News

Advanced cloud security solution developed in ASEAN for cloud misconfigurations and cloud breaches

Singapore InsiderSecurity is excited to showcase its latest product, CSX, which won an award from the Cyber Security Agency of Singapore. CSX simplifies cloud security by discovering the inventory of your IaaS, PaaS, and SaaS environments and monitoring their security. CSX empowers businesses to detect misconfigurations and accidental cloud data exposure, providing a comprehensive security overview of your cloud assets.

Cloud computing has revolutionized the way businesses operate. However, managing cloud assets and data across multiple service providers can be a daunting challenge, especially when it comes to visibility and security. A 2022 survey by the Cloud Security Alliance (CSA) found that up to 81% of organizations have increased their investment in business-critical cloud services but do not invest equally in security tools and staff, leading to reduced visibility and increased security incidents.

This raises important questions: How do I know all the assets and data that I own? Are any of my cloud assets misconfigured or compromised?

CSX enables you to discover all your cloud resources in one place. Whether you use AWS, Azure, Dropbox, Google Workspace, Microsoft 365, or any other cloud service, this solution provides a comprehensive and up-to-date topology of your cloud assets and data. By detecting misconfigurations and accidental data exposure, CSX helps you improve security visibility, reduce costs, and mitigate risks.

“We are very excited to release our newest cybersecurity solution for the cloud—CSX,” said Jonathan Phua, InsiderSecurity CEO. “With CSX, we aim to help businesses from Singapore and abroad improve visibility of the assets in their cloud products and services, and proactively detect misconfigurations and accidental data exposures that could lead to security breaches.”

Seamlessly onboard your IaaS, PaaS, and SaaS through the onboarding steps in the dashboard. Enabling another one of your cloud services to be monitored is as simple as clicking on “Add” and following the automated steps.

Real-world experiences highlight the urgent need for such a solution:

“Recently, one of our employees lost a mobile device that had access to our company’s cloud services,” shared one SME. “The potential for accidental data exposure was alarming. With CSX, we could have automatically detected any unauthorized access or misconfigurations immediately, saving us from significant worry and potential loss.”

Similarly, an IT manager at SME noted:

“We noticed unexpected spikes in our cloud spending due to misconfigured and unused virtual machines across different providers. Identifying and rectifying these issues manually was labor-intensive and costly. CSX would have automatically flagged these misconfigurations, allowing us to address them promptly and reduce our expenses by over 40%.”

Don’t worry about the security of your cloud services anymore—onboard with CSX today at sales.insidersecurity.co!

About InsiderSecurity

InsiderSecurity, established in 2015 and headquartered in Singapore, develops advanced cybersecurity solutions that are used by the Singapore government and large enterprises today. Notably, InsiderSecurity is the first cybersecurity software company from Southeast Asia to achieve the CSA STAR Level 2 certification, the global standard in cloud security.

For more information, please contact:
Email: sales@insidersecurity.co
Phone: +65 6270 4029
Website: www.insidersecurity.co

InsiderSecurity is now CSA STAR Level 2 certified

In the rapidly evolving landscape of digital operations, security is crucial. With so much sensitive information now being stored in the cloud, protecting it is a priority for both cloud providers and customers. We are pleased to announce that we are the FIRST cybersecurity software company from Singapore and likely Southeast Asia to achieve CSA (Cloud Security Alliance) STAR Level 2 certification. This certification demonstrates our commitment to cloud security, privacy controls, data protection, and quality. It also shows our dedication to fortifying our overall security measures through maintaining robust security systems and reliable processes.

What is CSA STAR?

The Cloud Security Alliance (CSA) is a nonprofit organization dedicated to establishing best practices for secure cloud computing. CSA Security Trust, Assurance, and Risk (STAR) program is a robust security assurance initiative for the cloud. STAR represents transparency, rigorous auditing standardisation of guidelines in the Cloud Controls Matrix (CCM).

CCM comprises 197 control objectives spread across 17 domains, forming a detailed control framework. It helps cloud customers in evaluating the overall security risk of a cloud service solution provider (CSP), ensuring a thorough assessment of fundamental security principles.

By being CSA STAR level 2 certified, organizations demonstrate their commitment to best practices and validate the security of their cloud services. This not only benefits customers seeking secure cloud solutions but also assures solution providers to prove robust controls to both current and future clients.

CSA STAR Level 1

The entry-level certification validates a CSP’s commitment to foundational security requirements and aligns with the CSA’s Cloud Controls Matrix (CCM). It is a starting point, indicating the provider’s acknowledgment of essential security protocols. Level 1 is a free self-assessment conducted internally and does not require third-party approval.

