securing the digital enterprise
DESCRIPTION
Abstract: Digital technologies have made customers powerful, giving them the option to choose and the means to instantaneously spread their opinions widely. They have become demanding, and they change brands without a blink if their experience with the product or service isn’t what they expect. Brand loyalty, therefore, has taken a backseat and customer experience has emerged supreme. In an IBM survey, 95% of CEOs said enhancing customer experience was top priority for them. Security forms a core foundation for enhancing customer experience! Typically security has been inward looking focusing more on technology vulnerabilities and less on securing business objectives. Securing the digital enterprise entails looking outside-in, to protect customer experience its strategic objective. Also, internally the digital enterprise needs assurance against vulnerabilities introduced by digital technologies like cloud, IoT etc. Bio: Mohan is an acknowledged expert and thought leader in information security. He was the Snr VP and Global CISO at Bharti Airtel, where he had also held charge as the company’s Chief Architect and CIO for its Bangladesh and Sri Lankan operations. Prior to his stint in Bharti, he was an advisor at a Big-4 consultancy, CEO of a security company he helped start, and the Director of the Indian Navy’s Information Technology, where he was awarded the Vishist Seva Medal by the President of India for innovative work in information security. He has also been a member of several national and international committees on security, including the National Task Force on information security, DOT Joint Working Group on Telecom Security, Indo-US Cyber Security Forum, IBM Security Board of Advisors, RSA Security for Business Innovation Council, and has been chairperson of the CII National Committee on data security among others. For his contribution to the information security practice he has also been awarded the DSCI Security Leader Award, CSO Forum Security Visionary Award, and the RSA Security Strategist Award.TRANSCRIPT
![Page 1: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/1.jpg)
Securing the Digital enterprise Felix Mohan Chief Knowledge Officer
09 Sept 2014 CERC@IIIT-‐D
![Page 2: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/2.jpg)
Security Controls
Agenda : Securing the Digital enterprise
Technology & Digital Enterprise
Customer Experience
![Page 3: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/3.jpg)
![Page 4: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/4.jpg)
LOWER OPERATING COST BETTER CUSTOMER EXPERIENCE
![Page 5: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/5.jpg)
![Page 6: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/6.jpg)
3D prinUng revoluUonizing supply chains
Manufacturer Distributors Retailers Customers
Manufacturer Distributors Retailers Customers
Print part using their 3D printer
Print part using their 3D printer
Manufacturer Distributors Retailers Customers
Print part using personal 3D printer
Manufacturer Distributors Retailers Customers
InformaUon flow Physical part flow
LOWER OPERATING COST BETTER CUSTOMER EXPERIENCE
![Page 7: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/7.jpg)
TransformaUon of the Digital Enterprise
2005 2012
1% 28% 12% 41% 22%
Objec,v
es Value
Power
![Page 8: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/8.jpg)
Delivering great Customer Experience
• Customer Experience is the manifestaUon of value
• OrganizaUons don’t sell products or services. They sell experiences. Forrester • Customers buy experiences that are embedded in products. Gartner
• 95% of CEOs stated that ‘Delivering great Customer Experience’ was the Top priority for realizing their strategy in the next 5 years. IBM CEO Survey
• Digital technologies have made customers powerful. And they are demanding good experience!
• Customers have low brand loyalty or sUckiness.
• They can quickly change product or vendor if not saUsfied • Less than 25% of retail purchases in US were due to brand loyalty. EY Survey, 2013
• They can spread their bad experience in their social network affecUng company reputaUon badly
![Page 9: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/9.jpg)
Customer Power
Empowered customers can ,p the balance of power in contemporary buyer / seller rela,ons.
So what are organizaUons doing about all this?
