2017 INTERNATIONALCLOUD FORUM

Hosted by Organized by

Post Event Report

POSTEVENTREPORT

CloudAsia, the premier Cloud Computing event for Asia, successfully concluded its 14th edition in Singapore with the theme “Precipitating Borderless Intelligence for Applications: A Smart Nation Powered by Cloud".

The event drew an impressive line-up of speakers from government agencies, leading trade associations and industries, and academia, across six countries – Singapore, South Korea, India, Japan, Malaysia, and Thailand.

Representatives from these countries exchanged best practices and know-hows relating to cloud computing policies, cloud professionalism, and cloud security standards.

Among the list of co-located events included:• International Cloud Forum – Held for the first time outside South Korea, and co-organised by the Info-communications Media Development Authority of Singapore (IMDA), and the National IT Industry Promotion Agency (NIPA), South Korea.• Promoting cloud professionalism in APAC.• Harmonising cloud security standards in APAC.

Dr Jeong Hyop Lee, Ph.D. Senior Advisor Science Technology and Innovation Policy Institute (STIPI), and moderator of the International Cloud Forum session, highlighted that the Asian Cloud market is dramatically expanding in terms of market size and maturity of ecosystem players. This comes amid the backdrop of the growth of technology cloud giants such as Amazon Web Services, Google, and Microsoft.

Dr Lee added that “… against the growth of this (Asia Cloud) landscape, we will need to check the relevance of each country’s response to this situation.” He also highlighted that the various government bodies will need to explore “… if there are suitable conditions for partnerships among Asia countries.”

As government officials across the six countries presented on the cloud policies adopted by their respective countries, Dr Lee shared that while many of the strategies adopted by the various countries are very relevant today, there is room of improvement to advance their cloud strategies.

2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT03

ASIAN CLOUD MARKET DRAMATICALLYEXPANDING IN TERMS OF MARKET SIZE ANDMATURITY OF ECOSYSTEM PLAYERS

Many public institutions in South Korea (e.g. education sector) have also been highly encouraged by the government to adopt cloud computing. Further, the South Korea government is looking to increase its partnerships with other ASEAN countries, in order to enhance the cloud capabilities in the country.

Nevertheless Dr Lee highlighted that despite the government’s proactive efforts in supporting the cloud industry, it will also need to address challenges it faces such as a limited domestic market and global marketing capacity.

India – Government Cloud as a strategic driverIndia’s Government’s Government Cloud initiative (MeghRaj) has been instrumental in supporting the cloud computing industry in the country. The initiative empanels 11 CSPs, which includes both global and local private cloud vendors. MeghRaj also sets in place centralised cloud procurement and pricing mechanisms frameworks for successful cloud adoption in the country.

“The use of Government cloud to cultivate private cloud companies is an interesting strategy,” highlighted Dr Lee. He added that this approach will work well to promote the cloud computing industry in the country, especially given the large domestic market present.

Singapore – Strategic inducement of global cloud providersSingapore’s approach to grow the cloud ecosystem involves the strategic inducement of global cloud providers. Dr Lee added, “Singapore has the architecture to accommodate various stakeholders, to ensure the secure and sustainable development of the cloud computing landscape.”

The country aims to increase transparency of the security provisions offered by multiple global companies, by introducing the Multi-Tiered Cloud Security (MTCS) certification. The MTCS certification is a set of cloud security certification standards for cloud service providers (CSP) with three levels of certifications, namely levels 1, 2, and 3. A business with more sensitive regulatory requirements might require a CSP with a higher level of MTCS certification.

“The priority is to find the best global players, in order for Singapore to utilise its infrastructure and procurement market to grow its cloud business,” stressed Dr Lee.

South Korea – Specialised niche industrializationThe South Korean government has been strategically promoting its local cloud computing vendors, particularly those with a niche in software application services.

However he mentioned that India continues to face challenges in areas ranging from infrastructure to technology, which poses a roadblock to cloud adoption.

Japan – Continuous expansion of cloud adoption in private sector and in rural areas; IoT to drive the next frontier of cloud computingThe Japan government continues its focus on the adoption of cloud adoption in the private sector, as well as promoting cloud usage in rural areas of the country. Increasingly, the Internet of Things (IoT) is gaining in importance in the push towards edge computing in Japan.

