Emerging Applications and Platforms#7: Big Data Algorithms and Infrastructures
Mobile, Big Data, Social Platforms, Cloud: la Sicurezza IT ... Big Data, Social Platforms... ·...
Transcript of Mobile, Big Data, Social Platforms, Cloud: la Sicurezza IT ... Big Data, Social Platforms... ·...
Mobile, Big Data, Social Platforms, Cloud: la Sicurezza IT al centro della Terza Piattaforma
Fabio Rizzotto
Senior Research and Consulting Director, IDC Italia
Security Summit Milano 2015
2
55% delle aziende europee ha avviato
progetti di riorganizzazione IT negli ultimi
12 mesi.
50% delle aziende europee ha creato una
nuova struttura dedicata all’Innovazione.
Fonte: IDC's European IT Executive Survey, 2014 (n = 1,310)
%6According to ITPercent of Technology
Spending that is Shadow
Source: IDC Business Technology Study, May 2014 and IDC CIO Sentiment Study, January, 2014
According to Business:Percentage of technology spending that is shadow
%6 %6IAccording to IT:
Percentage of technology spending that is shadow
6
Shadow IT: What Your Clients Do Not Know Will Hurt Them
3
IT-enabled services
Transforming business processes
IT-enabled business processes
Automating business processes
IT-enabled products
Creating IT-enabled products
Dove va a finire l’Information Technology..
Degree of innovation
4
IT enabled business
processes
Digital &
IT enabled product & services
Terza PiattaformaTrasformazione guidata da…
5
Nel frattempo però...le aziende sono
esposte e gli attacchi aumentano
6
Sony Picture
Entertainment(The Interview, 40GB vs 100TB,
Guardian of Peace, North Korea?)
Infrastrutture
compromesse(Factoring Attack on Rsa-Export Keys
Vulnerability, Equation Group)
Social Arena(Snapchat/iCloud/Twitter,
beware what you share,
reputation ....)
Belgacom(Regin malware,
European Parliament,
GCHQ/NSA)
Lo scenario dei rischi emergenti
7
Governative
agency
Industrial espionage,
organized crime
Hacktivism
Common
People
Co
mp
lexit
y
of
att
acks
Frequency
of attacks
Influence-oriented
Resource-oriented
Frequency < 1/10
Frequency > 1/5
Not behind my firewall
8
Western European Organizations:
priorità di business
O R G AN I Z AT I O N A L R EST R U C T U R I N G O R M &A AC T I V I T I E S
EN ER G Y EF F I C I EN C Y / G R E E N / S U ST AI N A B I L I T Y
M U L T I C H A N N E L D EL I VE R Y ST R AT EG Y
M AR KET I N G EF F EC T I V EN E S S I M PR O V E M E N T
SU PPL Y C H AI N / P R O C U R E M E N T EF F I C I E N C Y
PR O D U C T O R SER VI C E I N N O VAT I O N
I T O R G AN I Z AT I O N C O N T R I BU T I O N T O BU SI N E S S G O AL S
C U ST O M ER C AR E EN H AN C E M EN T
R ED U C I N G O PER AT I O N A L C O ST S
SAL ES PER F O R M A N C E I M PR O V E M E N T
R EG U L AT O R Y C O M PL I A N C E
SEN SI T I V E D AT A PR O T EC T I O N
WESTERN EUROPE BUSINESS PRIORITIES
9
Could you rate the following business initiatives in terms of how much they are leading your company's business agenda for the
next 12 months? (1 = "not at all important" and 5 = "most important")?