![Page 10: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/10.jpg)
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
The Customer Experience Pyramid
Loyalty & SUckiness
![Page 11: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/11.jpg)
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
Enhancing Customer Loyalty
• quanUty of personal data collected is spiraling rapidly • big data correlaUons are creaUng addiUonal privacy issues
Customer’s demographic
data
Social media
interacUons
TransacUon data
Online acUviUes
Real-‐ Ume Contextual data
AnalyUcs
Insights
Customized Offerings
![Page 12: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/12.jpg)
The Customer Experience Pyramid
Privacy
• Privacy has emerged the Number 1 concern for digital businesses overtaking security • Privacy concern both amongst regulators and customers – leading to major regulatory enactments
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 13: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/13.jpg)
Proposed Regulatory Environment
Seeks to mandate: 1. Data privacy impact assessments
2. Privacy by design 3. Privacy by default (i.e. Data minimizaUon at the level of applicaUon) 4. Data portability (i.e. Enabling right to withdraw consent) 5. Right to be forgolen 6. Rights against being profiled
![Page 14: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/14.jpg)
OrganizaUons’ Privacy Bind
CollecUng data for enhancing Customer Experience
Impending storm in the regulatory environment
OrganizaUons
Need for balancing Commercial acUvity with Privacy concerns
PosiUve Sum – Not Zero Sum
![Page 15: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/15.jpg)
Balancing Privacy and Commercial Viability
Full Privacy
Full Economic Value
PrivAd AdnosUc RePriv
PrivAd : Online adverUsing system designed to be more private than exisUng system. Uses proxy to hide customer IP addresses.
AdnosUc: Developed by Stanford and NYU
Behavioral profiling and targeUng takes place in the user’s browser and not in the adverUsing network’s servers. Based on profile AdnosUc downloads a set of adverUsements from the ad network and serves the most appropriate one as per the profile.
RePriv: Developed by Microsop Research
System’s plugin located in the browser discovers user’s interests and shares them with 3rd parUes but only aper explicit permission of user.
![Page 16: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/16.jpg)
The Customer Experience Pyramid
Privacy
Business CRM strategies seek to use the customer insights for other purposes also.
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
• Improve product/service quality • Capture customer senUment • Increase up selling opportuniUes • Trigger new product/service innovaUon
![Page 17: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/17.jpg)
MoneUzing Customer Data
By 2016, 30% of businesses will have begun directly or indirectly moneUzing their customer informaUon assets via bartering or selling them outright.
Gartner, March 2014
![Page 18: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/18.jpg)
The Customer Experience Pyramid
Privacy ReputaUonal Damage/ExtorUons
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 19: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/19.jpg)
ReputaUonal Damage
80% of the value of a business is its reputaUon. ReputaUon is a top concern of the CEO.
• Social media acUvity that can severely damage an organizaUon’s reputaUon. • The harm can potenUally be carried out by:
• Customers / Individuals -‐ giving vent to their feelings
• NGOs like Greenpeace -‐ pushing for corporate social responsibility
• Cyber criminals -‐ launching cyber extorUon
![Page 20: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/20.jpg)
![Page 21: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/21.jpg)
ReputaUonal Damage
80% of the value of a business is its reputaUon. ReputaUon is a top concern of the CEO.
• Social media acUvity that can severely damage an organizaUon’s reputaUon. • The harm can potenUally be carried out by:
• Customers / Individuals -‐ giving vent to their feelings
• NGOs like Greenpeace -‐ pushing for corporate social responsibility
• Cyber criminals -‐ launching cyber extorUon
![Page 22: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/22.jpg)
The Customer Experience Pyramid
Privacy ReputaUonal Damage/ExtorUons
Omni-‐channel Experience
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 23: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/23.jpg)
Omni-‐channel Experience
Good customer experience demands fricUonless engagement across every channel and every screen
• Federated IdenUty Management & SSO • Social IdenUUes • Centralized Opt-‐in & Opt-‐out • Context-‐based AuthenUcaUon • IntegraUon with SIEM
Security controls
![Page 24: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/24.jpg)
The Customer Experience Pyramid
Privacy ReputaUonal Damage/ExtorUons
Omni-‐channel Experience
Business model security vulnerabiliUes
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 25: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/25.jpg)
Business Model Security VulnerabiliUes
Digital business is the creaUon of new business designs by blurring the digital and physical worlds. -‐ Gartner
• Two major Vulnerabili,es:
• Impact of applica,on development “velocity” on tes,ng & security • Vulnerabili,es caused when “things” are connected
![Page 26: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/26.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 27: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/27.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 28: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/28.jpg)
IdenUty & Access Management
IdenUty FederaUon is becoming the heart of the Digital enterprise.