However IoT devices are particularly vulnerable to cybersecurity attacks, since these devices are constantly online. This is compounded by the fact that the devices often enjoy extended product lifecycles, where they are replaced only every 3 – 5 years.

04 2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

Thailand – Localising industry’s capabilitiesThailand largely relies on foreign vendors to supply cloud computing services. However it aims to work towards localising the country’s domestic capabilities, by buying advanced technological products at competitive prices, as well as by inviting global cloud vendors to work with local companies.The Electronic Government Agency (EGA) of Thailand is also looking to adopt more open source technologies for its Government cloud services (e.g. by adopting OpenStack for Infrastructure as a Service). This is done in order to avoid vendor lock-in and to promote cloud adoption by government agencies.

A key challenge that Thailand faces is the lack of skilled cloud professionals, which is critical in order to continue growing its cloud landscape.

Malaysia – Promoting Data HubMalaysia’s strategy is to promote a data-driven economy via data hubs. A key cornerstone of this involves the establishment of the Sedenak Iskandar Data Hub, which is a data park located in Iskandar, Johor, targeted at global cloud content and service providers.

Dr Lee mentioned that “Malaysia should have enough demand in order to scale”. He added that it is necessary to involve the public as well as private sector, to create new industries that in turn generate more demand for cloud computing services in the country.

05 2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

Government bodies such as the National IT Industry Promotion Agency (NIPA), South Korea, also shared best practices in their efforts to cultivate professionalism and enable the country’s domestic cloud vendors to expand regionally and globally.

Alongside the International Cloud Forum, the track ‘Promoting cloud professionalism in APAC’ offered a collaborative platform for representatives from leading trade associations and industries, government agencies, and academia, to participate in.

Distinguished speakers exchanged their perspectives on the rising importance of cloud professionalism, as well as the need for cloud professionals to embark on the path of lifelong learning.

06

PROMOTING CLOUD PROFESSIONALISM IN APAC

2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

INCUBATION PROJECTTO DEVELOP LOCAL SAAS VENDORS

Through this, large enterprises can provide know-how in terms of education, mentoring, development and global marketing support, to help the SMEs as well.

To date, NIPA has partnered with leading cloud companies to develop 33 domestic SaaS companies and enabling them to go global.

Dr. Jeon Junsoo, Vice President of the National IT Industry Promotion Agency (NIPA), highlighted the South Korea government agency’s ‘Global SaaS (Software as a Service) Incubating Project (GSIP)’. Inaugurating in 2016, the GSIP is designed to strengthen Korea’s SaaS global capabilities, by connecting local and global cloud users. Also, it aims to foster partnerships in cloud computing between small and medium enterprises (SMEs) and large enterprises.

08 2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

DEMAND FOR CLOUD PROFESSIONALS WILL CONTINUE TO INCREASE

The increasing pervasiveness of cloud computing necessitates cloud security professionals, as many public cloud applications can be exploited by cyber criminals.

With regard to enterprise cloud migration, many companies still face roadblocks in their migration process. “While cloud offers automated features, migration is not one of them,” said Dr Ravindran. This means that enterprises will rely a lot on professionals in the field of cloud migration.

“Cloud will be the destination of all data,” remarked Dr Anton Ravindran, President of the Cloud Chapter, Singapore Computer Society Singapore. However there exists a skills gap in terms of cloud professionals. Dr Ravindran added that globally, more than 50% of organisations will spend more on IT in the coming years. These firms will also invest heavily in virtualization and cloud infrastructure. However more than half of these companies lack the skills to implement cloud technologies.

Security concerns and challenges in enterprise cloud migration will also drive demand for cloud professionals.

09 2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

Riding on the theme of the importance of cloud professionalism, Mr Pervez Kazmi, Chief of Software Engineering & Design, Institute of Systems Science of the National University of Singapore further stressed the importance of lifelong learning. This arises because cloud deployments will continue to evolve, which include new cloud design patterns such as data center as-a-service.

Mr Kazmi added there are many avenues for cloud professionals to keep up to date in the industry (e.g. professional bodies, certifications from IT trade associations, certifications from IT vendors), and that it is essential for them to do so.

