continue to evolve, Mohit claims. People can no longer hide behind security o stifle development and innovation. Organisations must embrace the risks, plan for them and push the envelope as far as possible.
In conclusion, he feels, the best approach to safeguard data is to look for partners who are experts in their field of work who can help organisations keep their glass full so that they can focus on their business objectives.
Acknowledging the changing frontiers of technology
Bidyut Dumra, Executive Director & Head of Innovation DBS Bank spoke next on the rising trend of the metaverse.
In his current role, Bidyut looks after innovation in the bank and also furthers other areas of interest – metaverse, running an online gaming tournament and a network of gaming cafes. Bidyut begins by sharing his experience of working in different sectors.
As part of innovation at DBS, they do trend spotting and create a house field that dictates when to jump on a trend and how. According to Bidyut, the semblance of the metaverse came in 2019 and there were a few indicators that heralded it: 1) The typical persona of a gamer changed significantly. The number of gaming personas increased and the financial activity online has increased dramatically. 2) There was a dramatic increase in the popularity of e-sports and 3) Technology pushed that bridge between digital and physical experience.
Considering the trends, DBS began sponsoring championships, creating their team to compete and addressing gamer incentives. They invested heavily in understanding blockchain and went about creating their platform, tokens and digital assets.
“To put it simply, the metaverse is a digital reality,” Bidyut opines. “It is characterised by being real-time, its persistence and the experience of identity and assets. Within the metaverse, there can be multiple experiences of work, life, and play. With the metaverse, one can take on multiple avatars to mimic what people can do in their physical life.”
Each metaverse is a planet, where you can own land, assets (characters, clothes, etc.) and privileges, which can sometimes be transferred into the physical world. For instance, a ticket in the metaverse might grant you access to the physical world, and vice-versa. All transactions in the metaverse are stored in a blockchain – it is an underlying tech.
To serve and take advantage of this market and business opportunity, people are creating ancillary services and businesses, he notes. There are a lot of people are in the space – investments have gone up.
Ultimately, it is code, and code is built by people. This means that security falls back on the integrity of the code and the coder. He encourages delegates to take a closer look at metaverses because that is where the money and sentiment are heading towards.
Staying secure with Zero Trust
Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust elaborated on Zero Trust and how privileges can be applied.
“What is Zero Trust?” Scott begins. “It is an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users, assets, and resources.”
The Zero Trust framework is still fairly vague in terms of what specific technology is required and how to implement it. It has mostly been left up to technology vendors, agencies and organisations to determine what Zero Trust is. Consequently, it has become an industry buzzword that can mean many different things, depending on the vendor offering it.
Assets, users and devices are no longer confined in a physical structure behind a secured perimeter but instead scattered in a new cloud-based universe. Organisations can no longer rely on typical network controls for their security. Digital transformation – including cloud and workforce mobility – has vastly expanded the attack surface.
The Zero Trust model brings a lot of focus to the potential that something or someone within the network perimeter has been compromised.
Under the assumption that every user, request and server is untrusted until proven otherwise, a zero-trust solution dynamically and continually assesses trust every time a user or device requests access to a resource.
This approach prevents attackers from exploiting weaknesses in the perimeter to gain entry, and, once inside, move laterally to access confidential applications and data.
On the path to Zero Trust, NIST provides a clear playbook on how to adopt zero trust principles. He emphasises that zero trust is not a single set of technologies an organisation can purchase, but a guiding set of principles that organisations will gradually adopt as they shift resources from on-premises to the cloud and retire legacy architecture. In the implementation process, hybrid implementations are expected to continue, given the challenges of modernising legacy systems that may be incompatible with zero trust
In the adoption journey, the role of Privileged Access Management (PAM) is critical, Scott asserts. Applying the granularity of PAM to achieve Zero Trust objectives ensures all access is appropriate, managed and documented – regardless of how the perimeter has been redefined.
According to Scott, PAM enables Zero Trust in 8 ways:
- Continuously enforces adaptive and just-in-time access controls based on context
- Manages and enforces credential security best practices for all privileged passwords, secrets, and keys for accounts
- Applies least privilege controls for every identity and account – human, application, machine, employee, vendor, etc.
