FTS-4862

Protecting Your “Crown Jewels”: Do you have what it takes to go from start to finish?Erkang ZhengOctober 2014

© 2014 IBM Corporation

Please Note• IBM’s statements regarding its plans, directions, and intent are subject to change or

withdrawal without notice at IBM’s sole discretion.

• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.

• The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

2

Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.

The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

© Copyright IBM Corporation 2014. All rights reserved.

— U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

— Please update paragraph below for the particular product or family brand trademarks you mention such as WebSphere, DB2,Maximo, Clearcase, Lotus, etc

IBM, the IBM logo, ibm.com, [IBM Brand, if trademarked], and [IBM Product, if trademarked] are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at

•“Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml

•If you have mentioned trademarks that are not from IBM, please update and add the following lines:[Insert any special 3rd party trademark names/attributions here]

•Other company, product, or service names may be trademarks or service marks of others.

3

• Defining the “Crown Jewels” – the most critical data within your enterprise

• Recognizing threats and the cost of losing critical data

• Overcoming obstacles to effective protection of critical data

Agenda

IBM Security

Defining the “Crown Jewels” – the most critical data within your enterprise

IBM Security

• For most organizations, the most critical data – the “Crown Jewels” – amount to between 0.01% and 2.0% of total sensitive data1

• The theft, misuse or corruption of this critical data can: - cripple operations- severely damage brand reputation- dramatically reduce shareholder value

1U.S President’s 2006 Economic Report to Congress Or …. 1IBM (name/date of report or study)

Protection of your “Crown Jewels” is a strategic imperative

Crown Jewel data is usually found in the top 2 or 3 data categories

Intellectual property and other enterprise-critical data represents an estimated 70% of the value of publicly traded corporations2

The most valuable data, intellectual property (IP) and trade secrets form the heart of an organization’s identity and mission.

•Strategic product information – including new product designs, formulas and features, as well as changes, improvements and other updates to existing products

•Research and development (R&D)

•IT systems and applications, including novel processes, system architecture designs, source code and algorithms

2U.S President’s 2006 Economic Report to Congress

Tiny percentage, huge value

Recognizing threats and the cost of losing critical data

IBM Security

Your company is not a random victim. People have singled you out, have a specific interest in your critical data, and have both the desire and the means to try to take it from you.

Chances are, they can get to some of your data with relatively little effort. But they are also prepared to make multiple attempts and use a mix of sophisticated methods to penetrate your defenses.

The real threat could be inside.There is a real possibility that they will find someone inside your organization to help them.

If your security is inadequate, a successful breach may go unnoticed for months. If, and when, it is finally discovered, the odds are better than two to one that it will be by someone outside your organization.

Understanding the threat to your critical data

1

2

3

4

The threat story in numbers

25%

19%

78%

of breaches involved multiple methods of attack, indicating determination and sophistication.

Verizon 2013 Data Breach Investigations Report

of data breaches were targeted. The victim organization is specifically chosen, then the attacker(s) determines what weaknesses exist within the target that can be exploited.

were attributed to state-affiliated actors, suggesting sophisticated organizations with clear objectives and deep resources – less likely to be profiteers, more likely targeting trade secrets.

of initial intrusions were rated as “low difficulty.” The perpetrators succeeded in penetrating data defenses with routine techniques and skills.

of breaches were discovered by external parties. Mostly by unrelated third parties and fraud detection services, but also by customers, law enforcement and others – or actually disclosed by the perpetrators, themselves.

took months or more to discover, leaving management blind to damage as it was occurring.

of breaches involved multiple parties. Combined ratios for outsiders (87%), insiders (46%) and partners (1%) indicate that collusion is common.

Verizon 2013 DBIR Industry Snapshot, Intellectual Property Theft

69%

66%

34%

25%

R&D serves as a reasonable proxy for the value of trade secret theft

It is calculated that each dollar invested in R&D yields $2.90 in other economic activity during the same year and between $16.00 and $69.00 over 10 years.

1The Center for Responsible Enterprise And Trade (CREATe.org) & PricewaterhouseCoopers LLP (PwC), Economic Analysis of Trade Secret Misappropriation, 2014

The cost of lost critical data

1

22014 Cost of Data Breach Study: Global Analysis, Ponemon Institute, 2014.

Data breaches involving personally identifiable information (PII)

Breach disclosure laws subject victim organizations to public scrutiny, so their financial losses tend to be measurable – normally calculated in terms of penalties, lost sales, and declines in stock prices.

Data breaches costs2 are calculated to be as high as:

Overcoming obstacles to effective protection of critical data

IBM Security

Challenge 1: Defining your “Crown Jewels”

•Is there agreement within your organization on what constitutes “Crown Jewels”?

•How much of it is there?

•Where is it?

•Who has access to it? Applications, users?

•Who are the business owners?

•What business processes rely on it?

