InsiderSecurity is now CSA STAR Level 2 certified

In the rapidly evolving landscape of digital operations, security is crucial. With so much sensitive information now being stored in the cloud, protecting it is a priority for both cloud providers and customers. We are pleased to announce that we are the FIRST cybersecurity software company from Singapore and likely Southeast Asia to achieve CSA (Cloud Security Alliance) STAR Level 2 certification. This certification demonstrates our commitment to cloud security, privacy controls, data protection, and quality. It also shows our dedication to fortifying our overall security measures through maintaining robust security systems and reliable processes.

What is CSA STAR?

The Cloud Security Alliance (CSA) is a nonprofit organization dedicated to establishing best practices for secure cloud computing. CSA Security Trust, Assurance, and Risk (STAR) program is a robust security assurance initiative for the cloud. STAR represents transparency, rigorous auditing standardisation of guidelines in the Cloud Controls Matrix (CCM).

CCM comprises 197 control objectives spread across 17 domains, forming a detailed control framework. It helps cloud customers in evaluating the overall security risk of a cloud service solution provider (CSP), ensuring a thorough assessment of fundamental security principles.

By being CSA STAR level 2 certified, organizations demonstrate their commitment to best practices and validate the security of their cloud services. This not only benefits customers seeking secure cloud solutions but also assures solution providers to prove robust controls to both current and future clients.

CSA STAR Level 1

The entry-level certification validates a CSP’s commitment to foundational security requirements and aligns with the CSA’s Cloud Controls Matrix (CCM). It is a starting point, indicating the provider’s acknowledgment of essential security protocols. Level 1 is a free self-assessment conducted internally and does not require third-party approval.

To attain CSA STAR level 1, the cloud service provider only needs to complete and submit the CAIQ (Consensus Assessments Initiative Questionnaire).

CSA STAR Level 2

CSA STAR Level 2 certification indicates a high level of maturity in the implementation of strict security protocols and practices within an organization’s cloud infrastructure. It involves a complete assessment of security controls, processes, and compliance with industry standards, performed by independent auditors. This level emphasizes not only the presence of security measures but also their effectiveness and alignment with industry best practices.

For more information into InsiderSecurity’s CAIQ and Level 2 certification, please visit the official registry at Insider Security Pte Ltd on CSA STAR.

CSA STAR and ISO 27001: What’s the connection? 

CSA STAR and ISO 27001 aims to ensure that companies protect their information. Certifications from CSA STAR can be used to enhance existing information security certification and audit programs. This simplifies the assessment process and allows companies to assess their compliance with information security standards and cloud security standards simultaneously. Now, let’s explore how STAR differs from ISO/IEC 27001.

CSA STAR Certification incorporates the fundamental requirements of the ISO/IEC 27001:2013 management system standard, integrating them with cloud-specific criteria from the CSA Cloud Controls Matrix (CCM). Moreover, the STAR Certification path involves a comprehensive maturity model assessment, evaluating the organization’s maturity against CSA’s proprietary criteria. This evaluation highlights the strengths and weaknesses of processes by utilizing CCM domains as measurable indicators. Crucially, this assessment serves as an internal report for the client, fostering a culture of continual improvement within the organization.

The significant distinction between CSA STAR and ISO 27001 lies in the concept of the Shared Security Responsibility Model (SSRM). The 197 controls necessitate a clear delineation of specific responsibilities for each control, clarifying InsiderSecurity’s accountability. The table below illustrates ownership of SSRM controls and their implications:

SSRM Control OwnershipDescription
CSP-owned  When the CSP (Cloud Service Provider) is InsiderSecurity, CSP-owned signifies that InsiderSecurity is solely responsible for the control.   This category encompasses the majority of controls outlined in InsiderSecurity’s CAIQ
Shared CSP and CSCWhen both the CSP (InsiderSecurity) and CSC (Cloud Service Customer) share responsibility for the control
Shared CSP and 3rd-partyWhen the CSP (InsiderSecurity) and a 3rd-party cloud service provider (eg. AWS or Azure where our services are hosted) share responsibility for the control.