- Implements segmentation and micro-segmentation to isolate various assets, resources, and users to restrict lateral movement
- Secures remote access with granular least privilege and adaptive capabilities well beyond that of VPNs, RDP, and other common remote access technologies
- Secures access to control planes (cloud, virtual, DevOps) and sensitive applications
- Continuously monitors, manages and audits every privileged session that touches the enterprise
BeyondTrust and ZeroTrust are solutions that support the smart, practical implementation of NIST’s Zero Trust security model without disrupting business processes. BeyondTrust solutions can be implemented with a Zero Trust Architecture (ZTA). Scott concludes that the hybrid approach provides companies with the ability to select the parts of the Zero Trust model that make sense to implement in their environment with a common-sense approach toward long-term security. In closing, he urges the delegates to consider Zero Trust adoption – a vital framework to keep the data safe.
Cyber resilience in face of evolving challenges
Soh Kiat Hiong, Head of System Engineering, Rubrik, shared thoughts on cyber resilience in the new normal.
“As we all know, ransomware is a clear and growing threat,” Kiat Hiong observes. “With consumers and businesses operating in a more distributed fashion, the attack surface has widened more than ever before as well”
Agreeing with Mohit, he acknowledges that a new ransomware economy has emerged for attackers, enabled by ransomware-as-a-service providers. Attackers have grown increasingly clever in deploying double extortion attacks in which critical data is taken under threat of release. There is a shift from an opportunistic approach to a targeted approach.
Ransomware as a service is making it easier for criminals to commit crimes. There is also a rise in high-profile ransomware incidences. “How do we secure and eliminate the surface area and ensure that data is encrypted?” Kiat Hiong asks.
For Kiat Hiong, resilience is about having data security that aligns with the Zero Trust data security framework. It is not just about backup and recovery but about understanding the magnitude of impact – about understanding, identifying the sensitive data, and tiering the recovery. To do that requires one to streamline the valuable information, understand the high-value data that is impacted and prevent re-infection.
Additionally, Kiat Hiong shares that Rubrik is also able to offer insights on cyber-attacks. Rubrik saw an opportunity in understanding what has happened and what has changed. When data is ingested, it allows them to understand the environment and prevent ransomware from reinfecting customers.
He highlights the use case in the public sector in Singapore. Before Rubrik stepped in, there were legacy platforms without an air gap, which has a big surface area for attack due to the separation between the backup and storage. As such, Rubrik implemented zero-trust data security to eliminate the surface area for an attack so that no data is presented online.
With Rubrik’s Zero Trust Data Security, the organisation:
- Scaled-Out Simplicity with Zero Data Security
- Removed storage online or on the network (native logical air gap)
- Ensured that backups cannot be modified/encrypted (immutable file system)
- Integrated with AWS S3 Immutable Object Lock
- Guaranteed that major attacks are now recoverable events from the 1st copy
As a result, the organisation achieved:
- 80% Productivity Improvement
- Accelerated DevTest with API (application programming interfaces) automation
- Reduced Business Downtime with Instant Live Mount
- Near 100% success rate
In concluding his presentation, Kiat Hiong outlined the 3 key pillars of Rubrik’s Zero Trust Data Security – Data Resilience, Data Observability and Data Recovery. More importantly, Rubrik is also able to give insights, conduct ransomware investigation and sensitive data discovery, and carry out threat hunting. He encourages the delegates to speak with him to further understand how Rubrik can assist organisations in the security of their data.
Polling results in the morning session
Throughout the morning session, delegates were polled on different topics.
The first poll inquired about key business initiatives for the next 12-18 months. Over a third (35%) are focused on improving employee productivity through digital technology, followed by modernising, and securing apps (29%), embedding compliance transparently in applications (18%), enabling real-time performance visibility and analysis (9%) and improving agility and delivery through Cloud Migration (9%).
Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Under a quarter (23%) indicated embracing cloud technology, be it public or private as the bulk of their budget. One section was equally divided between allocating the bulk of their budget to the digitalisation of processes to deliver better or ‘Smart’ services (19%) and improving integrity and governance while reducing inefficiency (19%). The rest indicated they would invest in leveraging IoT to improve processes and productivity (15%), enhancing or adopting AI (Artificial Intelligence) and Analytics for improving outcomes through forecasting, prediction, and optimisation (12%) or fortifying resilience (12%).