Consumerization of IT and IT-ification of
Consumers
MobilityCloud Computing
ENTERPRISE CONSUMER/
EMPLOYEE BLENDED
Create Many Types of
Content on Many Devices
10
Cloud: una realtà già consolidata
L’80% delle aziende mondiali ritiene che trasformerà nei prossimi 5
anni almeno il 50% del proprio ambiente infrastrutturale e applicativo in
un modello “Cloud”
Secondo l’IDC European CloudTrack Survey, il 97% delle aziende
europee è coinvolto a vari livelli nel Cloud (dalla fase esplorativa fino a
adozione di modelli Public, Private o Ibrida)
Secondo recenti indagini IDC Italia, il 40% delle aziende italiane
utilizza già servizi Cloud
Circa il 40% delle aziende è interessata a fare “bundling” di soluzioni
Saas con altri servizi Cloud
Utilizzando Servizi Cloud, il 39% delle aziende ha incrementato il
fatturato grazie a una più rapida ed efficace creazione di prodotti e
servizi innovativi
11
..ma ci sono sfide legate alle Sicurezza
50% 55% 60% 65%
Localizzazione dei dati
Data privacy/gestionecompliance
Disponibilità dei servizi Cloud
Gestione identità e accesso
Perdita/sottrazione dei dati
12
Fonte: IDC's 2014 European Software Survey, n = 1,309
Principali sfide relative alla Sicurezza degli ambienti Cloud
IT Security Concerns in Italia:
Necessità di espandere le risorse
13
0.0% 10.0% 20.0% 30.0%
I N SU F F I C I E N Z A D EL BU D G ET D ED I C AT O AL L A S I C U R EZ Z A I T
M AN C AN Z A D I C O N F O R M I T À D E I D I PEN D E N T I AL L E PO L I C Y SU L L A S I C U R E Z Z A
M AN C AN Z A D I U N A ST R AT EG I A D EL L A S I C U R EZ Z A E D I PO L I C Y AD EG U AT E
PR ESS I O N E C R ESC EN T E D I AT T AC C H I SEM PR E P I Ù SO F I ST I C AT I
I N AD EG U AT EZ Z A E R API D A O BSO L E S C EN Z A D EL L E SO L U Z I O N I D I I T SEC U R I T Y
D I F F I C O L T À N EL G AR AN T I R E AL L A S I C U R EZ Z A U N SU PPO R T O 2 4 X 7
C AR EN Z A D I PER SO N A L E Q U AL I F I C AT O SU I T EM A D EL L A S I C U R EZ Z A I T
PR ESS I O N E C R ESC EN T E D EL R EG O L AT O R E PU BBL I C O
QUALI SONO LE PRINCIPALI CRITICITÀ DI SICUREZZA IT DELLA SUA AZIENDA?
(IDC Italy, 2015, n=110, Mid-large Enterprise)
IT Security: ancora pochi investimenti
in «next generation» solutions
14
0.0% 10.0% 20.0% 30.0% 40.0%
BUSI NESS CO NT INUITY & D I SASTER RECO VERY
ST RUMENTI D I S I CUREZZA T RADIZ IONALE
SERVI Z I D I S I CUREZZA I NT ELL IGENTE
SERVI Z I D I S I CUREZZA G EST IT I
PRIORITÀ DI INVESTIMENTO NEL 2016
(IDC Italy, 2015, n=110, Mid-large Enterprise)
Cloud Mobile Social NetworksBig Data (Threat
Intelligence)
Early detection & mitigation of targeted, unknown attacks.
Granular logging and policy enforcement of internal and external regulations.
Predictive Privileged Access
Management,
Federated Identity,
Multi-factor
Authentication,
Data Protection, &
Vulnerability
Assessment
Strong
Authentication,
Data Protection,
Web/Messaging
SaaS, & SSO
Data Loss
prevention with
data protection,
global regulatory
policy monitoring,
& real-time policy
enforcement &
education
Raw & analyzed
threat feeds from
multiple sources
integrated with
management
consoles
Proactive VPN, Single Sign-
On, Encryption, &
Strong Passwords
Mobile Device
Management
Keyword-based
monitoring &
logging
Network
monitoring and
SIEM
Reactive Access control Device Password Acceptable Use
Policy
Signature-based
detection
Securing IT’s Four Pillars
15
16
The rise of Security Market
Managed
Business Innovation
Effective partnership between business and IT around 3rd Platform implementations allows organization to outpace competitors through the use of 3rd Platform
Opportunistic
2nd Platform IT
Uncoordinated efforts between business and IT around 3rd Platform implementations; limited progress toward 3rd Platform adoption
Ad Hoc
Core IT
No effort between business and IT to coordinate or incorporate 3rd Platform technology
Repeatable
3rd Platform IT
Coordinated efforts between business and IT around 3rd Platform implementation allow organization to keep pace with peers in 3rd Platform adoption
Optimized
Business Transformation
Highly orchestrated interaction between business and IT around 3rd Platform implementations, enabling a world-class organization with lasting competitive advantage driven by 3rd Platform transformation and an organization that has embraced it.
15%
BusinessInnovation
6%Core IT
4%Business
Transformation
Quale è il vostro stadio di IT Transformation?
17
67% of organizations are operating at a2nd Platform IT or 3rd Platform IT transformational stage
40%
2nd PlatformIT
27%
3rd PlatformIT
n = 156 Source: IDC's Enterprise IT Transformation MaturityScape Benchmark Study, August, 2014
Traditional
Security
approach
Next Generation
Security approach
Il mondo corre veloce...verso nuovi (eco)sistemi
Fantasia o realtà?
Disegno un nuovo prodotto grazie a
processi di engagement su canali social,
costruisco strategie di marketing e vendita
con la correlazione di dati da fonte diverse,
realizzo il prodotto con stampanti 3D,
consegno tramite droni, consento mobile
payment, faccio formazione e assistenza
tramite realtà aumentata..18
…e l’evoluzione sarà sempre più rapida
19
Realizzare oggetti fisici partendo da progetti
digitali
Connettere in modo più
semplice e potente le
persone e la 3rd Platform
attraverso voce, immagini,
movimenti touch e altro
Iper connessione di auto,
palazzi, case, attrezzature
industriali, wearables
strumentazione medica
Sistemi che osservano, imparano, analizzano, offrono suggerimenti e
creano nuove idee
Trasformare la conoscenza
del mondo digitale in azioni
nel mondo fisico attraverso
robots, self-driving car,
droni, nanobot
Una nuova generazione
di tecnologie e
soluzioni di sicurezza,
disegnate per tenere il
passo con l'espansione
della 3rd Platform
Next Generation Security: Accelerates
or Obstructs Innovation?
