© 2012 IBM Corporation
창조적 경제를 위한 글로벌 SW/IT Tech. 이해와 접근 전략
2013.10.08
한국 IBM GTS 김용덕
- 2 -
Retail Industry Landscape 본 세션이 끝나면 여러분들은
1. 글로벌시장에서 SW/ IT기술에 대핚 Needs 와 배경에 대핚 이해
2. 글로벌 기업의 SW/IT 기술에 대핚 방향성에 대핚 이해
3. Risk, 이슈와 글로벌 기업의 전략적 방향성에 대핚 이해
4. 창조적 경제에 관렦된 영역,의견, 접근 방법에 대핚 실마리를 찾는다
- 3 -
1. 시장의 변화 > 배경(2/3)
Smart Develop. / Work
New Intelligence
어떻게 하면 새로운 비즈니스와 프로세스를 빠른 시간에 launching
하고, 사람들이 구입하고, 일하는
방법을 보다 효율적, 효과적으로 할 수
있을까?
어떻게 하면 의미 있는 정보를 확보하고,
의사결정하고, 홗용할 수 있는가?
“Data is exploding
and it’s in silos”
“New business &
process demands”
I need insight I need to work
smart
Dynamic / On
Demand
Infrastructure
어떻게 하면 비용적 부분을 줄이고, 효율은 극대화 할 수 있는가?
“We need to do more
with less”
I need to save
money
참고: 빅 데이터 경영을 바꾸다. "데이타를 얻는 능력, 즉 데이타를 이해하는 능력, 처리하는 능력, 가치를 뽑아내는 능력, 시각화하는 능력, 전달하는 능력이야 말로 앞으로 10년갂 엄청나가 중요핚 능력이 될 것이다. - 핛 배리언, 구글 수석 경제학자.
- 4 -
Retail Industry Landscape 1. 시장의 변화 > 배경(1/3)
Market forces are impacting the landscape of Enterprise around the world, requiring the transformation of industry business models
STOP
What are the duplicated
or non-value added
activities you can stop
doing?
SKILLS
How can functional
silos be reduced?
ORGANIZATION
How can the people in
the process best be
organized to deliver the
output?
Operation
How & what you do
COLLABORATION &
INTEGRATION
How can trading
partners be integrated
into the process?
BUSINESS
INTELLIGENCE
(DATA & INFO FLOW)
How can the movement
and handling of data be
reduced?
HOW WE USE THE
DATA
How can the quality
of information be
captured and assured
at source?
PERFORMANCE
INSIGHT & VISIBILITY
How can process
performance be made
visible?
Dynamic / On Demand
How to use
economic way?
AUTOMATION
How can automation be
used to improve
process effectiveness?
Smart Develop. / Work
New Intelligence
Dynamic / On
Demand
Infrastructure
Dynamic / On
Demand
Infrastructure
Smart Develop. / Work
- 5 -
1. 시장의 변화 > 배경(3/3) – 구체적인 Data
Technology is the leading force for impacting business
% of CEOs using Social to Connect with Customers1
90% of mobile users keep their device within arm’s reach 100% of the time2
8 zettabytes of digital content
created by 20153
1. Technology factors
2. People skills
3. Market factors
4. Macro-economic factors
5. Regulatory concerns
6. Globalization
Factors impacting organizations:
1
Source: IBM CEO Study 2012
New systems of
engagement are
driving new
requirements
12012 IBM CEO Study 2IBM Forum 2012, Smarter Commerce Prague 3IDC, IDC Predictions 2012: Competing for 2020, Doc #231720, December 2011
Cloud computing
Social and mobile communications
Analytics and ―big data‖
- 6 -
New Intelligence The characteristics of big data
Collectively Analyzing the broadening
Variety
Responding to the
increasing Velocity
Cost efficiently processing the
growing Volume
Establishing the
Veracity of big data sources
30 Billion RFID sensors and counting
1 in 3 business leaders don’t trust the information they use to make decisions
50x 35 ZB
2020
80% of the worlds data is unstructured
2010
1. 시장의 변화 > New Intelligence
- 7 -
New Intelligence The characteristics of big data 1. 시장의 변화 > New Intelligence
2009
800,000 petabytes
2020
35 zetabytes as much Data and Content
Over Coming Decade
44x Business leaders frequently make decisions based on information they don’t trust, or don’t have
1 in 3
83% of CIOs cited ―Business intelligence and analytics‖ as part of their visionary plans to enhance competitiveness
Business leaders say they don’t have access to the information they need to do their jobs
1 in 2
of CEOs need to do a better job capturing and understanding information rapidly in order to make swift business decisions
60%
… And Organizations
Need Deeper Insights
Of world’s data is unstructured
80%
Big Data is at the Center Of a New Wave of Opportunity…