On the main motivator that is driving digital transformation, most (40%) are influenced by the desire to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better. Just over a quarter (28%) see a growing need to maximise value/insights from an increasing amount of data assets as a motivator. Others were split between the improved capability to manage an increasing amount of data at the edge locations while ensuring security and compliance (16%) and providing a consistent and seamless cloud-everywhere experience across a distributed organisation (16%).
Inquiring about concerns in the consideration to move to cloud, over half (52%) were anxious about security and governance. Other delegates were focussing on the need to re-skill talent (28%), operational costs (17%) or vendor lock-in (3%).
The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. Over a third (38%) found people and skillset the biggest issue, under a quarter chose data classification/data sovereignty/data residency and just over a fifth (21%) went with security and compliance risk. One group of the remaining delegates was evenly divided over executive support/top management strategy (7%) and legacy infrastructure (7%) while the rest (3%) said the budget was of concern.
Inquiring about the cyber security concerns that organisations are most worried about, about a third (32%) were concerned about phishing and spear-phishing campaigns. The remaining delegates are concerned about social engineering campaigns targeting employees/partners/users (29%), attacks on public-facing websites and infrastructure, e.g. SQLi, XSS, DDOS (25%) and attacks on remote access infrastructure, e.g. VPN compromise (14%).
On their plans to implement Zero Trust across their extended environment, most (47%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust. Other delegates were split between implementing zero trust with a primary focus on identifying our critical assets (42%) and making huge investments in different technologies and not sure where to start due to operational complexities (11%).
On the key driver for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over half (58%) identified Security/Data Protection/Breach Prevention as a key driver. That is followed by the desire to reduce endpoint, Insider and IoT security threats (16%). The remaining delegates were split between internal/Industry/Regulatory compliance (11%), operational efficiency (11%), and addressing hybrid IT (Information Technology) security issues (5%).
When asked about the approach that is for their organisation in evolving to SASE (Secure Access Service Edge), an overwhelming majority would take a best of breed approach to select partners that are most appropriate to my organisation’s needs (73%), followed by looking for partners who can provide complete SASE solution (27%).
In conversation: Digital Sovereignty – the impact on your cloud strategy
The polling was followed by a conversation between Mohit Sagar, Group Managing Director & Editor-In-Chief OpenGov Asia, Kenny Seah, Head of Identity Access Management, Adnovum Singapore and Melvin Koh, Head of Sales Engineering ASEAN, Thales.
The rapid and pervasive development of digital technology has brought ‘digital sovereignty’ to the forefront of many governments’ policy agendas. Many countries have introduced digital sovereignty laws of varying scope on account of concerns about cybersecurity, data privacy and sensitivity and cyber capabilities, often imposing broad restrictions on cross-border data transfer or introducing local content requirements for digital-related services.
Melvin explains that digital sovereignty is about an organisation’s control over hardware software and data controlled by the organisation, which is related to the data privacy act. It shifts the responsibility to the organisation to protect the data. He notes that the prevailing data protection challenge lies in instances where data is shared outwards or in use and emphasises the importance of seeing where the data is shared.
Mohit was curious about Kenny’s thoughts on the impact of digital sovereignty on the deployment of cloud strategy, to which Kenny observes the trend that more organisations are embarking on a cloud strategy. However, the missing focus is on the migration process – knowing how to do it and choosing the approaches. Organisations need to be aware of the different strategies.
Mohit adds that it is not a lift-and-shift play and that organisations need to re-organise their data when they adopt cloud technology. Kenny believes that the process of determining whether data can migrate to cloud is understanding whether data is protected through encryption, generalisation, tokenisation, and anonymisation to maintain the control.
Mohit concurs that data classification is a complex question and when thinking about a successful cloud strategy, 3 major pillars support digital sovereignty objectives: data sovereignty, operational sovereignty and software sovereignty.
Besides data sovereignty, which was mentioned by Melvin, Kenny offers definitions of the other two terms: 1) Operational Sovereignty – maintaining resilience and having control over operations and managing incidence when a breach is detected and 2) Software sovereignty – propriety control over the software that organisations or their vendor have developed or co-sourced. That arrangement needs to be well-protected through legal means so that organisations will have ownership of the software
Melvin feels that when moving to cloud, it always begins as hybrid cloud. Organisations at the start of the journey will need to classify what can be moved to cloud. They will have to understand the security they have on-prem and on their cloud service provider. It would be crucial to maintain the same level of security for both systems.
For organisations already in the cloud and have multiple clouds, management becomes an issue. There needs to be a centralised component to manage both clouds and maintain the lifecycle of the key.
In conclusion, Kenny added that data classification and complexity of multi-cloud strategy are considerations for organisations planning their cloud strategy and Melvin added that it is a journey that will require time and patience.
Strengthening security through SaaS
Lim Wee Jian, Senior Solutions Engineer Public Sector, VMware talked about the SaaS approach toward security.
VMware’s goal is to run more with existing resources and make their business run faster. He notes that the cloud migration has made data more distributed and VMware’s mission is to help organisations run more apps on any of the cloud at scale.
Cloud technology has its own set of complications, Wee Jian believes. It can be an inconsistent experience for operations or development – applications are leveraging on a cloud-native architecture which makes running applications and multi-cloud complicated.
There are many compelling reasons for modernising applications. COVID-19 has brought about a radical change in how businesses operate and deliver to consumer expectations. Technologies like Grabfood, Shopping website, Netflix and most importantly, Tracetogether, are good examples of the user experience becoming a digitally driven one.
Digital transactions are the new currency for services and this requires modern applications and systems that support a digital ecosystem. The ability to deliver new features and services rapidly is essential.
For businesses to remain competitive and agile, they would require systems that are fast, automated, and repeatable capabilities. Capabilities such as automated application building and deployment within hours or minutes including all phases of code and security testing.
More importantly, a digital system drives the need for cultural and operational change, and this needs a digital ecosystem that is well integrated and automated.
While building our modern application using cloud-native approach, we will need to inject security during development or operation time.
DevSecOps is a way of approaching IT security with an “everyone is responsible for security” mindset. It involves injecting security practices into an organization’s DevOps pipeline. The goal is to incorporate security into all stages of the software development workflow. The obvious advantage of doing this is that organisations can identify potential vulnerabilities and work on resolving them sooner – the earlier you find any bugs, the cheaper it will be for you to fix them.
About the factors contributing to the SaaS trend, Wee Jian mentioned:
- Operational efficiency – Customers are looking at the time and cost benefits of using vendor-managed services.
- Security – Customer looking at a vendor to take up the responsibility to maintain and update the software to resolve security vulnerabilities
- Reliability – SLA is always sometime on top of our customer’s minds to ensure that the availability of services is guaranteed.
- Allow enterprises to focus more on business and less on maintaining operations, security, and high availability
Using the Tanzu portfolio, Wee Jian demonstrates the processes involved in the context of the day-to-day work of building, delivering, and managing modern apps – from how to support developer velocity to operating in production at scale.
Wee Jian emphasises that it is an effort that requires tight collaboration across development, security, and operational teams, ensuring each team’s needs are met, but with a clear separation of concerns so that each role can be optimised for their jobs. Developers can focus on delivering key business logic. Security teams can ensure security and compliance guardrails are inserted end-to-end (and automated), and operations teams (or platform teams) can focus on the platform —and the applications and clusters running there.
In conclusion, Wee Jian believes that great modern software is not just about the tools but about the people and culture. Tanzu Lab is a consultancy service that can help the team scale their practice.
Buttressing your cyber recovery capabilities
Marcus Loh, General Manager, South Asia Data Protection Solutions, Dell Technologies spoke next on cyber recovery.
Marcus begins by emphasising that people cannot afford to be walled off even though that is the most secure position – businesses need a productive solution that can be deployed in their environments.
Unpacking the concept of cyber resiliency, Marcus explains, “Cybersecurity describes a company’s ability to protect against and avoid the increasing threat from cybercrime. Meanwhile, cyber resilience refers to a company’s ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. In essence, cyber resilience is about reducing the impact of a cyber event.”
The explosion of data is a pressing issue that many organisations face. COVID-19 expedited the process because brick-and-mortar establishments are going online. However, most organisations do not know what info they have and why they are keeping them.
