trust as a competitive advantage in a world of growing ......information security merchant...

Trust as a Competitive Advantage in a World of Growing Digital Threats

Dean Coclin, Darren Noy

SYMANTEC VISION 2014

The evolution of Trust – a long view….

2

Communal norms and personal contact mitigates transaction risk

Early societies Modern societies

Trust required to interact with mass society

Courts and police emerge to enforce transactions

Postmodern network societies

Trust challenged as our daily lives are enmeshed in virtual networks

Mechanisms for ensuring Trust still evolving

Trust as a Competitive Advantage


The Internet is becoming Intimate

3 Trust as a Competitive Advantage


Trustworthiness in our online world is fragile

4

Snowden and surveillance; spam and scams; high-profile data breaches: thanks to these and other cybersecurity-related headlines, European Commission vice president Neelie Kroes says that “billions” of people around the world just don’t trust the internet. And that, as we move into a world of the Internet of Things and machine-to-machine communications, is a problem. – InfoSecurity Magazine March 2014

“

“



Trust is an economic advantage

Quoted in Forbes

5

United States

46,000

Per Capita Income (USD) If you take a broad enough definition of trust, then it would explain basically all the difference between the per capita income of the United States and Somalia

– Steve Knack Senior Economist at the World Bank

“

“ 200

Somalia



Attacks are increasing, as Trust is declining



In IT, we must expand our definition of Trust

7

FROM

Secure communication

• Encryption & secure communication

• Identity & access control

End user trust

• Validation

• Reputation

• Assurance

TO



The move to online commerce continues at a rapid rate



Four Pillars of Secure Communication

9

Non-repudiation

Authentication

Integrity

Privacy

Spoofing

Modification

Proof of

parties

involved

Interception

Secure Com



New Options for Speed & Security

10

Elliptic Curve Cryptography 256-bit SSL

Perfect forward secrecy

• Stronger

• Faster

• Lighter

• Compromise of one key doesn’t affect others

• No link between server’s private key and each session key

Proven technology now available

Secure Com



New Developments in SSL Deployment

11

Secure Com

Why Implement Always On SSL?



EV certification for ecommerce

12

How do you know who you’re dealing with online?

Validation



Inspiring Trust with Positive Indicators

13

#1 Most recognized & trusted mark

on the web

Reputation



Vetting & approval of developers & their associated organizations

Verifying the integrity of an application to ensure that it hasn’t been compromised

Granting access to run or download an application based on the digital signature

What is the Value of Code Signing?

14

Code signing creates a digital "shrink-wrap" for secure distribution of code and content over the Internet. A complete signing ecosystem must ensure:

If the hash used to sign the application matches the hash on a downloaded application, the code integrity is intact

Validation



Stolen certificates create headlines!

15

Validation



Symantec Secure App Service

16

When keys need to be stored, Symantec keeps them in a military-grade data center so they’re not prone to being stolen locally

Time-tested best practice of using diverse keys to sign code

means additional security for IP and access to numerous

signing services creates versatility

High degree of control means more confidence and security – as roles change, so does access to SAS

Visibility into who has access, where each

signing event is in the process, and what is

already deployed

Secure Com

Reputation Validation



Norton Shopping Guarantee (NSG)

17

Personal Computers Tablets Phones

Assurance



$10,000 Identity Theft Protection

$1,000 Purchase Guarantee

$100 Lowest Price Guarantee

Blanket protection for 30 days as an added benefit for shopping with you. The consumer is covered no matter how their identity is compromised. Provided by: Symantec via Assurant

Reassures the buyer that you are committed to great customer service and tells the consumer that if you don’t live up to your terms of sale, Norton will make them whole. Provided by: Symantec via the merchants

This same store low price guarantee that tells the consumer, if you lower the price, Norton refunds the consumer the difference, up to $100 per purchase. Provided by: Symantec (with the ability to adjust merchant price if needed)

Information Security Merchant Reliability Price

NSG’s Value: Continue to extend the Norton brand’s protection of Internet consumers & merchants

18

Assurance



Revenue $108.0

Cost of Sales 60.5

NSG subscription 0.27

Gross Profit 47.2

Operating Expense* 36.0

Operating Profit $11.2

Operating Margin 10.4%

Revenue $100.0

Cost of Sales 56.0

NSG subscription 0.0

Gross Profit 44.0

Operating Expense* 36.0

Operating Profit $8.0

Operating Margin 8%

Acme eSales $ Millions

The NSG variable subscription business model is a clear win for online merchants

Acme eSales $ Millions

At the cost of just $270K for NSG, a $100M merchant achieves a 30x top line ROI resulting in incremental $3.2M profit due to NSG – a 40% increase

*Expense ratios derived from data on various publicly traded online merchants (retrieved 8.27.13 from Yahoo! Finance)

19

Assurance



Conclusion

20

FROM

Secure communication

• Encryption & secure communication

• Identity & access control

End user trust

• Validation

• Reputation

• Assurance

TO


Thank you!

21

YOUR FEEDBACK IS VALUABLE TO US!

Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.

To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.

https://vision2014.quickmobile.com/

https://vision2014.quickmobile.com/

trust as a competitive advantage in a world of growing ......information security merchant...

Documents