To attain CSA STAR level 1, the cloud service provider only needs to complete and submit the CAIQ (Consensus Assessments Initiative Questionnaire).

CSA STAR Level 2

CSA STAR Level 2 certification indicates a high level of maturity in the implementation of strict security protocols and practices within an organization’s cloud infrastructure. It involves a complete assessment of security controls, processes, and compliance with industry standards, performed by independent auditors. This level emphasizes not only the presence of security measures but also their effectiveness and alignment with industry best practices.

For more information into InsiderSecurity’s CAIQ and Level 2 certification, please visit the official registry at Insider Security Pte Ltd on CSA STAR.

CSA STAR and ISO 27001: What’s the connection? 

CSA STAR and ISO 27001 aims to ensure that companies protect their information. Certifications from CSA STAR can be used to enhance existing information security certification and audit programs. This simplifies the assessment process and allows companies to assess their compliance with information security standards and cloud security standards simultaneously. Now, let’s explore how STAR differs from ISO/IEC 27001.

CSA STAR Certification incorporates the fundamental requirements of the ISO/IEC 27001:2013 management system standard, integrating them with cloud-specific criteria from the CSA Cloud Controls Matrix (CCM). Moreover, the STAR Certification path involves a comprehensive maturity model assessment, evaluating the organization’s maturity against CSA’s proprietary criteria. This evaluation highlights the strengths and weaknesses of processes by utilizing CCM domains as measurable indicators. Crucially, this assessment serves as an internal report for the client, fostering a culture of continual improvement within the organization.

The significant distinction between CSA STAR and ISO 27001 lies in the concept of the Shared Security Responsibility Model (SSRM). The 197 controls necessitate a clear delineation of specific responsibilities for each control, clarifying InsiderSecurity’s accountability. The table below illustrates ownership of SSRM controls and their implications:

SSRM Control OwnershipDescription
CSP-owned  When the CSP (Cloud Service Provider) is InsiderSecurity, CSP-owned signifies that InsiderSecurity is solely responsible for the control.   This category encompasses the majority of controls outlined in InsiderSecurity’s CAIQ
Shared CSP and CSCWhen both the CSP (InsiderSecurity) and CSC (Cloud Service Customer) share responsibility for the control
Shared CSP and 3rd-partyWhen the CSP (InsiderSecurity) and a 3rd-party cloud service provider (eg. AWS or Azure where our services are hosted) share responsibility for the control.

In addition to SSRM, the inquiry delves deeper into controls specifically tailored for the cloud-native environment. For instance, the subsequent table outlines inquiries for controls frequently encountered in cloud-native settings:

DomainQuestion IDQuestionRational
CEK – Cryptography, Encryption and Key managementCEK-08.1  Are CSPs providing CSCs with the capacity to manage their own data encryption keys?Many cloud service providers host data and services within a multitenant environment. In such cases, customers may desire a distinct encryption key for their data, particularly when it is stored alongside another customer’s data in the same database.
IPY – Interoperability & PortabilityIPY-02.1Are CSCs able to programmatically retrieve their data via an API to enable interoperability and portability?A cloud service customer faces reduced risk of vendor lock-in when the data supplied by the provider is portable. Integration of multiple cloud services becomes more feasible for the customer if the provider offers API support.

Why is CSA STAR Level 2 important for our customers, partners and stakeholders?

InsiderSecurity’s attainment of CSA STAR Level 2 bears multifaceted advantages for its customers, partners, and the broader ecosystem:

  • Commitment to Security: The CSA STAR Level 2 certification shows InsiderSecurity’s commitment to robust security measures. It showcases the capability to safeguard sensitive information.
  • Support for Customers and Partners: The certification aids customers and partners in meeting their security requirements and compliance standards.
  • Enhanced Transparency: Transparency across all involved parties fosters better alignment of security practices and posture.This creates a more trustworthy environment and facilitates streamlined collaboration.
  • Efficiency in Onboarding: The certification streamlines security protocols when vetting or onboarding new business relationships. This efficiency expedites partnerships, making processes smoother and more secure.

The CSA STAR Level 2 certification process

The journey towards attaining CSA Level 2 of STAR was a challenging yet rewarding one. It involved meticulous examination of our existing security protocols, processes, and infrastructure. The process began with a comprehensive assessment of our security controls against the CSA STAR Level 2 requirements. This involved thorough documentation, evidence collection, and implementation of additional measures where necessary.

