As businesses increasingly adopt cloud and hybrid infrastructures, the scope and complexity of cybersecurity threats continue to grow. Traditional security models are no longer sufficient to address the evolving nature of modern attacks and multi-faceted environments. This session will explore how next-generation Managed Security Service Providers (MSSPs) integrate Security Operations Center (SOC), Managed Detection and Response (MDR), and Cloud Native Application Protection Platform (CNAPP) services to provide comprehensive, intelligent security protection in hybrid cloud architectures.

We will discuss how MSSPs assist organizations in overcoming the security challenges that arise in cloud and on-premises environments by enabling seamless monitoring, rapid detection and response, and ensuring application and data compliance through cloud-native security solutions. Attendees will gain insights into the collaborative defense mechanisms that MSSPs leverage to help enterprises manage new and emerging cybersecurity risks while relieving the burden of security management and enhancing overall security effectiveness.

隨著醫療資訊數位化的快速發展，大型醫院正面臨前所未有的網路安全威脅與複雜的資料管理挑戰。本場次將深入探討大型醫院如何善用雲端技術，打造更靈活、高效且全方位安全的防護架構，確保病患隱私、系統穩定性及法規合規性，並透過實際案例分享最佳實踐策略。

Current corporate security measures or organizational structures are often planned from the perspective of products, information security governance frameworks, security policies, certifications, monitoring, or threat intelligence. This can lead to a focus on individual components without seeing the big picture, or vice versa. However, it overlooks the fact that the security planning of information systems or network designs is the key to strengthening the foundation and ensuring long-term security. This presentation will draw on 18 years of experience as a Security Architect in the InfoSec departments at Trend Micro and ASUS, to design a 'Secure by Design' and 'Security by Default' cloud security management framework.

As hybrid cloud environments become increasingly prevalent, effectively managing and securing these diverse platforms has become a significant challenge. This session will focus on leveraging cloud governance solutions to enhance hybrid cloud security and help participants address current risks. Attendees will learn how to design and implement robust security policies and controls in hybrid cloud environments and explore practical approaches to integrating cloud security management solutions to improve security and visibility.

1.Experience Sharing on Cloud-Native System Sharded Encryption Backup Implementation:

In line with the cloud backup and recovery enhancement plan for critical administrative systems, a comprehensive cross-cloud sharded encryption backup architecture was constructed and exercised in 2024.

2.Future Outlook on Cloud-Native Application Protection Platform (CNAPP) and Cloud Governance Framework:

During the implementation of the above project, the cloud-native system adopted CNAPP for configuration compliance, security posture management, and vulnerability threat protection. Additionally, the plan aims to extend related results to other units utilizing public cloud services, ensuring effective implementation of cloud governance policies. The framework for two major Landing Zones within the department's cloud environment is also under development.

This session will take a neutral stance, exploring the management and technical risks associated with using cloud services from both the client's and provider's perspectives. Aimed at cybersecurity professionals looking to get started with cloud security, the discussion will consider the challenges and experiences faced in practical operations, given the finite resources available to enterprises.

We will delve into common cloud technology issues and their solutions, analyzing real-world scenarios to highlight various usage risks. Topics will include experiences with distributed and centralized cloud management, identity and access management security, virtual network architecture, workload security, relevant cybersecurity frameworks, cloud storage service misconfigurations, resource status considerations, and practical experiences. Our goal is to provide insights into architectural design, compliance, and technical solutions.

As businesses transition to cloud environments, Kubernetes (K8s) has become an essential tool, offering scalable flexibility for container services, and forming the backbone of modern cloud infrastructure. However, its complexity introduces significant security challenges. Misconfigurations are a primary risk, potentially leading to unauthorized access, data breaches, and service disruptions. With stricter global regulations on data privacy and cybersecurity, organizations must ensure K8s deployments comply with legal requirements. This agenda examines compliance needs, common attack methods targeting K8s and container services, and provides actionable recommendations to help businesses build secure, reliable K8s environments, reducing risks and enhancing operational resilience.

1. Traditional on-premises security protection strategies are no longer sufficient to handle the complexities of the cloud. Cloud environments are characterized by dynamic scaling, multi-tenancy, and other features that make security threats more difficult to predict and prevent. 

2. The security responsibility model in the cloud environment is vastly different from that of on-premises. You need to understand the scope of the cloud provider's security responsibilities and deploy additional monitoring measures tailored to your own business needs. This presentation will analyze the key differences between the two to help you develop a more comprehensive security strategy.

3. The MITRE ATT&CK framework is an effective tool for understanding and classifying attacker behavior. We will introduce how to use the MITRE ATT&CK cloud matrix to identify potential threats in the cloud environment and strengthen defense measures.

4. Effective cloud security monitoring relies on comprehensive log data. The presentation will explore the major log types that need to be collected in the cloud environment, such as cloud service activity logs, virtual machine system logs, network traffic logs, etc., and explain how to analyze these logs to identify abnormal activities.

5. Establishing effective monitoring rules is the key to timely threat detection. We will share practical experience, explaining how to set monitoring rules and alert thresholds, and how to combine automated tools to improve the response speed of security incidents.

Cloud platforms and SaaS applications have become the trend for enterprise deployments. Organizations typically adopt SSO solutions for centralized identity management and simplified user login processes. For enterprises with an Active Directory (AD) domain, a common approach is to synchronize or delegate authentication, passing on-premises identity to an Identity Provider (IdP) such as Entra ID or Okta, which then integrates with other cloud services (e.g., AWS, GCP) or SaaS applications.

The underlying protocols such as SAML and OIDC are also used for Workload Identity cross-platform resource access. However, the security of these protocols relies on the trust relationship between the IdP (including AD) and cloud service providers (CSPs). Once an IdP component is compromised, services would be exploited, posing an overall threat to the entire organization.

This talk provides an in-depth analysis of threats targeting on-premises IdP components, including Golden SAML and Agent Spoofing attacks, as well as potential weaknesses in Workload Identity within multi-cloud and hybrid environments. It also examines the impact of IdP misconfigurations (e.g., Silver SAML) and proposes Best Practices to strengthen security boundaries and mitigate cross-platform identity threats. 

In this deep dive session, we'll explore fundamental yet often overlooked aspects of cloud security that every organization should address. Drawing from real-world consulting experiences, we'll discuss why many organizations struggle with cloud security, particularly in shared responsibility, security governance, and incident response readiness.

Through practical examples and lessons learned, attendees will learn how to move beyond compliance tick-box exercises to establish adequate cloud security controls. We'll examine the actual cost of security operations and demonstrate how proper preparation and automation can enhance security posture and operational efficiency. This session will provide actionable insights for organizations at any stage of their cloud journey, helping them build a robust security foundation aligned with industry best practices.