InfoSecBulletin Cybersecurity for mankind
Anagha Mujumdar, skilled with 15 years of sales experience in enterprise IT software, infrastructure, services and solutions, is now working with Trend Micro as the head-BFSI (India & SARRC). She liked to talk about cloud adoption specially in Southeast Asia. She faced an interview with InfoSecBulletin on the emerging technology, solutions, cloud adoption and challenges facing the industry adopting cloud in Southeast Asia.
InfoSecBulletin: Firstly, I want to know the overall scenario of cloud adoption especially in Southeast Asia?
FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing
Ransomware Activities this week: Threatmon report
ALERT
CISA Releases Four Industrial Control Systems Advisories
Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days
Newly circulated reserve theft is false: Bangladesh Bank
Bangladesh bank published CBS guideline Version 2.0
Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days
TechCrunch report
Indian gov.t sites compromised to plant online betting ads
Damage Costs Predicted To Exceed $265 Billion By 2031
Ransomware expected to attack every 2 seconds by 2031
ALERT CISA WARNS
Black Basta ransomware breached over 500 orgs worldwide
Anagha Mujumdar, Trend Micro:
Cloud adoption is currently gaining significant momentum and appears to be inevitable. For enterprises seeking to expand or innovate and be at the forefront of their markets, embracing the cloud is the logical step forward. The cloud has firmly established itself and will continue to shape the future. The industry will predominantly adopt delivery models such as Software as a Service (SaaS). Thus, this shift is bound to occur.
In Southeast Asia, adoption tends to be somewhat slower than desired, but progress is evident in all sectors, including BSFI, manufacturing, and retail. However, there are two primary obstacles impeding cloud adoption. First, there is a lack of expertise in understanding how to effectively utilize and configure the cloud, as well as develop applications that align with its requirements. This necessitates acquiring the necessary skill set and expertise.
Secondly, regulatory considerations pose a significant challenge, particularly for highly regulated industries. Within this context, concerns arise regarding data residency, privacy, and sovereignty. Organizations worry about maintaining complete visibility and control over their data when it is stored in the cloud. Questions of whether the data can be completely deleted and not stored elsewhere with the cloud service provider, access to encryption keys, auditing capabilities, and transparency in the event of a breach all weigh on the minds of enterprises.
As a result, regulatory authorities worldwide, including those in Southeast Asia, are actively engaging with organizations to address these concerns. The goal is to enable organizations to leverage the potential of the cloud while mitigating any associated risks. This phase represents an intriguing intersection where we strive to adopt new, cloud-based technologies while ensuring data control and access within the region.
InfoSecBulletin: Comparing to other parts of the world, Cloud adoption in South Asia bit slow, Why?
Anagha Mujumdar, Trend Micro:
The concerns mainly revolve around data residency and regulations, as countries are establishing their own data privacy bills and laws. Once these regulations are defined, it will be easier for organizations to navigate compliance requirements imposed by regulators. For example, Bangladesh’s central bank recently published cloud security guidelines to protect the interests of customers, the nation, and regulated entities. This approach aims to mitigate risks and enhance security practices in the fintech and startup sectors that heavily rely on the cloud.
In the BFSI sector, trust is paramount since compromising customer data can severely damage an organization’s reputation and credibility. Therefore, the adoption of cloud technologies in BFSI will take time, as it requires standardization, transparency, and comprehensive understanding of the associated risks and infrastructure needs. Even in the West, cautious approaches are observed, with some banks initially embracing the cloud but later realizing the need to reassess the risks involved.
It’s crucial to comprehend the technological and regulatory aspects of cloud adoption, as well as the shortage of skilled expertise. Cloud implementation goes beyond the cloud itself and involves areas like analytics, AI, and ML. Thus, organizations require skilled resources who can adapt and learn continuously to keep up with the evolving cloud landscape. Security analysts, for instance, will need to broaden their knowledge and skills to encompass new platforms and technologies associated with cloud computing.
InfoSecBulletin: How can developing countries like Bangladesh can adopt cloud?
Anagha Mujumdar, Trend Micro:
Organizations and governments need to invest in people, infrastructure, and technology to utilize cloud as a platform. This includes providing accessible technical education and training. Alternatively, adopting automation solutions can reduce reliance on skilled resources by eliminating manual tasks. Cloud offers automation tools and processes that minimize risks associated with manual intervention.
Establishing local data centers and data lakes from cloud service providers creates employment opportunities and benefits the industry and community. For countries like Bangladesh, a hybrid deployment approach can be considered. While many BFSI organizations still use on-premise applications, collaborating with fintech requires a structured and secure approach.
To succeed, a combination of technology adoption, skill development, and automation is necessary. By investing in infrastructure and technology while building skill sets, organizations can simplify operations. Implementing chatbots with generative capabilities can streamline tasks like basic security analysis. These strategies enable organizations to reduce complexity, save resources, and improve efficiency in cloud adoption.