• IoT-based robotics & drones
connected to cloud, mobile,
and social
• Natural Interfaces driven by
biometrics in mobile
• 3D Printing compliance
controlled from the cloud
• Cognitive systems and
analytics bolster predictive
analysis & threat intelligence20
Perché abbiamo bisogno di una nuova
sicurezza IT
21
• 3rd Platform focus on
User Experience (UX) vs.
cost vs. shared risk
across multiple platforms
• 2nd Platform focused on
risk and cost across PCs
and servers
• 1st Platform focused on
risk-based access on
centralized servers and
terminals
Security is Always an Elastic
Compromise
22
Mobile
3rdPlatform Security Dynamics:
Cloud and Mobile
3rdPlatform Dynamics: Cost Savings Outweighing Risk
3rd Platform Dynamics: User
Experience (UX) Trumps Cost, but
Risk is a Sharply Rising Concern
23
Risk
UX
Cost
IoT
24
Risk
UXCost
3rd Platform Dynamics: User Experience is Paramount, but Awareness of Risk is Growing.
3rd Platform Dynamics: Risk is Critical and Defined by Safety of Personnel and Reliability of Operations.
Social
Risk
UX
Cost
3rdPlatform Security Dynamics:
Social and IoT
25
IDC FutureScape
Perspective on Security
IDC’s CIO AgendaTop 10 Decision Imperatives on IT Security
OR
GA
NIZ
ATI
ON
AL
IMP
AC
T
TIME (MONTHS) TO MAINSTREAMNote: The size of the bubble indicates
complexity/cost to address. Source: IDC, 2014
A s
ingl
e d
epar
tmen
to
r a
bu
sin
ess
un
it
Mu
ltip
le
dep
artm
ents
o
r b
usi
nes
s u
nit
sC
om
pan
ywid
e
0-12 12-24 24+
6
7
4
10
Legend:
1. Risk-based budgeting
2. Biometric ID
3. Threat Intelligence
4. Data Encryption
5. Security SaaS
6. User Management
7. Hardening Endpoints
8. Security as a feature
9. Software Security
10. Executive Visibility
3
5
1
9
8
2
26
Chi è responsabile della sicurezza IT?
Dipartimento IT generale ≈ 60%
Gruppo Sicurezza ≈ 30%
Serviziogestito≈ 10%
Competenze sempre più sofisticate
27
New Skills
Advanced Skills
Basic Skills
• Malware analysis
• Data mining & analysis
• Machine learning
• Project mgmt
• Security Standard Implementation
• Hacking Practices
• Network Administration
• Scripting/ programming
• Software Vulnerabilities
Data Privacy, Compliance, Regulations
28
New (draft) regulations, cornerstones
In attesa della nuova
EU Data Protection Regulation
Sanctions
Right to erasure
Data Protection Officer
Profiling
Explicit consent
Data transfers to non-EU countries
Have CISO's Been Invited to the
(Board) Table?
Frequency of interactions with
their respective boards of
directors
IDC found that 42% of
CISOs were reporting to
their company's board of
directors on a quarterly
basis
On the other hand, there
are still 12% of
organizations in which the
CISO has never
addressed its board
How the frequency level has
changed over past years
62% of security
executives surveyed
believe that the frequency
of communications has
increased and the impact
has been positive
11% of CISOs responded
that the impact was
positive though the
frequency did not change
29Source: IDC's State of the "C" in CISO Survey, 2015
Incident notification and disclosure:
CISO vs Board
Have you ever had to notify senior
management of a breach?
30
Have you ever disagreed with senior
management about the need to
disclose a breach?
Yes
78%
NO
22%
Source: IDC's State of the "C" in CISO Survey, 2015
Yes
45%
NO
55%
Conclusioni
Web / Internet: da nuova frontiera a strumento di controllo
L’industria e l’ecosistema del cybercrime sono più sofisticati,
potenti e collaborativi della maggior parte di imprese e istituzioni
Regulations necessarie, ma non sufficienti
Aumentare il livello di attenzione nelle organizzazioni (verso l’alto
e orizzontalmente) con adeguata preparazione ma senza rigidità
Predictive Security è necessaria, il Cloud può dare una mano
Approcciare la Sicurezza nei futuri scenari economici richiederà
bilanciamento tra molteplici fattori (improving user experience,
reducing risk, lowering costs, etc..)
31
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 32
Fabio Rizzotto
Senior Research and
Consulting Director
IDC Italia