- 8 -
• Availability of deep mobility skills and experience in market to implement and
maintain robust and integrated mobility solutions
• Ability and willingness of organizations to pay for mobile skills development
• Geographic reach of service providers to serve an organization’s locations
• Infrastructure complexity from multiple device platforms
• Unique mobile requirements for employees/workers
• Extending data, voice and video applications to mobile devices
• Integrating across wireline/wireless LAN platforms
• “Consumerization of IT” forcing CIOs to have BYOD policy and plan; provide
employee device choice
• Anytime, anywhere, any device access now standard
• Social business interactions are increasingly important
All of these workplace shifts are forcing IT to confront new issues in their
mobile infrastructures and in the way they deliver services
Business and IT
change
Complexity and
integration
Business
and IT
Change
Complexity
and
Integration
Source: The New Workplace CIO Study, IBM Market Insights,
The Mobile
Skills Gap
Smart Develop. / Work 1. 시장의 변화 > Smart
- 9 -
Smart Develop. / Work New
Intelligence
Dynamic / On
Demand
Infrastructure 1. 시장의 변화 > Dynamic / On Demand Infrastructure
Evolve existing
infrastructure to Cloud
Accelerate
adoption with integrated systems
Immediate
access to a managed
platform with flexible cost
Common Cloud platform built on an open standards reference model
Private Clouds Hybrid Public Clouds
Flexible business service delivery and consumption models
Access 60+
public cloud
SaaS solutions
Requires flexibility in how organizations build and deploy cloud
services, enabled by open standards and integrated security
- 10 -
1 Organize Information
2 Gain Insight 3 Optimize Interaction
Capture and Notice
Analyze and Derive
Influence and Drive
Customer
Engage customers in insightful conversations
Provide consistent, cross-channel experience
Capture every customer interaction
Market and sell based on customer events
Lower operational expenses…
and at the same time
Using New IT tech.
※: IBM GTS Research Finance Industry, 2012
1. 시장의 변화 > 요약(1/2)
- 11 -
In Mobile era, customer’s reaction more than fast ever before.
Of users list ―urgency‖ as
their reason for using mobile
to access information2 89%
Urgency
Salesforce.com
traffic from mobile
devices1 60%
1. Beware Of Mobile's Unintended Consequences (Part 1)Posted by Ted Schadler on 2/23/12
3. The Mobile Movement Study, Google/Ipsos OTX.Media CT, April 2011
Customer’s Reaction time difference
Information
Interaction
Service
Hours
We
b e
ra
Information
Interaction
Service
Days
Pre
-we
b e
ra
Instant
Continuous
Collaborative M
ob
ile
Era
Information
Interaction
Service
1. 시장의 변화 > 요약(2/2)
- 12 -
77% of firms feel cyber-attacks harder to detect and 34% low confidence to prevent
75% felt effectiveness would increase with end-to-end solutions
People
Data
Applications
Infrastructure
Hackers Suppliers
Web
Applications Web 2.0 Mobile apps
Structured Unstructured At rest In motion
Consultants Terrorists
In motion
Employees
Systems Applications
Outsourcers
Unstructured
Web 2.0
Customers
Mobile
Applications
Structured
The attack surface for a typical business is growing at an exponential rate
2. Challenge in Mobile era(1/3)
- 13 -
Enroll
Register owner and services
Configure
Set appropriate security policies
Monitor
Ensure device compliance
Reconfigure
Add new policies over-the-air
De-provision
Remove services and wipe
Authenticate
Properly identify mobile users
Encrypt
Secure network connectivity
Monitor
Log network access and events
Control
Allow or deny access to apps
Block
Identify and stop mobile threats
Develop
Utilize secure coding practices
Test
Identify application vulnerabilities
Monitor
Correlate unauthorized activity
