Elcom Web Security Seminar Presentation
-
Upload
angus-mcdonald -
Category
Business
-
view
337 -
download
0
description
Transcript of Elcom Web Security Seminar Presentation
![Page 1: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/1.jpg)
Secure Web Collaboration
Angus McDonaldTechnical DirectorElcom Technology
![Page 2: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/2.jpg)
HINDSIGHTTHOSE WERE THE DROIDS YOU WERE
LOOKING FOR
![Page 3: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/3.jpg)
Web 2.0 Apps = Security issues
![Page 4: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/4.jpg)
Web 2.0 Apps = Collaboration
![Page 5: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/5.jpg)
Collaboration examples
• Tender and deal making sites• Customer training• Customer service portals• Partner portals• Custom-built collaborative web apps
![Page 6: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/6.jpg)
Business wants more collaboration
![Page 7: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/7.jpg)
You could just say “Tough.”
![Page 8: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/8.jpg)
But they’ll just use free web apps
![Page 9: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/9.jpg)
And that isn’t safe!
![Page 10: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/10.jpg)
Solutions?
![Page 11: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/11.jpg)
Don’t hire net gen?
![Page 12: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/12.jpg)
But grownups use Web 2.0 too!
![Page 13: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/13.jpg)
Ban Facebook?
![Page 14: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/14.jpg)
Tallest eruption EVER, on Jupiter’s moon Io
500 km
![Page 15: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/15.jpg)
Best Strategy is to Mitigate the Risks
![Page 16: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/16.jpg)
Offer business a secure platform
![Page 17: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/17.jpg)
Maintain control over Web 2.0
![Page 18: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/18.jpg)
Give them power with safety
![Page 19: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/19.jpg)
Maintain accountability
![Page 20: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/20.jpg)
Increase collaboration
![Page 21: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/21.jpg)
What Does a Secure Web 2.0 Platform Need?
![Page 22: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/22.jpg)
Secure authentication and authorisation
![Page 23: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/23.jpg)
Business control
• Branding• Users• Content creation• Content permissions
![Page 24: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/24.jpg)
IT control
• Internal users already known(e.g. Active Directory)
• Easy to run secure• Scalable architecture• Auditable
![Page 25: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/25.jpg)
Appropriate licensing
• Does it suit your needs?– External vs Internal access
• Does cost vary with utility?• What is the expected ROI?
![Page 26: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/26.jpg)
Collaborative tools
A Wordle from the Wikipedia page on Collaboration Platform
![Page 27: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/27.jpg)
Flexibility and extensibility
![Page 28: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/28.jpg)
So, Do YouBuild, Rent or Buy?
![Page 29: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/29.jpg)
Build
• E.g. Java, .NET• Lots of control• Lots of work• Lots of risk• Greater cost
(even if you have developers)
![Page 30: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/30.jpg)
![Page 31: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/31.jpg)
Rent (SaaS)
• E.g. Salesforce.com, NetSuite• Less risk• Much less control• Costs spread out• Hostage to service provider
![Page 32: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/32.jpg)
That sure looks like
Angus McDonald!
![Page 33: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/33.jpg)
Buy
• E.g. Community Manager.NET, SharePoint Portal Server
• Greater control• Less risk• Less cost• Work on core benefits, not infrastructure
![Page 34: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/34.jpg)
What about SharePoint?
![Page 35: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/35.jpg)
SharePoint pros
• Good for internal use• Standard site structures• Microsoft Office 2003/2007 integration
![Page 36: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/36.jpg)
SharePoint cons
• External access (licensing costs)• Branding• Content publishing• Search speed• Advanced features significantly increase
final cost
![Page 37: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/37.jpg)
What aboutCommunity Manager.NET?
![Page 38: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/38.jpg)
Highly brandable
![Page 39: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/39.jpg)
![Page 40: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/40.jpg)
External access does not change cost
![Page 41: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/41.jpg)
![Page 42: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/42.jpg)
It’s built to be secure
![Page 43: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/43.jpg)
![Page 44: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/44.jpg)
Is It Really Secure?
• Wine Selectors required PCI Compliance• Built to be secure (OWASP and PCI DSS)• Actively developed and improved• Simple to configure securely• Business user-proof• Built on .NET 3.5 and SQL Server 2005
![Page 45: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/45.jpg)
Hugely useful features out of the box
![Page 46: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/46.jpg)
![Page 47: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/47.jpg)
Some of the highlights• Document management• Forums• Wikis• Blogs• Online training• RSS Reader and publishers• Developer framework and API
![Page 48: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/48.jpg)
Great built-in search
![Page 49: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/49.jpg)
![Page 50: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/50.jpg)
Community Manager.NET is a secure platform
![Page 51: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/51.jpg)
![Page 52: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/52.jpg)
In summary
![Page 53: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/53.jpg)
If you need Web 2.0 apps
• Be aware of the security risks• Choose a mitigation strategy• Decide to Build, Rent or Buy• Talk to Elcom Technology
![Page 54: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/54.jpg)
Thank you!Angus McDonald
[email protected]://falkayn.blogspot.com
Some photos from flickr.com and sxc.hu, used with permission.
![Page 55: Elcom Web Security Seminar Presentation](https://reader035.fdocuments.net/reader035/viewer/2022062616/54994d5fb47959333e8b476c/html5/thumbnails/55.jpg)
Photo sourceshttp://flickr.com/photos/24973901@N04/2762458387/sizes/o/ http://flickr.com/photos/gee01/871748560/sizes/l/in/set-72157600952832235/http://flickr.com/photos/hryckowian/2376600916/sizes/l/http://www.flickr.com/photos/marcopako/2391747442/http://www.flickr.com/photos/lumaxart/2137737248/http://www.flickr.com/photos/dalbera/2738452057/http://sxc.hu (various)