In addition to SSRM, the inquiry delves deeper into controls specifically tailored for the cloud-native environment. For instance, the subsequent table outlines inquiries for controls frequently encountered in cloud-native settings:

DomainQuestion IDQuestionRational
CEK – Cryptography, Encryption and Key managementCEK-08.1  Are CSPs providing CSCs with the capacity to manage their own data encryption keys?Many cloud service providers host data and services within a multitenant environment. In such cases, customers may desire a distinct encryption key for their data, particularly when it is stored alongside another customer’s data in the same database.
IPY – Interoperability & PortabilityIPY-02.1Are CSCs able to programmatically retrieve their data via an API to enable interoperability and portability?A cloud service customer faces reduced risk of vendor lock-in when the data supplied by the provider is portable. Integration of multiple cloud services becomes more feasible for the customer if the provider offers API support.

Why is CSA STAR Level 2 important for our customers, partners and stakeholders?

InsiderSecurity’s attainment of CSA STAR Level 2 bears multifaceted advantages for its customers, partners, and the broader ecosystem:

  • Commitment to Security: The CSA STAR Level 2 certification shows InsiderSecurity’s commitment to robust security measures. It showcases the capability to safeguard sensitive information.
  • Support for Customers and Partners: The certification aids customers and partners in meeting their security requirements and compliance standards.
  • Enhanced Transparency: Transparency across all involved parties fosters better alignment of security practices and posture.This creates a more trustworthy environment and facilitates streamlined collaboration.
  • Efficiency in Onboarding: The certification streamlines security protocols when vetting or onboarding new business relationships. This efficiency expedites partnerships, making processes smoother and more secure.

The CSA STAR Level 2 certification process

The journey towards attaining CSA Level 2 of STAR was a challenging yet rewarding one. It involved meticulous examination of our existing security protocols, processes, and infrastructure. The process began with a comprehensive assessment of our security controls against the CSA STAR Level 2 requirements. This involved thorough documentation, evidence collection, and implementation of additional measures where necessary.

Independent auditors conducted rigorous evaluations, scrutinizing every aspect of our security framework. Their assessments gauged not only the presence but also the effectiveness of our security measures. The process involved collaboration across various teams within InsiderSecurity, ensuring that every department aligned its practices with the stringent security standards.

Throughout this journey, we fostered a culture of continuous improvement, leveraging insights from the assessment to refine and strengthen our security posture further. The dedication and collaboration of our teams were instrumental in achieving this certification, reflecting our commitment to prioritize security and safeguard data above all else.

Honored to welcome BSI for the CSA STAR Level 2 Certification presentation at our office

We had the pleasure of hosting the certification body @BSI (British Standards Institution) for the presentation of CSA STAR Level 2

InsiderSecurity is now ISO 27001 certified

InsiderSecurity achieves ISO 27001 certification, honored with Quality Excellence Award

In today’s digital landscape, safeguarding sensitive information against cyber threats is paramount. InsiderSecurity recently attained ISO/IEC 27001 certification. This accomplishment, marked by an audit with zero findings, showcases our dedication to information security, data protection, and quality through maintaining robust security systems and reliable processes.

What is ISO/IEC 27001:2022?

ISO/IEC 27001:2022 is a globally recognized standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. Achieving this certification involves implementing a robust set of policies, procedures, and controls to safeguard data assets against potential threats, vulnerabilities, and breaches. Compliance with ISO 27001 signifies a company’s ability to implement and maintain robust security measures that align with international best practices, enhancing trust among stakeholders.

Why is ISO/IEC 27001 important for our customers and stakeholders?

Attaining ISO 27001 certification embodies InsiderSecurity’s commitment to protecting data, fortifying our infrastructure against cyber threats, and maintaining the trust of customers and stakeholders. This certification demonstrates:

  • Commitment to security: ISO27001 certification demonstrates our dedication to robust security measures and our capability to safeguard sensitive information.
  • Focus on customers and partners: Our certification helps our customers and partners to meet their security requirements and compliance.
  • Risk Mitigation: ISO 27001 mandates a proactive approach to identifying and addressing security threats. This certification minimizes the risk of data breaches, ensuring the protection of your invaluable information.

The rigorous ISO/IEC 27001 certification process

Our journey towards ISO 27001 certification was marked by meticulous planning and collective efforts across all departments. The process involved an in-depth analysis of the risk profile and existing security measures. To align with ISO 27001 standards, we implemented stringent policies and controls, guided by the framework’s 114 controls across 14 distinct categories outlined in ISO 27001 Annex A.