Protect
Defend against application attacks
Update
Patch old or vulnerable apps
At the Device Over the Network &
Enterprise For the Mobile App
Corporate
Intranet
Internet
Mobile Security Strategy and Lifecycle Management
Secu
rity
Fra
mew
ork
do
main
s
Security is a key area, spanning over multiple areas including the network,
devices and applications
2. Challenge in Mobile era(2/3)
- 14 -
….and the Security market is shifting
Source: Client Insights 27-Jun-11, An Evaluation of the Security & Risk Opportunity; Assessing a New Approach to Competitive Differentiation, Ari Sheinkin
Traditional Focus
Governance and Compliance
Emerging Focus
Risk Management
Security strategy React when breached Continual management
Speed to react Weeks/months Realtime
Executive reporting None Operational KPIs
Data tracking Thousands of events Millions of events
Network monitoring Server All devices
Employee devices Company issued Bring your own
Desktop environment Standard build Virtualization
Security enforcement Policy Audit
Endpoint devices Annual physical inventory Automatically managed
Security technology Point products Integrated
Security operations Cost Center Value Driver
2. Challenge in Mobile era(1/3)
- 15 -
INFORMATION AGENDA 1
OPERATIONAL EXCELLENCE BUSINESS / IT ALIGNMENT 2 3
Smart Develop. / Work
New Intelligence
Dynamic / On
Demand
Infrastructure
3. Point of View for enterprise risk
Increase flexibility and streamline
operations
Optimize multi-channel
interaction
Create a customer-focused
enterprise
Shared and On Demand
Optimize enterprise risk
- 16 -
Cyber attacks
Organized crime / espionage
State-sponsored attacks
Social engineering
External threats
Sharp rise in external attacks from
non-traditional sources
Admin. Mistakes/ Careless behavior
Internal breaches
Disgruntled employee actions
Mix of private / corporate data
Internal threats
Ongoing risk of careless and
malicious insider behavior
National regulations
Industry standards
Local mandates
Compliance
Growing need to address an
increasing number of mandates
Mobility Cloud / Virtualization Social Business
Impacting innovation
Business Intelligence
Security challenges are impacting innovation
Optimize enterprise risk 3. Point of View for enterprise risk – Security(1/3)
- 17 -
In this “new normal‖, organizations need an intelligent view of their security posture
Proactive
Au
tom
ate
d
Ma
nu
al
Reactive
Optimized Organizations
use predictive
and automated
security analytics
to drive toward
security
intelligence
Proficient Security is layered
into the IT fabric
and business
operations
Basic Organizations
employ
perimeter
protection, which
regulates access
and feeds manual
reporting
Optimize enterprise risk 3. Point of View for enterprise risk – Security(2/3)
- 18 -
The new security landscape - Sophisticated attackers are a primary concern
Threat Profile Type Share
of Incidents Attack Type
Advanced
threat /
mercenary
•National
governments
•Terrorist cells
•Crime Cartels
23%
• Espionage
• Intellectual property theft
• Systems disruption
• Financial Crime
Malicious
Insiders
•Employees
•Contractors
•Outsourcers
15%
• Financial Crime
• Intellectual Property Theft
• Unauthorized Access/
Hacktivist •Social Activists 7%
• Systems disruption
• Web defacement
• Information Disclosure
Opportunist
•Worm and virus
writers
• ―Script Kiddies‖
49%
• Malware propagation
• Unauthorized Access
• Web defacement
Po
ten
tia
l Im
pa
ct
Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure Protection
Cybersecurity, GAO-05-434; IBM CyberSecurity Intelligence & Response Team, September 2012
Optimize enterprise risk 3. Point of View for enterprise risk – Security(3/3)
- 19 -
New technologies and social media are leading factors behind an increased focus on reputational risk.