What is making data retention policy problematic is when organisations keep it forever. He shares that only 15% of all data are mission-critical. Keeping data increases the attack surface – and especially so because people are working from home.
What he also observes is the unequal attention on prevention but not on recovery. However, he highlights that ransomware has been designed to target the backup.
He believes that traditional strategies are not enough to do the following:
- Backup Server encryption
- Backup encryption
- DNS/AD down/corruption
- Recovery performance in massive change rate, full application recovery
- Full-stack recovery
- Primary data encryption
- Restore targets
It is easy to say that data recovery is about identifying the correct backup version and recovery but it is hard to tell if your backup is dirty. “How do you ensure that you have a clean backup copy?” Marcus asks.
In conclusion, he emphasises the importance of finding out the MVO (minimal viable organisation) of an organisation. He reiterates that organisations only need 15% of mission-critical applications to run their business in the event of a cyber event. “When you protect everything, you protect nothing,” Marcus claims.
Polling results in the afternoon session
Throughout the afternoon session, delegates were polled on different topics.
The first poll inquired about key business initiatives for the next 12-18 months. Most (47%) are focused on improving employee productivity through digital technology, followed by modernising and securing apps (27%) and improving agility and delivery through Cloud Migration (13%). The remainder were equally split over embedding compliance transparently in applications (7%) and enabling real-time performance visibility and analysis (7%).
Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Half (50%) indicated embracing cloud technology, be it public or private as the bulk of their budget. The remaining delegates allocated the bulk of their budget to fortifying cyber resilience (22%), digitalisation of processes to deliver better or ‘Smart’ services (17%), improving integrity and governance whilst reducing inefficiency (6%) and enhancing or adopting AI and Analytics for improving outcomes through forecasting, prediction, and optimisation (6%).
On the main motivator that is driving digital transformation, delegates were equally divided between speeding up their time-to-market to fully capitalise on business opportunities or to serve citizens better (31%) and improving their capability to manage an increasing amount of data at the edge locations while ensuring security and compliance (31%). The rest of the delegates are driven by the need to provide a consistent and seamless cloud-everywhere experience across a distributed organisation (15%).
Regarding key concerns in the consideration to move to cloud, most (47%) were focused on the need to re-skill talent (47%), followed by security and governance (40%) while the rest were looking at operational costs (13%).
About what they saw as the biggest challenge in digitalisation and cloud migration, half (50%) found people and skillset the biggest issue. The rest of the delegates found data classification/data sovereignty/data residency (21%) and security and compliance risk (21%) challenging. The remaining delegates found budget (7%) to be of concern.
Inquiring about the cyber security concerns that organisations are most worried about, most delegates (40%) were concerned about attacks on public-facing websites and infrastructure. (e.g., SQLi, XSS, DDOS). A third (33%) are concerned about phishing and spear-phishing campaigns. The remaining delegates are bothered about social engineering campaigns targeting employees/partners/users (20%) and attacks on remote access infrastructure, e.g., VPN compromise (7%).
On their plans to implement Zero Trust across their extended environment, most (67%) have already started implementing zero trust with a primary focus on identifying our critical assets and a third (33%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust.
Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, most (45%) identified Security/Data Protection/Breach Prevention as critical and was followed by internal/Industry/Regulatory compliance (18%). The rest of the delegates are evenly split between the desire to reduce endpoint, Insider and IoT security threats (9%), operational efficiency (9%), response to audit or security incidents (9%) and addressing hybrid IT security issues (9%).
Inquiring about the approach for their organisation in evolving to SASE (Secure Access Service Edge), an overwhelming majority (75%) would take a best-of-breed approach to select partners that are most appropriate to the organisation’s needs. The rest said they would be staying with existing partners, consolidating as necessary (17%) or are looking for partners who can provide a complete SASE solution (8%).
To conclude the day, Mohit stresses the importance of getting started on the journey of securing data and information. It is the only way to stay relevant in face of changing realities. For Mohit, there is a need to take a serious look at security and data recovery – attacks are inevitable. It is crucial because organisations are focusing on technologies to keep their most vulnerable populations safe and secure – kids, seniors, families and communities.