10

IMPORTANCE OFLIFELONG LEARNING

2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

Dr. Sudsanguan Ngamsuriyaroj, Professor of the Computer Science faculty, Mahidol University of Thailand, remarked however that many universities lack real-world applications in their computer science curriculum. It is thus essential that there is a tripartite exchange of best practices and experiences in the field of cloud computing, among IT industry leaders, universities and students.

The cloud computing landscape today is rising with complexities. Workloads relating to Big Data and Artificial Intelligence are increasingly being migrated onto the cloud. In turn, many Computer Science courses in universities are having cloud computing as a major focus, with topics such as Big Data, SQL and Hadoop being weaved into their curriculums.

12

ESSENTIAL TO SHARE REAL-WORLD EXPERIENCESAMONG IT INDUSTRY LEADERS,UNIVERSITIES, AND STUDENTS

2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT14

With cloud security being a recurring theme throughout the event, the track ‘Harmonising cloud security standards in APAC’ brought together key policy decision makers across Singapore, South Korea, India, and Japan, where speakers shared their views on the importance and challenges faced in the harmonisation of cloud security standards in the APAC region. The panel discussion was moderated by Dr. Lee Hing Yan, Director, STAR Program, Cloud Security Alliance of Singapore.

HARMONISING CLOUD SECURITYSTANDARDS IN APAC

According to Mr Madhav Chablani, Executive Council Member, Cloud Computing Innovation Council of India, around 70% of cloud security standards across countries are similar. In the process of examining standards that are different, he said that policy makers should strive to understand the strategic intents behind a particular standard.

Dr Lee captured this sentiment by adding that mapping of cloud security standards “… is not about finding the lowest common denominator, but rather, finding how best standards can be mapped to others.”

However different approaches to standards adoption create challenges in harmonisationVarious countries adopt different approaches to the adoption of cloud security standards. For instance, India adopts ISO standards as a yardstick. Meanwhile in China, the country adopts a multitude of standards that are available, and embellish their standards with whatever else they deem relevant and important.

Therein lies challenges in the mapping of standards. Mr Wong added that “it is not realistic for every country to align (their) standards fully (with other countries).”

Important to align definitions of cloud securityDr Lee stressed that first and foremost, it is important for countries to align their definitions of cloud security. These generally cover security controls on cloud security providers, and information security on cloud computing deployments, among others.

It is imperative to note that data residency is not the same as cloud security controls. Dr Lee added that data residency is a requirement for certain sectors with higher regulatory compliance needs, and that this falls outside the scope of cloud security standards.

Tremendous value in harmonising cloud security standardsWith this in mind, participants spoke on the importance of harmonising cloud security standards across various countries. There is a unanimous consensus that there is tremendous value in doing so. Mr Wong Onn Chee, Member of the MTCS Working Group, Singapore, pointed out that this is essential to drive inter-regional trade. “The APAC region needs to come together to provide some sort of gap analysis in terms of standards. Otherwise, there will be a lot of silos among Asian-based cloud service providers,” Mr Wong remarked.

He proposed that it is instead more feasible for countries to have a mutual recognition of one another’s standards, in order for end-users to form a quick and accurate assessment of a foreign cloud service provider against one that they are more familiar with.

Dr Lee further highlighted that many countries also lack fundamental data protection and IT security standards to begin with, let alone cloud security standards. These must be addressed alongside the harmonisation of cloud security standards.

In addition, policy makers also need to consider the mapping of standards with verticals with higher regulatory compliance needs.

15 2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT

Prof. Kim Jungduk, Chair of the Research Institute of Security Policies, Chun-Ang University, Korea, said that while the mutual recognition of standards is a challenging task, it is a good start to pave the way for more active collaboration among countries. Also as pointed out by Mr Chablani, mapping of standards has to be dynamic and must constantly evolve in order for them to stay relevant.

Dr Lee rounded up the panel discussion by emphasizing that APAC countries should continue to collaborate more closely going forward, and use cloud forums like these to exchange best practices in the field of cloud security policies and standards.

16

CONCLUSION - MORE COLLABORATION IS REQUIRED FOR HARMONISATION OF STANDARDS TO CONSTANTLY EVOLVE

2017 INTERNATIONAL CLOUD FORUMPOST EVENT REPORT