Independent auditors conducted rigorous evaluations, scrutinizing every aspect of our security framework. Their assessments gauged not only the presence but also the effectiveness of our security measures. The process involved collaboration across various teams within InsiderSecurity, ensuring that every department aligned its practices with the stringent security standards.

Throughout this journey, we fostered a culture of continuous improvement, leveraging insights from the assessment to refine and strengthen our security posture further. The dedication and collaboration of our teams were instrumental in achieving this certification, reflecting our commitment to prioritize security and safeguard data above all else.


Honored to welcome BSI for the CSA STAR Level 2 Certification presentation at our office

We had the pleasure of hosting the certification body @BSI (British Standards Institution) for the presentation of CSA STAR Level 2

InsiderSecurity is now ISO 27001 certified

InsiderSecurity achieves ISO 27001 certification, honored with Quality Excellence Award

In today’s digital landscape, safeguarding sensitive information against cyber threats is paramount. InsiderSecurity recently attained ISO/IEC 27001 certification. This accomplishment, marked by an audit with zero findings, showcases our dedication to information security, data protection, and quality through maintaining robust security systems and reliable processes.

What is ISO/IEC 27001:2022?

ISO/IEC 27001:2022 is a globally recognized standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. Achieving this certification involves implementing a robust set of policies, procedures, and controls to safeguard data assets against potential threats, vulnerabilities, and breaches. Compliance with ISO 27001 signifies a company’s ability to implement and maintain robust security measures that align with international best practices, enhancing trust among stakeholders.

Why is ISO/IEC 27001 important for our customers and stakeholders?

Attaining ISO 27001 certification embodies InsiderSecurity’s commitment to protecting data, fortifying our infrastructure against cyber threats, and maintaining the trust of customers and stakeholders. This certification demonstrates:

  • Commitment to security: ISO27001 certification demonstrates our dedication to robust security measures and our capability to safeguard sensitive information.
  • Focus on customers and partners: Our certification helps our customers and partners to meet their security requirements and compliance.
  • Risk Mitigation: ISO 27001 mandates a proactive approach to identifying and addressing security threats. This certification minimizes the risk of data breaches, ensuring the protection of your invaluable information.

The rigorous ISO/IEC 27001 certification process

Our journey towards ISO 27001 certification was marked by meticulous planning and collective efforts across all departments. The process involved an in-depth analysis of the risk profile and existing security measures. To align with ISO 27001 standards, we implemented stringent policies and controls, guided by the framework’s 114 controls across 14 distinct categories outlined in ISO 27001 Annex A.

Throughout the certification process, several requirements needed to be met. This process enabled us to fortify existing policies and controls, ensuring an elevated level of security aligned with the expectations of our customers and external stakeholders. Here are some of the controls we have in place to meet ISO27001 requirements:

  • MDM (Mobile Device Management) solution for endpoint
  • EDR (Endpoint Detect and Response) solution for endpoint
  • DLP (Data leakage prevention) solution for endpoint
  • Physical security in the office compound
  • Inventories and asset tracking process
  • Secure Software Development Life Cycle
  • Secret management process
  • Formal due diligence process to assess the security risk of our suppliers
  • Staff cybersecurity training process

Our existing security solutions, like Automated UEBA (User and Entity Behavior Analytics) and CSX, helped us detect any unusual activity in our cloud systems, meeting the logging and monitoring requirements of the ISO 27001 standard. After the grueling certification process, we completed the audit with zero findings.

Quality Excellence Award

InsiderSecurity is honored to receive the Quality Excellence Award by BSI, recognizing the our exceptional performance in security processes. This accolade follows the successful passage of the ISO 27001 audit without any findings, showcasing our commitment to maintaining robust security systems and processes.

Kin Siong, Chief Information Security Officer (CISO) at InsiderSecurity, expressed gratitude for receiving the award during the networking lunch hosted by BSI, remarking, “It was truly an honor to be bestowed with the Quality Excellence Award.”

Received Quality Excellence Award by BSI

The award ceremony, where Kin Siong, the Chief Information Security Officer (CISO) of InsiderSecurity, received the Quality Excellence Award during a networking lunch hosted by BSI

Join InsiderSecurity at Booth 4K21 during the Singapore Fintech Festival

Complying with MAS-TRM and CCOP 2.0 requirements with InsiderSecurity

How does InsiderSecurity meet MAS-TRM and CCoP 2.0?

InsiderSecurity helps to meet key MAS-TRM and CCoP 2.0 requirements that are challenging and tedious to comply with. As a leader in automated log analytics, InsiderSecurity helps to reduce compliance costs.