Technologies: SAML 2.0; Oauth 2.0; OpenID Connect
IdenUty Management
Support for Social IdenUUes & Third party credenUals
Context-‐based AuthenUcaUon
Emergence of Mandatory Access Control (MAC)
![Page 29: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/29.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 30: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/30.jpg)
API Layer & Security
APIs are the core engines of the Digital Era. The digital economy is an API-‐driven economy.
• IdenUty management • AuthenUcaUon using API Keys, Oauth 2.0, SAML 2.0 • AuthorizaUon using OAuth 2.0 • RBAC
• Traffic Control • TLS • DoS miUgaUon & Rate LimiUng
• Malware/Hacking • XML poisoning, JSON injecUon, SQL injecUon, quota/spike arrest
• Logging & integraUon with SIEM
• AnalyUcs • User acUvity intelligence
Security controls
![Page 31: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/31.jpg)
Mobile API Layer Security
• IdenUty management • AuthenUcaUon using API Keys, Oauth 2.0, SAML 2.0 • AuthorizaUon using OAuth 2.0 • RBAC
• Traffic Control • TLS • DoS miUgaUon & Rate LimiUng
• Malware/Hacking • XML poisoning, JSON injecUon, SQL injecUon, quota/spike arrest
• Logging & integraUon with SIEM
• AnalyUcs • User acUvity intelligence
API Security controls
![Page 32: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/32.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 33: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/33.jpg)
Data Governance
Emergence of the Data Plavorm
Access controls
API controls
IdenUty controls
![Page 34: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/34.jpg)
Data Governance
Security Tools
• MulUple data security tools • SIEM, Content-‐aware DLP, Database Audit & ProtecUon (DAP), Data Access
Governance (DAG), Fraud prevenUon, Data masking, EncrypUon and IAM • No exisUng tool that can protect across all data silos
• Data-‐centric Audit & ProtecUon (DCAP) • This is a new category of data security tool that is emerging which can work across data silos
Assessment Ac,vity Monitoring Protec,on
1 . Data Security Policy 4. Privileged User Monitoring and AudiUng
7. Vulnerability and ConfiguraUon Management
2. Data Discovery and ClassificaUon
5. ApplicaUon User Monitoring and AudiUng
8. PrevenUon & Blocking of Alacks
3. Assessment of Users and Permissions
6. Event CollecUon Analysis and ReporUng
9. EncrypUon, TokenizaUon and Data Masking
• The DCAP typically would have following capabiliUes across data silos:
Data-‐centric Audit & ProtecUon (DCAP) tool
![Page 35: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/35.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 36: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/36.jpg)
Privacy Management
Privacy is emerging as the “biggest” concern in the Digital Business era.