64% will increase focus on reputational risk compared to five years ago
Why increase?
New technology/ social media, 43%
Previous event harmful to competitor/industry, 20%
Previous event harmful to company, 18%
Board of directions/ C-suite mandate, 10%
Other, 7% Shareholder pressure, 3% “Technology is
an amplifier in all it touches, for better and worse. If we use it, we must manage it rigorously.”
CIO, Barbados professional services firm
Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(1/8)
- 20 -
The study results revealed three key observations concerning IT’s impact on reputational risk.
#1 IT risks have a major impact on a company’s reputation
#2 Companies have rising IT risk concerns related to emerging technology trends
#3 Companies are integrating IT risk and reputational risk management, with strongest
focus on threats to data and systems
“IT and reputational risk management and mitigation are… key success factors of our business and must be given due emphasis.”
C-level executive, Malaysian agriculture and agribusiness company
Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(2/8)
- 21 -
The study results revealed three key observations concerning IT’s impact on reputational risk.
IT risks strongly affect the factors most important to a company’s reputation — making IT risk integral to reputational risk. 78% include IT risk management as part of reputational
risk management
“IT… is like the heart pumping blood to the whole body, so any failure could threaten the whole organization's survival.”
IT manager, French IT and technology company
Most important to reputation
Best-in-class
product/service 29%
Customer engagement 24%
Trusted partner status 14%
Strongly affected by IT risk
Customer satisfaction 46%
Brand reputation 41%
Compliance 40%
Source: Q2: Is IT risk management part of your organization’s overall reputational risk management strategy? Q6: Which of the following is the single most important factor driving your company’s reputation? Q3: In your estimation, how much do IT risks affect the following?
Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(3/8)
- 22 -
Data breach tops the list of IT risk factors that can cause the most reputational harm.
Top three IT risk factors harmful to reputation
61% data breach
44% systems failure
37% data loss
Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(4/8)
- 23 -
The impact on reputation recovery is measured in months, not hours or days like recovery time objectives (RTO).
Website outage
0-6 months
78%
6-12 months
14%
12+ months
8% System failure 72% 17% 10%
Workforce mobility 71% 18% 11%
Data loss 70% 17% 12%
Inadequate continuity plans 65% 21% 13%
Insufficient DR measures 63% 24% 12%
New technology 64% 18% 18%
Data breach 65% 19% 16%
Compliance failure 64% 22% 14%
Poor IT skills / tech support 64% 22% 14%
8%
Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(5/8)
- 24 -
Data Breaches and attacks increase negative sentiment about your business
of companies studied include IT Risk
management as part of reputational risk
management.
of IT risks impact customers satisfaction
and brand reputation
Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(6/8)
- 25 - 25
Your clients’ reputations are at risk every day. An IT issue can set off a series of events that can have significant impact on business value.
IT event
Storms trigger power outage
Partial failure in data center UPS
Critical servers fail
Highly visible service outage
Reputation suffers
News reports on the web
People talk Confidence, trust
waver
Business value damaged
Penalties accrue
Customers defect
Stock price falls
This slide is a graphic representation of what might happen to a company’s reputation and bus
iness value in the face of an IT risk event — in this case, a server/systems failure.
3. Point of View for enterprise risk – Reputational Risk(7/8)
- 26 - 26
Reputational risk: a type of risk related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime. Reputational risk can be a matter of corporate trust, but serves also as a tool in crisis prevention.
Source: http://en.wikipedia.org/wiki/Reputational_risk
Equation taken from - International Centre for Financial Regulation
What is reputational risk and why should an insurance company care?
3. Point of View for enterprise risk – Reputational Risk(8/8)
- 27 - 27
Reputational risk: a type of risk related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime. Reputational risk can be a matter of corporate trust, but serves also as a tool in crisis prevention.
Source: http://en.wikipedia.org/wiki/Reputational_risk
Equation taken from - International Centre for Financial Regulation
What is reputational risk and why should an insurance company care?
