Ami Azrul bin Abdullah

Ami is currently Chief Technology Officer, Digicert Sdn Bhd. He began his career as a government officer at the Budget Division, Ministry of Finance. Subsequently he was transferred to the Institute of Diplomacy and Foreign Relations, Prime Minister’s Department. He then left the civil service to join Albukhary Foundation where he was responsible to market the Islamic Arts Museum to the public at large. In the end, his love for IT processes and systems brought him to MSC Trustgate. com Sdn Bhd as a security engineer. He joined Digicert in 2001, looking into operational matters of the licensed Certification Authority. His current interest, apart from encryption, includes online security at large visà- vis governance, risk and compliance issues and processes. He has more than 9 years experience in the Public Key Infrastructure (PKI) and well versed in the people, process and technology to make PKI implementation a success. Ami is a mathematician by education and an Associate of the Royal College of Science, London. He is also a Certified Information Systems Security Professional (CISSP).
Public Key Infrastructure Implementation in Malaysia
Malaysia’s experience in PKI began with the introduction of Cyberlaws, namely the Digital Signature Act in 1997 which laid the foundation for the establishment of two Certification Authorities, Digicert and MscTrustgate, both of which being regulated by the Communications and Multimedia Commission. The first applications which are PKI enabled are applications owned by the Ministry of Finance and Accountant General’s Department. These are the e-Procurement System and the electronic system of budget management. Subsequently the financial industry followed suit and a few years ago, the killer application for the public at large, the Inland Revenue Board e-filing system, was introduced, resulting in a drastic increase in subscriber base. There are multitudes of media used for the storage of private keys, i.e., smart cards, cryptographic USB token, Hardware Security Modules, server storage and local disk, depending on the criticality of applications. The two certification authorities have been able to maintain steady stream of revenue and the subscriber base has still the potential to increase base on the internet penetration.