“Finding the right balance between Privacy Risks & Big Data rewards may very well be the biggest policy challenge of our ,me” -‐ Stanford Law Research
• Managing Privacy starts by understanding the difference between Privacy and Security
![Page 37: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/37.jpg)
Privacy-‐focused technologies: • Data masking -‐ staUc, dynamic, redacUon • TokenizaUon • Format Preserving EncrypUon (FPE) • AnonymizaUon • Privacy Enhancing Technologies (PET)
StaUc Data Masking: Masks non-‐producUon database not in real Ume Dynamic Data Masking: Masks producUon data in real Ume Data RedacUon: Masks unstructured content such as PDF & word files
Privacy Controls -‐ OrganizaUonal & Technical
Technical controls Organiza,onal controls (Non-‐technical)
Internal controls (AdministraUve & physical
processes)
External controls (Contractual & legal
processes)
• Policies • Accountability • Data access & usage • Employee training • Data segregaUon • Data retenUon & deleUon • Physical safeguards
• Contractual terms to restrict how partners share & use data • SLA liabiliUes • AudiUng rights
Security-‐focused technologies: • FW, IPS • DLP, DRM, DAM • IAM • EncrypUon • SSL
Technical controls
![Page 38: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/38.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 39: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/39.jpg)
• Data -‐ confidenUality, ownership, remanence • Audit • Legal / Regulatory -‐ Privacy, jurisdicUon • Business conUnuity -‐ Dependence on provider, migraUon complexity
• Unmanaged & insecure user devices • Loss / leakage of sensiUve enterprise data • Unauthorized access to enterprise applicaUons • Device support / management complexity • Unsecured / rogue marketplaces
• Leakage of sensiUve enterprise data • Avenue for malware • Targeted spear-‐phishing alacks on employees (APT ingress)
• Privacy & compliance • Unauthorized access/queries • Leakage of data / intelligence • Veracity of input data
SMACI Concerns
![Page 40: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/40.jpg)
![Page 41: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/41.jpg)
![Page 42: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/42.jpg)
![Page 43: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/43.jpg)
![Page 44: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/44.jpg)
![Page 45: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/45.jpg)
IoT VulnerabiliUes
• Things cause privacy issues
• Things can be easily hacked
• Things can be physically stolen
• Denial of service alacks / jamming alacks can be launched on Things
• Man-‐in-‐middle alacks easy
• Rogue things can be inserted
![Page 46: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/46.jpg)
IoT Security Architecture
IoT Security Protocols
IoT Security Framework
![Page 47: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/47.jpg)
EU effort to define IoT Security
Mission: “To holisUcally embed effecUve and efficient security and privacy mechanisms into IoT devices and the protocols and services they uUlise”
![Page 48: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/48.jpg)
IoT Security Protocols
t
Eclipse M2M Industry Working Group
![Page 49: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/49.jpg)
t
March 2013
![Page 50: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/50.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 51: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/51.jpg)
Enterprise Security TransformaUon
• Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response”
• Enterprises are implemenUng: • Security Intelligence • Context-‐based and adapUve security
2. Security approach is shiVing from “Technical controls “to “Behaviourial controls”
• Enterprises are adopUng: • People-‐centric security (PCS)
![Page 52: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/52.jpg)
UJ
Network
IAM
End Point
Database Applica,on
• IdenUty manager • FIM • ESSO • privileged ID management • MOTP • AD • ID intelligence
• Routers • Switches • VPN
• End Point ProtecUon • AV, WhitelisUng • VA Scanner • MDM
Perimeter
• IPS • FW • Proxy
• DAM • Oracle • Data mask
Content Advanced Threats
• FireEye, Dambala etc
• EncrypUon • DLP • DRM • URL filter • Mail GW
• DAST & SAST • WAF Systems
• Unix • Windows • Linux
SOA
• WAF • Federated IM • SOA registry security • Policy manager
• Higher accuracy of vulnerability detec,on
• BeZer protec,on from advanced aZacks
• Quicker response People
Data
Applica,ons
Infrastructure
Security Intelligence – Technology InteracUon
![Page 53: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/53.jpg)
Events/Logs • monitoring
• privileged ac,vity • user ac,vity • database ac,vity • performance • transac,on • applica,on