InsiderSecurity does the following:

Simplify database security monitoring

Harness the power of AI to monitor your on-premise, hybrid, and cloud environments with ease

Simplify the review of user activity logs

Manual review of user activity logs is tedious and often impractical due to the high volume of log events. With InsiderSecurity’s smart log review, users no longer have to manually review an overwhelming volume log events or alerts. InsiderSecurity makes sense of the logs and solves the challenge of manual log review

Monitor for anomalies in user behaviour

InsiderSecurity’s automated user behavior analytics flags out anomalies in behaviour patterns and detects early signs of breach

Built-in workflow to support governance and audit

InsiderSecurity provides a built-in workflow in log review that improves IT governance and support audits

Trusted by government agencies

InsiderSecurity’s solutions are deployed and trusted by government agencies and healthcare institutions

IMDA Accreditation

InsiderSecurity is the only company accredited by Singapore’s IMDA in the field of user and entity behavior analytics. Our solutions have been evaluated to meet IMDA’s high standards for deployment in enterprises and government agencies

Key Details of Singapore Fintech Festival 2023

  • Date: 15 – 17 Nov 2023
  • Time: 10:00 am to 6:00 pm
  • Location: Booth 4K21 | Hall 4, Singapore EXPO

Join us at Booth 4K21 during the Singapore Fintech Festival!

Discover how InsiderSecurity’s solutions can help your organization comply with regulatory requirements and enhance its cybersecurity posture. Engage with our team of experts and be sure to attend our enlightening presentation on achieving compliance with MAS-TRM through InsiderSecurity.

Solve the world’s cloud security challenges with Singaporean technology

SINGAPORE, October 13, 2023 – InsiderSecurity, a Singaporean developer of innovative cybersecurity SaaS used by many government agencies and enterprises, is excited to unveil its latest cloud security product codenamed CSX, at Govware 2023. CSX already won an award at CSA Cybersecurity Innovation Day 2022.

CSX is a good example of homegrown cybersecurity products that help position Singapore to be a cybersecurity hub in the digital economy.

Founded by local cyber experts, InsiderSecurity has been building advanced cybersecurity software products for the past 8 years. CSX is a cumulation of its expertise in cyber security, user behavior analytics and product development.

CSX is a game-changer in the market as it does one important thing: simplify cloud security.

As more businesses shift to the cloud, attackers are increasingly targeting cloud data and assets. Every now and then, a company appears on the news due to a cyber breach – a cyber breach has become a matter of when, not if. Chief Information Security Officers (CISOs) are held accountable for breaches and some even face criminal charges for lack of oversight.

This brings up the question – how can I be sure that the business’s cloud data and infrastructure are secure and have not been compromised?

Leveraging state-of-the-art analytics and artificial intelligence, CSX offers robust security coverage across the whole cloud stack, encompassing Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

CSX flags out anomalous behaviors within cloud environments, providing actionable insights through an intuitive dashboard. CSX empowers businesses to enhance their security posture by minimising the need for extensive security expertise or large security teams. CSX makes cloud security accessible and cost-effective, even for small enterprises.

“We are very excited to release our newest cybersecurity solution for the cloud – CSX,” said Justin Tay, Product Manager at InsiderSecurity. “With CSX, we want to help businesses from Singapore and abroad to get assurance of the security of their cloud products and services.”

One of the standout features of CSX is its simplicity. For example, users can seamlessly onboard their IaaS, PaaS, and SaaS services through the user-friendly dashboard. Adding a new cloud service for monitoring is as easy as clicking “Add” and following the automated steps. This streamlined process simplifies security management and minimizes the time and effort required to ensure the security of cloud products and services.

“I can’t wait to onboard all our products when CSX is released,” said a CEO at an SME. “Recently, one of our employees had their mobile phone compromised and lost access to their mobile banking app. Since they also had our company work productivity tools products installed on the same phone, I was extremely worried that our cloud services have also been compromised. At the time, the only way I could be sure there was no major breach was to incur significant costs reviewing each of our security tools – CSX would have made that so much easier and more affordable!”

Put your cloud security worries to rest and secure all your clouds with CSX today. To learn more about InsiderSecurity, please visit InsiderSecurity.

Key details of GovWare Conference & Exhibition 2023

  • Date: October 17 to 19, 2023
  • Time: 9:00 am to 5:30 pm
  • Location: Booth H32 | Sands Expo and Convention Centre

Join us at Booth H32 during GovWare 2023 to experience CSX firsthand! Discover live demonstrations of CSX, engage in in-depth discussions about cloud security challenges and connect with our team of experts. Don’t miss this opportunity to explore the future of cloud security.

