Data security strategies and drivers
-
Upload
freeform-dynamics -
Category
Technology
-
view
2.296 -
download
0
description
Transcript of Data security strategies and drivers
- 1 - Copyright 2009 Freeform Dynamics Ltd - 1 - Copyright 2010 Freeform Dynamics Ltd
Data Security Trends and Observations
Tony LockFreeform Dynamics Ltd
[email protected], 2010
www.freeformdynamics.com
- 2 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Agenda
► Business Drivers Influencing IT Security► Protecting Data► The Future of Encryption
- 3 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Today, business want to…► Reduce costs
● Leverage existing investments● Rationalise infrastructure / Reduce power consumption ● ‘Optimise everything’!
► Increase agility● Access information on demand● Support new business initiatives quickly & effectively
► Manage risk● Legal & regulatory / Security and privacy● Continuity / resilience● Protect brand
► Be good corporate citizens● Governance / External obligations● Retain Customer trust and satisfaction
- 4 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
4043372030755980512726843227940121734585012 7154539691420762 597242857594404736383206 864822559884522781272859586310783041215189039722995842274740595660911438608619370523665877168914807728150100036532892988233489229168412298957399856995916007784076516717934157958922080355531822072807338276962545494762362555017379346840089604010135260723134336771684303126571878448235124194684200289197340444389979954931395248708578295236216355137975564230921803957049782011111357
Encryption and Key Management
- 5 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Why is security important?
- 6 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
New risks
► External annoyances (Spam, virus, Drive by web infections, general Phishing, etc.)
► Targeted crime (Hackers, Targeted phishing etc.)► Third parties inside the firewall breaching security► Staff breaching security by design► Staff / Third parties breaching security by accident –
Information leakage
- 7 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Well Protected?
- 8 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
To what degree do you consider these specific risks during business planning?
0% 20% 40% 60% 80% 100%
Loss of business critical informationDowntime of key IT systems
Illicit use of confidential informationBreach of building security
Legal exposureRegulatory exposure
Criminal activity (e.g. fraud)Malicious damage by employees
Accidental damagePolitical instability
Public health emergencyPoor performance of financial markets
Natural disasterTerrorist activity
Major consideration Some considerationMinimal consideration Unsure
- 9 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Has regulatory compliance been a specific driver in the following areas?
0% 10% 20% 30% 40% 50% 60% 70% 80%
Financial Services
Public Sector
Communications
Oil & Gas
General Industry/Commerce
Enhancing storage and archiving capability Enhancing information related security
- 10 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Generally speaking, when you add everything up, how is your spending on IT risk related investments such as security and information management changing?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Financial Services
Communications
Public Sector
General Industry
Oil & Gas
Increasing dramatically Increasing Static Decreasing
- 11 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Agenda
► Business Drivers Influencing IT Security► Protecting Data► The Future of Encryption
- 12 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Security “culture”
- 13 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
How easy is it to control the potential security risk arising from the proliferation of confidential data across different machines and locations?
Cannot completely
control23%
Controlling it is a
challenge50%
Easy to control22%
Unsure5%
- 14 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
How important are the following when considering the need to secure confidential information?
0% 20% 40% 60% 80% 100%
Avoidance of financial loss
Prevention of legal exposure
Preservation of customer relationships
Regulatory compliance
Maintenance of competitive edge
Protection of brand and image
Particularly important for us Some consideration Less of an issue Unsure
- 15 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
► Link to lack of accurate knowledge • Mixed IT infrastructure deployed• Who has “access” to data, especially
those with escalated privileges• Who is using each service and who
should be?
► Encryption. where used, is deployed piecemeal not across all systems• Lack of process to manage solutions• Lack of awareness that solutions are
now available for a wide range of challenges
What is holding “Data Security” back?
- 16 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
The role of Encryption and Key Management
► Today encryption has been implemented in a piecemeal fashion
● Bit by bit● No central management or strategy● Key management left to individuals or groups
► Encryption will, ultimately, be rolled out to address all of the highlighted risk areas
● Key desktops and laptops● Storage arrays● Mobile Devices
► Problems will occur● And very, very visibly
- 17 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Agenda
► Business Drivers Influencing IT Security► Protecting Data► The Future of Encryption
- 18 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
► Define who is responsible for security• How should policy be set? • IT, The Business and Security partners• Set how to create / handle security Procedures?
►Implement security solutions• Encryption and key management• Make as transparent as possible to users• Ensure staff know what is permitted in data security management
►Until these are addressed, change will be difficult and risks will not be managed
Moving “Data Security” and encryption Forward?
- 19 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Process, process, process► Process
● Define Processes for security● Try to standardise on solutions● Make sure everyone understands security threats and the
consequences● Make sure that routines / procedures are in place to manage all
aspects of security● Especially for mobile / home workers.
► Create a feeling of responsibility for security► Train / Train / Train / Communicate
- 20 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Overall mix of concerns relating to adoption of latest technologies and working practices
0% 10% 20% 30% 40% 50% 60% 70%
Securityinfrastructure
limitations
Policy and processrelated challenges
Cultural or trustrelated concerns
Encryption can help address th
ese issues
- 21 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
►Use of Encryption will spread, and soon• Silo by Silo• Storage, Desktops, Mobile Devices, Applications• Data at Rest, Data in Motion
► Ultimately encryption will become “expected” ► The importance of key management will be recognised
• But not to begin with• Education will be required or “incidents will happen”
►Standards (ISO 7498-2, ISO 17799 etc.) are important• But customers will need to move before all standards are
finalised and in place.► Best practice / experience is valued along with advice
on where to start.
The Future of Encryption
- 22 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
►Know where data is stored, who is using it and why• Storage platforms / Desktops / Applications / Networks• Combine asset management / identity / encryption and key
management►Define roles and responsibilities for data governance►Create policies for data management and security
• Encrypt where needed• And make sure everyone understands and follows them• Audit data access and alteration
►Define Identities• Personal / Device / Service / Application
► Get good Management Procedures in place, especially for encryption key management
Where to start with Securing Enterprise Data?
- 23 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics
Thank You!
► Any Questions?
Tony LockFreeform Dynamics Ltd
[email protected], 2010
www.freeformdynamics.com