InfoSecBulletin: How do trend micro work with the Government in policy level?
Anagha Mujumdar, Trend Micro:
As countries focus on regulations and formulating guidelines for data residency, investments are becoming more localized to the regions where OEMs and CSPs operate. However, companies like ours offer hybrid solutions, providing a gradual transition from physical to virtual to cloud services. We emphasize a platform-based security approach that enables modular scalability based on specific requirements and investment levels.
The key concern is how companies handle their data. In our case, we publicly declare the type of data we access, focusing primarily on metadata. Any captured data, such as telemetry from technologies like XDR (Extended Detection Response), undergoes encryption and is stored in isolated silos within our data lake. When considering investments and partnerships with companies without a local presence, it becomes crucial to evaluate their data protection measures.
Another important aspect is supporting multi-cloud environments, allowing flexibility in choosing different cloud service providers based on convenience. Evaluating the technologies that facilitate such flexibility is essential when selecting an OEM or vendor.
InfoSecBulletin: What new solutions are coming?
Anagha Mujumdar, Trend Micro:
Trend Micro has been in the cybersecurity business for 33 years. In that time, the company has innovated and brought a lot of new technologies to market. In recent years, Trend Micro has seen that organizations are looking to do more with less. This means that they may have a clutter of siloed products and technologies, and they want to consolidate them into a single platform.
Trend Micro’s Vision One platform is designed to help organizations do just that. Vision One is a cloud-native platform that provides a single pane of glass for managing security across an organization’s entire IT environment. The platform includes a variety of capabilities, including: Endpoint security, Cloud security, XDR (extended detection and response), Attack surface, risk management, Cloud operations.
Vision One also integrates with third-party solutions, so organizations can have a single view of their security posture even if they use a variety of different products. In addition, Trend Micro offers managed services for Vision One, so organizations can outsource the management of their security to Trend Micro experts.
According to Gartner, organizations that consolidate their security solutions are not doing so to cut costs. Instead, they are doing it to reduce the complexity of management, improve visibility, and focus on the most critical security threats. Trend Micro’s Vision One platform is designed to help organizations achieve these goals.
InfoSecBulletin: In that case, what is the uses of security operation center (SOC) ?
Anagha Mujumdar, Trend Micro:
Having a Security Operations Center (SOC) is essential, especially for large enterprises like banks and insurers in the BFSI sector. These organizations typically have their own SOC, which includes security information and event management (SIEM) systems and security orchestration, automation, and response (SOAR) solutions. Our solution or platform does not aim to replace these existing setups. Instead, it integrates and complements them, enhancing the overall security posture.
For organizations with an existing SIEM, our platform provides additional benefits such as improved visibility and risk insights. It enhances security intelligence and threat analysis, adding value to the existing infrastructure. Alternatively, for those seeking a complete security stack, we offer a comprehensive solution.
Moreover, our platform allows for integration with other OEMs, enabling seamless collaboration. So whether organizations want to build SOC capabilities with Trend Micro or leverage our platform alongside their existing SOC, both options are available. The goal is to provide a flexible and complementary approach to meet diverse requirements.
InfoSecBulletin: How many cloud customers are there in Bangladesh?
Anagha Mujumdar, Trend Micro:
From what we know, there is negligible small cloud adoption in Bangladesh as it stands today. We have a substantial number of customers worldwide who have embraced our solutions, available both on-premise and as SaaS (Software-as-a-Service). The demand for cloud security solutions is also high, as organizations are gradually transitioning towards cloud-based infrastructure. Even those primarily using on-premise solutions often incorporate some level of cloud technology. This indicates a significant global installed base for our offerings.
InfoSecBulletin: So, is there any special message?
Anagha Mujumdar, Trend Micro:
Bangladesh is poised to experience tremendous growth and progress in the coming years. The country is buzzing with activity in the fintech and startup sectors, and banks are also looking to adopt cloud computing. This is all good news, but it also means that Bangladesh needs to be vigilant about cybersecurity.
With the increasing use of technology, there is a growing risk of data breaches. This is a concern for all countries, but it is especially important for developing countries like Bangladesh. This is because developing countries often have fewer resources to invest in cybersecurity, and they may also have less experience in dealing with cyber threats.
Bangladesh needs to be smart about the security solutions that it invests in. The country needs to make sure that it has the right tools and expertise to protect its data. It also needs to build up its human resources and continue to learn and evolve in the field of cybersecurity.
By taking these steps, Bangladesh can position itself as a leader in the global digital economy. The country can also ensure that its citizens and businesses are safe from cyber threats.
InfoSecBulletin: Thank you for the time having with us.
Anagha Mujumdar: You are most welcome.
ALSO READ:
Trend Micro give special focus on South East Asia, Specially Bangladesh: Kanchan Mallick