Throughout the certification process, several requirements needed to be met. This process enabled us to fortify existing policies and controls, ensuring an elevated level of security aligned with the expectations of our customers and external stakeholders. Here are some of the controls we have in place to meet ISO27001 requirements:

  • MDM (Mobile Device Management) solution for endpoint
  • EDR (Endpoint Detect and Response) solution for endpoint
  • DLP (Data leakage prevention) solution for endpoint
  • Physical security in the office compound
  • Inventories and asset tracking process
  • Secure Software Development Life Cycle
  • Secret management process
  • Formal due diligence process to assess the security risk of our suppliers
  • Staff cybersecurity training process

Our existing security solutions, like Automated UEBA (User and Entity Behavior Analytics) and CSX, helped us detect any unusual activity in our cloud systems, meeting the logging and monitoring requirements of the ISO 27001 standard. After the grueling certification process, we completed the audit with zero findings.

Quality Excellence Award

InsiderSecurity is honored to receive the Quality Excellence Award by BSI, recognizing the our exceptional performance in security processes. This accolade follows the successful passage of the ISO 27001 audit without any findings, showcasing our commitment to maintaining robust security systems and processes.

Kin Siong, Chief Information Security Officer (CISO) at InsiderSecurity, expressed gratitude for receiving the award during the networking lunch hosted by BSI, remarking, “It was truly an honor to be bestowed with the Quality Excellence Award.”

Received Quality Excellence Award by BSI

The award ceremony, where Kin Siong, the Chief Information Security Officer (CISO) of InsiderSecurity, received the Quality Excellence Award during a networking lunch hosted by BSI

Join InsiderSecurity at Booth 4K21 during the Singapore Fintech Festival

Complying with MAS-TRM and CCOP 2.0 requirements with InsiderSecurity

How does InsiderSecurity meet MAS-TRM and CCoP 2.0?

InsiderSecurity helps to meet key MAS-TRM and CCoP 2.0 requirements that are challenging and tedious to comply with. As a leader in automated log analytics, InsiderSecurity helps to reduce compliance costs.

InsiderSecurity does the following:

Simplify database security monitoring

Harness the power of AI to monitor your on-premise, hybrid, and cloud environments with ease

Simplify the review of user activity logs

Manual review of user activity logs is tedious and often impractical due to the high volume of log events. With InsiderSecurity’s smart log review, users no longer have to manually review an overwhelming volume log events or alerts. InsiderSecurity makes sense of the logs and solves the challenge of manual log review

Monitor for anomalies in user behaviour

InsiderSecurity’s automated user behavior analytics flags out anomalies in behaviour patterns and detects early signs of breach

Built-in workflow to support governance and audit

InsiderSecurity provides a built-in workflow in log review that improves IT governance and support audits

Trusted by government agencies

InsiderSecurity’s solutions are deployed and trusted by government agencies and healthcare institutions

IMDA Accreditation

InsiderSecurity is the only company accredited by Singapore’s IMDA in the field of user and entity behavior analytics. Our solutions have been evaluated to meet IMDA’s high standards for deployment in enterprises and government agencies

Key Details of Singapore Fintech Festival 2023

  • Date: 15 – 17 Nov 2023
  • Time: 10:00 am to 6:00 pm
  • Location: Booth 4K21 | Hall 4, Singapore EXPO

Join us at Booth 4K21 during the Singapore Fintech Festival!

Discover how InsiderSecurity’s solutions can help your organization comply with regulatory requirements and enhance its cybersecurity posture. Engage with our team of experts and be sure to attend our enlightening presentation on achieving compliance with MAS-TRM through InsiderSecurity.

Solve the world’s cloud security challenges with Singaporean technology

SINGAPORE, October 13, 2023 – InsiderSecurity, a Singaporean developer of innovative cybersecurity SaaS used by many government agencies and enterprises, is excited to unveil its latest cloud security product codenamed CSX, at Govware 2023. CSX already won an award at CSA Cybersecurity Innovation Day 2022.

CSX is a good example of homegrown cybersecurity products that help position Singapore to be a cybersecurity hub in the digital economy.

