9:00 – 12:00 Workshop A: Designing and implementing a cloud strategy to reduce IT expenses

About the workshop leader:

Keith has over 20 years of experience in the field of information technology. He is First Vice President for Information Technology Group at Philippine Business Bank. He heads the Information Technology Group of the bank for more than 8 years. He also oversees the information technology of the group of companies founded by Ambassador Alfredo M. Yao. He has attained his Master’s degree in Management from the Asian Institute of Management and post graduate studies in computer science from the Ateneo de Manila University.

He was introduced to early preceding cloud technologies that have made him one of the early adopters and true believer of SaaS models today.

Rationale:

Asian banks are beginning to discuss and embrace the cloud concept, recognising its significant efficiencies and cost advantages. Yet, certain questions remain: Does my retail bank need the cloud? Is my bank ‘ready’ to move to the cloud?

Attend this workshop to learn:

• how to draw on the lessons learnt by Keith Chan, an early adopter of cloud computing
• how to gauge your bank’s “cloud readiness”
• how to identify the technical requirements and enterprise infrastructure required to support a cloud network

Agenda:

Evaluating the challenges and success of cloud computing with 4 case studies:

• IaaS/Private Cloud planning - transforming Data Centers to a private cloud.
• SaaS Cloud model A. - Based on SWIFT on SaaS model.
• SaaS Cloud model B. - Based on a pure pay-per-use remittance SaaS model.
• SaaS Cloud model C - A core banking transformation

2:00 – 5:00 Workshop B: Developing a framework to protect virtual data and overcome cloud security challenges

About the workshop leader:

We will be updating the website shortly with the workshop leader’s details.

Rationale:

• Many organisations are migrating to clouds to reap the benefits of cost savings and increased agility in software deployment. But cloud security will impact how each firm adopts and implements cloud. How will you secure your firm’s Cloud?

Attend this workshop to:

• identify the key security challenges that banks face with private and public clouds and how to overcome these problems
• gain insights on privacy-preserving technologies, operating system security and network and protocol security

Agenda:

1) Assessing the challenges of adopting cloud computing

• security
• reliability
• performance
• integrate with in-house IT
• regulatory requirements

2) Comparing ‘cloud computing security’ with ‘IT security’

• web security
• physical security

3) Identifying and mitigating cloud computing issues:

• availability issues for minimal service interruption
• preventive measures for non-recoverable data losses or leakage
• perimeter security in sheltering the firm’s cloud computing infrastructure
• security of virtualisation
• choice of cloud providers

4) Designing well-monitored systems and networks to combat hostile activity or intrusion and safeguard the firm’s data

9:00 – 12:00 Workshop C: Increasing mobile banking security to better engage and retain customers

About the workshop leader:

We will be updating the website shortly with the workshop leader’s details.

Rationale

Mobile security issues will grow rapidly over the next few years. This is due to the increase in smartphone penetration and consumers embracing mobile banking. How should banks respond and prevent security threats in the mobile banking world?

Attend this workshop to learn:

• how to identify security solutions for the mobile retail banking world
• how to alleviate mobile users security fears to increase revenue from the unbanked part of the population

Agenda:

a) Identifying security challenges and shortfalls of mobile banking including

• GSM network
• SMS / GPRS protocols

b) Analysing the slow adoption of mobile banking due to service security and privacy issues

c) Discussing how information can be transmitted safely and securely:

• Customer information – sent from customer’s mobile phone to web server
• Security of remote access to the banking server and customer information database
• Security measures to prevent unauthorised users from logging on the online banking section of the WEB

d) Evaluating the threat to network channels accessible to a mobile device including:

e) Evaluating solutions to reduce security risk and improve customer’s trust

• Discussing enhancements to hardware security of the mobile phone
• Improving mobile phone’s software security
• Brainstorming new security measures for the retail banking system
• Embracing a holistic security approach by monitoring risk and security threats across multi-channels

2:00 – 5:00 Workshop D: Moving from responsive to preventive strategies for mobile payment security

About the workshop leader:

We will be updating the website shortly with the workshop leader’s details.

Rationale:

Customers are enjoying mobile payments anytime, anywhere. But with an increase in convenience, there is an increase in the need to address privacy, security, and reliability of mobile payments.

Attend this workshop to learn:

• How to address the security issues to deliver safe mobile payment solutions
• How to reassure retail banking clients that mobile payment is secure and safe

Agenda:

1) Identifying and analysing the security measures of current mobile security technologies:

a) Wireless application protocol (WAP)

• Evaluating the security protocol, designed for securing communications and transactions over wireless networks
• How to overcome the ‘WAP Gap’ - encrypted messages becoming clear text

b) SIM toolkit

• Assessing the communication between the mobile client and the payment server using SMS
• How to find a solution to an ‘end to end’ security’
• How to better trust the security of network operators and its infrastructure
• How to deploy security mechanisms to SMS messages

c) Java 2 Platform, Micro Edition (J2ME)

• Analysing J2ME in protecting client systems from unreliable programs, greater transaction security and network efficiency
• Understanding the benefits of content-based encryption and less reliance on network for data processing

2) Evaluating the effectiveness of the three security measures in supporting mobile payments and preventing mobile payment fraud

3) Identifying security measures and solutions in mitigating future attacks in mobile payments

• social engineering attacks including Phishing, Vishing, SMiShing
• malware attacks, viruses and Trojans
• physical attacks and phone snatching