• data/informa,on • sensor data • vulnerability info • configura,on info • change management • content-‐related data • IAM data • web log data • router, switch data
Security Informa@on
Network Flows • NW telemetry data • DPI for layer-‐7 visibility • classifica,on of applica,ons & protocols • behaviour analysis • anomaly informa,on
Contextual assessments
• BeZer risk management
• Priori,za,on of risks into ac,onable items
Context Contextual Informa@on
• Environmental • external threat info • loca,on, ,me, etc
• Process • customer facing, revenue producing
• Content • sensi,vity of content, reputa,on of email
• Iden,ty • strength of authen,ca,on, role, group, trnx amt limit
• Applica,on • business cri,cality of app, known vulnerabili,es
• System & OS • asset cri,cality, patch level, known vulnerabili,es, CMDB
• End user Device • health -‐ owner, IP address reputa,on
• Compliance • Privacy, RA GW
Internal
External
Security Intelligence – InformaUon IntegraUon
![Page 54: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/54.jpg)
1. Risk Management 2. Fraud Management
4. Advanced Threat prevenUon 3. Regulatory Compliance
Events Flows
Context infusion
Security Devices Network Devices Assets & Systems
SIEM (aggregaUon, correlaUon, data repository, query)
GRC plaaorm
Big Data plaaorm
• IAM • End point security • Perimeter security • SOA • etc
• App security • Advanced threat • Database sec • etc
• Routers • Switches • Load balancers • etc
Security Intelligence Layer
• Servers • Devices • OS • Middleware • etc
Technology interac,on
Security Intelligence – Framework
![Page 55: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/55.jpg)
Enterprise Security TransformaUon
• Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response”
• Enterprises are implemenUng: • Security Intelligence • Context-‐based and adap,ve security
2. Security approach is shiVing from “Technical controls “to “Behaviourial controls”
• Enterprises are adopUng: • People-‐centric security (PCS)
![Page 56: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/56.jpg)
Legacy security policies are binary and staUc yes/no decisions that has been defined in advance
Context-‐based Security
![Page 57: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/57.jpg)
Enterprise Security TransformaUon
• Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response”
• Enterprises are implemenUng: • Security Intelligence • Context-‐based and adapUve security
2. Security approach is shiVing from “Technical controls “to “Behaviourial controls”
• Enterprises are adopUng: • People-‐centric security (PCS)
![Page 58: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/58.jpg)
PCS represents a major departure from convenUonal security strategies, but reflects the reality that current security approaches are insufficient
– Gartner 2013
People Centric Security (PCS)
![Page 59: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/59.jpg)
Enterprise Security Infrastructure
EmoUonal Fulfillment
Ease of use/engagement & features
Value & Quality
![Page 60: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/60.jpg)
Security Governance
![Page 61: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/61.jpg)
Emergence of the Digital risk Officer (DRO)
By 2017, one-‐third of large enterprises engaging in digital business will have a digital risk officer.
The DRO will report to a senior execuUve role outside IT, such as the chief digital officer or the chief operaUng officer.
They will manage risk at an execuUve level across digital business units, working directly with peers in legal, privacy, compliance, digital markeUng, digital sales and digital operaUons.
The DRO and CISO are separate roles. Many CISOs will evolve into DROs. However, if they don’t upgrade their skills they will report to the DRO.
Gartner, June 2014
![Page 62: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/62.jpg)
Security Skills for the Digital Business Era
![Page 63: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/63.jpg)
Con c l u s i o n
• Today every business is a Digital Business – business that do not understand this become irrelevant
• Delivering great Customer experiences is the strategic focus
• VulnerabiliUes related directly to delivering customer experiences must be addressed • manage privacy & reputaUonal damage • enable secure omi-‐channel engagement • manage the inherent vulnerabiliUes that velocity driven business designs open • miUgate the threats and vulnerabiliUes related to Internet of Things and OT
• And this must be backed up by a comprehensive and layered enterprise security capability
![Page 64: Securing the Digital Enterprise](https://reader033.vdocuments.net/reader033/viewer/2022051817/547a76c3b4795977098b49e5/html5/thumbnails/64.jpg)
Thank You
Infosec thought leadership