Founded by local cyber experts, InsiderSecurity has been building advanced cybersecurity software products for the past 8 years. CSX is a cumulation of its expertise in cyber security, user behavior analytics and product development.

CSX is a game-changer in the market as it does one important thing: simplify cloud security.

As more businesses shift to the cloud, attackers are increasingly targeting cloud data and assets. Every now and then, a company appears on the news due to a cyber breach – a cyber breach has become a matter of when, not if. Chief Information Security Officers (CISOs) are held accountable for breaches and some even face criminal charges for lack of oversight.

This brings up the question – how can I be sure that the business’s cloud data and infrastructure are secure and have not been compromised?

Leveraging state-of-the-art analytics and artificial intelligence, CSX offers robust security coverage across the whole cloud stack, encompassing Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

CSX flags out anomalous behaviors within cloud environments, providing actionable insights through an intuitive dashboard. CSX empowers businesses to enhance their security posture by minimising the need for extensive security expertise or large security teams. CSX makes cloud security accessible and cost-effective, even for small enterprises.

“We are very excited to release our newest cybersecurity solution for the cloud – CSX,” said Justin Tay, Product Manager at InsiderSecurity. “With CSX, we want to help businesses from Singapore and abroad to get assurance of the security of their cloud products and services.”

One of the standout features of CSX is its simplicity. For example, users can seamlessly onboard their IaaS, PaaS, and SaaS services through the user-friendly dashboard. Adding a new cloud service for monitoring is as easy as clicking “Add” and following the automated steps. This streamlined process simplifies security management and minimizes the time and effort required to ensure the security of cloud products and services.

“I can’t wait to onboard all our products when CSX is released,” said a CEO at an SME. “Recently, one of our employees had their mobile phone compromised and lost access to their mobile banking app. Since they also had our company work productivity tools products installed on the same phone, I was extremely worried that our cloud services have also been compromised. At the time, the only way I could be sure there was no major breach was to incur significant costs reviewing each of our security tools – CSX would have made that so much easier and more affordable!”

Put your cloud security worries to rest and secure all your clouds with CSX today. To learn more about InsiderSecurity, please visit InsiderSecurity.

Key details of GovWare Conference & Exhibition 2023

  • Date: October 17 to 19, 2023
  • Time: 9:00 am to 5:30 pm
  • Location: Booth H32 | Sands Expo and Convention Centre

Join us at Booth H32 during GovWare 2023 to experience CSX firsthand! Discover live demonstrations of CSX, engage in in-depth discussions about cloud security challenges and connect with our team of experts. Don’t miss this opportunity to explore the future of cloud security.

About InsiderSecurity:

InsiderSecurity helps organisations to uncover cyber breaches very early, so as to avoid serious data loss. Our products include CSX for simplified cloud security, Database Activity Monitor for database security and Smart Log Review for log review compliance.

Founded in 2015, InsiderSecurity has won several awards for our technology. We are the only organisation to be accredited by Singapore’s IMDA in cybersecurity behavior analytics, having met high standards for deployment in government and enterprises. We are also a two-time winner on CSA’s Cybersecurity Innovation Day.

Today, InsiderSecurity’s products are trusted by many large enterprises, government agencies and SMEs.

InsiderSecurity awarded at CSA’s Cybersecurity Innovation Day 2022

InsiderSecurity is pleased to receive an award at Cyber Security Agency of Singapore’ Cybersecurity Innovation Day 2022 (Aug 31, 2022).

InsiderSecurity’s CEO Jonathan Phua is honored to receive the award from Singapore’s Senior Minister of State Dr Janil Puthucheary.

The Cybercall award recognises innovative cybersecurity companies that provide solutions to solve pressing cybersecurity challenges today.

InsiderSecurity won the award for its development of an innovative cloud security solution named Cloud Security X (CSX). This solution builds upon InsiderSecurity’s expertise in advanced cybersecurity analytics and in uncovering cyber threats early, especially for threats that would otherwise go undetected.

ion Day

Two-time winner in Cybersecurity Security Agency of Singapore (CSA)’s Cybersecurity Innovation Day

This is the second year that InsiderSecurity won an award at CSA’s Cybersecurity Innovation Day. The first award was in 2020.