3. Point of View for enterprise risk – Reputational Risk(8/8)
- 28 -
별첨. IBM Information management Ecosystem
- 29 -
IBM의 CRMD 및 Global Asset을 통해 조사·분석해본 결과, 국외 선진사례 는 4대 Trend 중심으로 실무 적용 사례가 만들어 지고 있습니다.
국내·외 선진사례 개요 및 시사점
비즈니스 효율성 향상 목적 多
임직원/협력사의 업무 효율성 증대 목적
포털 기반 수립 및 멀티 채널 Device (BYOD) 접속 다양성 제공
IT 인프라 라이프사이클 투자비용 절감 목적
국외: Public Cloud 홗성화 경향
국내: 적용 사례 少
Business 측면: Data-Warehousing 기반의 분석 및 예측 짂행
보안 측면: 이기종 장비간 대용량 로그분석 필요 증가
임직원들의 자발적 참여 및 Communication을 통한 혁신과 생산성 향상 추구 목적
마케팅 요소로 홗용
American National Insurance
Prudential Financial
AIG Edison Life
Insurance
•기존 Portal의 Renovation (Mobile)
•Community Space 구축
•Communication Platform 구축
•협업 Portal 구축
•임직원 커뮤니케이션 채널, 영업 지원
•SaaS Public Cloud 구축
•개발홖경을 Test/Dev Cloud로 구축
•SBC 서비스 위탁
•Data-Mining Platform 구축
•GSOC 구축 및 대용량 로그
상관분석
Mobile
Cloud
Big Data
SNS
Citi Group
BMW
AVIVA
Manu Life Financial
HSBC Bank
별첨 1. 글로벌 선진 사례
http://www.prudential.co.kr/http://www.hsbc.co.kr/1/2/home_ko
- 30 -
2012: The explosion of breaches continues!
Source: IBM X-Force® Research 2012 Trend and Risk Report
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Cyber impacts have been increasing in size, scope
별첨. 2012 X-Force Research Report
- 31 -
지능화되고 있는 정보보앆 공격에 대해 기졲 정보보호 체계의 핚계성은 이미 SONY, RSA, Stuxnet(원
자력시설)의 APT 공격 침해 사고로 확증되었으며, 이에 대핚 대앆으로서 Security Intelligence를 추진
하고 있습니다.
별첨. 글로벌 기업의 정보보호를 Security intelligent
APT 공격을 포함핚 지능화된 보앆 공격에 대핚 기졲 보앆 체계의 핚계
전통적인 기술에 고착
시그니쳐 기반 패턴 매칭 기술 보앆 솔루션
우회 공격이나 우회 기술에 취약
알려지지 않은 방식의 공격에 대핚 탐지 불가
(전통적 차단방법에 대핚 이해를 기반으로 함)
항상 최싞의 시그니쳐 로 유지하여야 함
클라이언트 공격에 대핚 대응 부족
PDF, DOC, WSF, XLS, PPT, 미디어 파일, Flash 등의 Zero-day 취약점을 이용핚 악성코드 유포 대응에 핚계
클라이언트 보앆 패치 중요성 증가하고 있으나 즉시 보앆패치 되는 사례는 많지 않음
보앆 기술에서의 대응 방앆
- 32 -
2,641,350
The Average Company Faces Per Week
Security Attacks
1. Health & Social Services
2. Transportation
3. Hospitality
4. Finance & Insurance
5. Manufacturing
6. Real Estate
7. Mining, Oil & Gas
Top 7 Most ATTACKED Industries
62 Security Incidents
The Average Company
Experiences Per Week
1. End user didn’t think before clicking
2. Weak password / default password in use
3. Insecure configuration
4. Use of legacy hardware or software
5. Lack of basic network security protection or
segmentation
Top 5 reasons WHY attacks were possible
Malicious Code
Sustained Probe or Scan
Unauthorized Access
Low-and-Slow Attack
Access/Credentials Abuse
Denial of Service
What IBM Sees
Categories of Attack
별첨. Which Industries are targeted