About InsiderSecurity:

InsiderSecurity helps organisations to uncover cyber breaches very early, so as to avoid serious data loss. Our products include CSX for simplified cloud security, Database Activity Monitor for database security and Smart Log Review for log review compliance.

Founded in 2015, InsiderSecurity has won several awards for our technology. We are the only organisation to be accredited by Singapore’s IMDA in cybersecurity behavior analytics, having met high standards for deployment in government and enterprises. We are also a two-time winner on CSA’s Cybersecurity Innovation Day.

Today, InsiderSecurity’s products are trusted by many large enterprises, government agencies and SMEs.

InsiderSecurity awarded at CSA’s Cybersecurity Innovation Day 2022

InsiderSecurity is pleased to receive an award at Cyber Security Agency of Singapore’ Cybersecurity Innovation Day 2022 (Aug 31, 2022).

InsiderSecurity’s CEO Jonathan Phua is honored to receive the award from Singapore’s Senior Minister of State Dr Janil Puthucheary.

The Cybercall award recognises innovative cybersecurity companies that provide solutions to solve pressing cybersecurity challenges today.

InsiderSecurity won the award for its development of an innovative cloud security solution named Cloud Security X (CSX). This solution builds upon InsiderSecurity’s expertise in advanced cybersecurity analytics and in uncovering cyber threats early, especially for threats that would otherwise go undetected.

ion Day

Two-time winner in Cybersecurity Security Agency of Singapore (CSA)’s Cybersecurity Innovation Day

This is the second year that InsiderSecurity won an award at CSA’s Cybersecurity Innovation Day. The first award was in 2020.

Established by Singaporean cybersecurity experts in 2015, InsiderSecurity builds advanced cybersecurity products that are used by many large enterprises, government agencies and SMEs. InsiderSecurity is the only company that is accredited by Singapore’s IMDA in the field of cybersecurity behaviour analytics. Our innovative AI-based solutions provide early-warning of internal threats inside business infrastructures before there is any serious data loss. This technology is useful for early detection for supply chain attacks, such as Kaseya and SolarWinds cyber attack.

InsiderSecurity awarded at CSA’s Cybersecurity Innovation Day 2022

ASEAN 40 under 40 List

InsiderSecurity’s cofounder Chen Kin Siong is honoured to be in the ASEAN 40 under 40 list, for InsiderSecurity’s innovative work on solving big challenges in cybersecurity.

Minister S Iswaran cited InsiderSecurity in his Total Defence 2019 Speech.

InsiderSecurity cited in Minister Iswaran’s Total Defence Speech

InsiderSecurity was cited by Minister Iswaran on how our tech is securing Singaporean organisations in his Total Defence Day 2019 speech.

“I am happy that local companies such as SgCarMart and the Singapore College of Insurance have already adopted solutions by InsiderSecurity, a homegrown cybersecurity company founded by Singaporean cyber warfare experts and accredited by IMDA’s Accreditation@SGD programme.” said Minister Iswaran.

InsiderSecurity is proud to be cited by Mr. S Iswaran, Minister for Communications and Information and Minister-in-Charge of Cybersecurity in his speech during the Total Defence Day Commemoration on last February 15, 2019. 

Minister Iswaran talked about various digital threats that took place globally and in Singapore, underscoring how these can be as destructive as physical threats like terrorism. He then called on the nation to play a part in this national effort to fight cyber threats, with various Government Agencies and businesses taking the necessary steps to strengthen security strategies. Minister Iswaran gave the example where Singaporean organisations are adopting InsiderSecurity’s cybersecurity solution.

As a homegrown cybersecurity firm accredited by IMDA, we are thankful for the opportunity to serve fellow Singapore companies, defending them from cyber attackers hiding inside the network.

With cybersecurity increasing in importance each day, we at InsiderSecurity will be building on our strengths in Early Breach Detection and Cybersecurity Behaviour Analytics to make Singapore a safer place.


See the full text of his speech on the MCI website.

InsiderSecurity Participated in GovWare 2018

InsiderSecurity Participated In GovWare 2018

We had a fantastic GovWare 2018, with great response from visitors and attendees to InsiderSecurity’s award-winning, IMDA-accredited, deep tech for Early Breach Detection! Jonathan, our CEO, was also invited to speak on cybersecurity AI, entitled “Will AI save or kill us in cybersecurity?”