Established by Singaporean cybersecurity experts in 2015, InsiderSecurity builds advanced cybersecurity products that are used by many large enterprises, government agencies and SMEs. InsiderSecurity is the only company that is accredited by Singapore’s IMDA in the field of cybersecurity behaviour analytics. Our innovative AI-based solutions provide early-warning of internal threats inside business infrastructures before there is any serious data loss. This technology is useful for early detection for supply chain attacks, such as Kaseya and SolarWinds cyber attack.

InsiderSecurity awarded at CSA’s Cybersecurity Innovation Day 2022

ASEAN 40 under 40 List

InsiderSecurity’s cofounder Chen Kin Siong is honoured to be in the ASEAN 40 under 40 list, for InsiderSecurity’s innovative work on solving big challenges in cybersecurity.

Minister S Iswaran cited InsiderSecurity in his Total Defence 2019 Speech.

InsiderSecurity cited in Minister Iswaran’s Total Defence Speech

InsiderSecurity was cited by Minister Iswaran on how our tech is securing Singaporean organisations in his Total Defence Day 2019 speech.

“I am happy that local companies such as SgCarMart and the Singapore College of Insurance have already adopted solutions by InsiderSecurity, a homegrown cybersecurity company founded by Singaporean cyber warfare experts and accredited by IMDA’s Accreditation@SGD programme.” said Minister Iswaran.

InsiderSecurity is proud to be cited by Mr. S Iswaran, Minister for Communications and Information and Minister-in-Charge of Cybersecurity in his speech during the Total Defence Day Commemoration on last February 15, 2019. 

Minister Iswaran talked about various digital threats that took place globally and in Singapore, underscoring how these can be as destructive as physical threats like terrorism. He then called on the nation to play a part in this national effort to fight cyber threats, with various Government Agencies and businesses taking the necessary steps to strengthen security strategies. Minister Iswaran gave the example where Singaporean organisations are adopting InsiderSecurity’s cybersecurity solution.

As a homegrown cybersecurity firm accredited by IMDA, we are thankful for the opportunity to serve fellow Singapore companies, defending them from cyber attackers hiding inside the network.

With cybersecurity increasing in importance each day, we at InsiderSecurity will be building on our strengths in Early Breach Detection and Cybersecurity Behaviour Analytics to make Singapore a safer place.

See the full text of his speech on the MCI website.

InsiderSecurity Participated in GovWare 2018

InsiderSecurity Participated In GovWare 2018

We had a fantastic GovWare 2018, with great response from visitors and attendees to InsiderSecurity’s award-winning, IMDA-accredited, deep tech for Early Breach Detection! Jonathan, our CEO, was also invited to speak on cybersecurity AI, entitled “Will AI save or kill us in cybersecurity?”

CNA interview with InsiderSecurity CEO

CNA Interview: InsiderSecurity CEO on the challenge of finding cybersecurity talents in Singapore

In an interview with Channel News Asia, our CEO, Jonathan Phua, talked about the challenge of finding the right talents who can fill positions in the local cybersecurity industry.

In an interview with Channel NewsAsia, our CEO, Jonathan Phua, talked about the challenge of finding the right cybersecurity talents, who can fill positions in the local cybersecurity industry. Singapore, like many countries, is experiencing a shortage of cybersecurity professionals. This makes it difficult for many organisations to get strong cybersecurity. The higher demand for experienced cybersecurity professionals also means higher hiring costs.

Immediate shortage aside, there are good reasons for Singapore to develop its cybersecurity talents.

“It is vital for Singapore to grow our own cybersecurity talents because of two reasons. First, Singapore has a good shot at becoming a major cybersecurity hub. We have the right people and infrastructure. Second, if not for economics, then for national defense, as cybersecurity is already the sixth pillar of Total Defence,” explained Phua.

Attracting cybersecurity professionals need not always be via higher salaries. There are applicants who join companies not just because of the financial compensation, but also for the value of the product or service they see that those companies are producing. “Within InsiderSecurity, we have been fortunate in that we have been able to attract talents, as we are doing exciting, cutting-edge work,” said Phua.

InsiderSecurity is helping address the current talent shortage by continuing to develop automated cyber threat detection technology, that helps companies with even small IT teams cope with cyber threats.