Making protection of critical data a top priority

Challenge 2: Reassessing your current security strategy by asking:

Making protection of critical data a top priority

• Is it too IT-centric? Sure, we have a DLP solution; but are we ignoring how critical data is actually used in the business, and by whom?

• Is it too risk-averse? Do we have a “lock-it-all-down” approach that inhibits business growth and opportunities?

• Is it too inwardly focused? What about the role of third parties, such as vendors and partners? What happens when our critical data is shared outside the enterprise?

• Are we mistaking compliance with security? Is our strategy too focused on passing audits instead of actually protecting data in a way that is comprehensive?

• Does it assume routine security implementations equate to an evolving strategy? Are we simply going through the motions with upgrades and patches, or are we continuously evaluating our strategy in the face of ever-changing threats and technologies?

• Do we simply lack a direction or starting point when it comes to critical data?

• Define Crown Jewels• Determine Data Security Objectives

The Approach: A comprehensive method for safeguarding your Crown Jewels and protecting your brand

IBM Critical Data Protection Program

• Understand Client Data Security Environment and Infrastructure• Define and Complete Data Discovery Process• Perform Data Analysis and Classify

• Establish Crown Jewels Baselines• Assess and Score Client Data Security Processes and/or Controls• Perform Gap Analysis and Develop Hypotheses

• Determine Risk Remediation Plan• Prioritize and Validate Risk Remediation Solutions• Plan, Design, and Implement

• Determine Crown Jewels Governance Metrics and Process• Enable Monitoring, Communications and Response• Establish Revalidation Criteria and Process

Delivered with structured delivery methodology

• Determine data protection objectives

• Develop data model and define “Crown Jewels”

• Obtain stakeholder consensus

• Understand data lifecycle and environment

• Identify critical data storage repositories, paths, and access

• Establish baseline requirements

• Access current controls to identify gaps and propose solutions

• Plan and prioritize technical & business process transformations, strategy & roadmap

• Prepare for detailed design & deploy of identified solutions

High level (Macro) and detail design (Micro), implementation, and monitoring of selected data protection solutions

Building a SOC and integrating CDPP into enterprise security operations / MSIEM

• Operationalize the solutions and processes defined previously

• Continuously improve to evolve and adapt to changes

DEFINE:

What are the “crown jewels”?

DISCOVER:

Where are they? How are they used?

BASELINE:

What is required to protect critical data?

SECURE:

How to plan, design, and implement protection solutions?

MONITOR:

What to consider operationally?

Consulting Approach- Data collection- Interviews &

workshops- Development of data

taxonomy - Risk evaluation &

prioritization

Strategic+Technical Assessment- Iterative tool based

discovery- Data flow mapping- Data classification- Develop initial

strategy

Gap Assessment + Strategic Planning- Requirements

gathering- Target state

definitions- Gap assessment- Roadmap and

prioritization

System Integration

For solutions identified in previous phase (e.g. DLP, Guardium, etc.), develop

- Client Environment- Solution Outline

Consulting Approach- Program charter - Functional model, org

structure, and staffing- Metrics, processes &

procedures- Governance & comm.

Service Delivery Phases

Main Objectives

Method Approach

Follow up or add-on services

Detailed architecture development such as Database Security Reference Architecture

IBM Confidential

Understanding your data is a key step towards actionable security intelligence

Advantages of IBM Critical Data Protection Program

IBM provides unmatched global coverage and security awareness

monitored countries (MSS)

service delivery experts

devices under contract+

endpoints protected+

events managed per day+

IBM Security by the Numbers

+

+

Learn more about IBM Security

Visit our websiteIBM Security WebsiteVisit our websiteIBM Security Website

Watch our videosIBM Security YouTube ChannelWatch our videosIBM Security YouTube Channel

Read new blog postsSecurityIntelligence.comRead new blog postsSecurityIntelligence.com

Follow us on Twitter@ibmsecurity Follow us on Twitter@ibmsecurity

IBM SecurityIntelligence. Integration. Expertise.

We Value Your Feedback!

• Don’t forget to submit your Insight session and speaker feedback! Your feedback is very important to us – we use it to continually improve the conference.

• Access the Insight Conference Connect tool to quickly submit your surveys from your smartphone, laptop or conference kiosk.

22

Thank You

Business Challenge The bank did not have the security skills and resources to build its first SOC

within the aggressive milestones set by their Board Wanted global protection for 16,000,000 accounts across 44 countries

Protect your critical assets

Identified and blocked

650+

suspicious incidents in the first 6 months of SOC operations

IBM Security Solution benefits Provides automated, real-time advanced analytics to evaluate 13M+ events per day

from 400K+ assets and 28K+ active log sources Provides 24x7 SOC management and incident response support at ~$2M lower cost

than in-house management

A financial services firm teams with IBM to protect its “Crown Jewels”

WIP