Information security as a business enabler

Information security technology is no longer a tool to protect business, but it has become part of the business strategy. Customer data privacy policy and two-factor authentication online banking services are just some of the security strategies to protect customers and enable businesses of today.

At a recent panel discussion during the 3rd Symposium on Risk Management organized by Kornerstone, Hong Kong IT leaders shared their business strategies that are enabled by information security technologies and policies.

Gaging public sentiment for physical security

For the politically sensitive organizations like the Legislative Council (LegCo), the use of technology is significant to ensure a smooth operation, particularly during the discussion of controversial topics, according to legislator Charles Mok.

In addition to the LegCo mobile app that provides transparency and enhances public access to the council meetings, Mok said the LegCo also integrates cyber security technologies with its physical security strategy.

To enable adequate physical security resources and ensure a smooth operation at the LegCo meetings, particularly during the discussion of controversial topics, the LegCo board monitors the social media and online discussion forum to gage the aggressiveness of demonstrators.

"Physical security and cyber security are very much related and integrated," he said. "The online and social media network discussion brings a very accurate indication on the reactions [of the demonstrators]."

Regulations driving opportunities

Although regulators or compliance requirements are often regarded as challenge for business development, it also offer opportunities for the banking and finance sector.

"I must command the regulator like Hong Kong Monetary Authority (HKMA) as they are very heavy handed in terms of security," said Michael Leung, COO & CIO of China CITIC Bank. "If I need any resources [for security investment], I simply need to call up our auditor or compliance officer and things get done."

Leung said the heavily regulated market enables IT to easily gain management endorsement and capital for cybersecurity investment.

In addition, he said HKMA is also working closely with the banking industry to endorse and foster the development of mobile payment and virtual checks. Through developing policies and guidelines in these areas, HKMA is creating opportunities for banks and financial institutions.

"HKMA is beginning to understand the need to catch up in areas like mobile payment with the recent endorsement of the JETCO mobile payment initiative," said Leung. "If e-checks get launched next year, we will be one of the earlier markets, if not the first, in the world to launch the virtual checks."

"I'm very enthusiastic about these technologies from a user perspective" added Henk ten Bos, CIO of Ageas Hong Kong. He said particularly on the potential of these technologies to bring operational efficiencies for the company.

Ten Bos said paper-checks were abandoned in the Netherlands 15 years ago with the introduction of the Euros. He was "shocked" to find out paper-checks were widely used in the region when he first moved to Asia eight years ago.

"I'm really looking forward to the day that we can get rid of the paper checks," he said. "All these technologies present good opportunities if you manage the change well."

Cloud and un-cloud

Leung added HKMA has also recently released new guidelines towards the use of public cloud computing service, which was previously straightly banned. These clear guidelines provide directions and flexibility for banks and financial institutions to operate more effectively.

According to Leung, the guidelines provide a clear definition on the type of data that is straightly banned for public cloud services, instead of applying a blanket policy that prohibits all banking-related information in the cloud.

The guideline defines that mission critical systems and sensitive data, particularly personal data, should not be resided in the cloud in a clear form. The banks that adopted public cloud services are also required to identify the location of the data and servers.

"I'm very pleased with it, I've been waiting for such guidelines for years," he said.

But the concerns over cloud computing among the Hong Kong IT leaders extends beyond the security level offered by their providers.

"I don't think the security measures from any of the cloud providers will be worse than your shop, because it is their bread and butter," added Ted Suen, head of IT at MTRC. "But if I put something on the cloud and I want to come back to the ground, can I do that?"

Suen said his major concern was the exit strategy when engaging with cloud computing. China CITIC Bank Leung, who is also president of the Hong Kong Computer Society (HKCS), agreed. He said that experience at HKCS with the cloud has raised his concern with "un-clouding" the data.

"We 'clouded' our membership system to the US and that company disappeared," he said. "It became a sunny sky there, what do we do with the data?"

Although the data was later recovered, Leung added it is important to understand the issue of recovering and owning the data.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityAccess control and authenticationprivacy

More about MTRC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sheila Lam

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts