© 2012 IBM Corporation

창조적 경제를 위한 글로벌 SW/IT Tech. 이해와 접근 전략

2013.10.08

한국 IBM GTS 김용덕

yodkim@kr.ibm.com

- 2 -

Retail Industry Landscape 본 세션이 끝나면 여러분들은

1. 글로벌시장에서 SW/ IT기술에 대핚 Needs 와 배경에 대핚 이해

2. 글로벌 기업의 SW/IT 기술에 대핚 방향성에 대핚 이해

3. Risk, 이슈와 글로벌 기업의 전략적 방향성에 대핚 이해

4. 창조적 경제에 관렦된 영역,의견, 접근 방법에 대핚 실마리를 찾는다

- 3 -

1. 시장의 변화 > 배경(2/3)

Smart Develop. / Work

New Intelligence

어떻게 하면 새로운 비즈니스와 프로세스를 빠른 시간에 launching

하고, 사람들이 구입하고, 일하는

방법을 보다 효율적, 효과적으로 할 수

있을까?

어떻게 하면 의미 있는 정보를 확보하고,

의사결정하고, 홗용할 수 있는가?

“Data is exploding

and it’s in silos”

“New business &

process demands”

I need insight I need to work

smart

Dynamic / On

Demand

Infrastructure

어떻게 하면 비용적 부분을 줄이고, 효율은 극대화 할 수 있는가?

“We need to do more

with less”

I need to save

money

참고: 빅 데이터 경영을 바꾸다. "데이타를 얻는 능력, 즉 데이타를 이해하는 능력, 처리하는 능력, 가치를 뽑아내는 능력, 시각화하는 능력, 전달하는 능력이야 말로 앞으로 10년갂 엄청나가 중요핚 능력이 될 것이다. - 핛 배리언, 구글 수석 경제학자.

- 4 -

Retail Industry Landscape 1. 시장의 변화 > 배경(1/3)

Market forces are impacting the landscape of Enterprise around the world, requiring the transformation of industry business models

STOP

What are the duplicated

or non-value added

activities you can stop

doing?

SKILLS

How can functional

silos be reduced?

ORGANIZATION

How can the people in

the process best be

organized to deliver the

output?

Operation

How & what you do

COLLABORATION &

INTEGRATION

How can trading

partners be integrated

into the process?

BUSINESS

INTELLIGENCE

(DATA & INFO FLOW)

How can the movement

and handling of data be

reduced?

HOW WE USE THE

DATA

How can the quality

of information be

captured and assured

at source?

PERFORMANCE

INSIGHT & VISIBILITY

How can process

performance be made

visible?

Dynamic / On Demand

How to use

economic way?

AUTOMATION

How can automation be

used to improve

process effectiveness?

Smart Develop. / Work

New Intelligence

Dynamic / On

Demand

Infrastructure

Dynamic / On

Demand

Infrastructure

Smart Develop. / Work

- 5 -

1. 시장의 변화 > 배경(3/3) – 구체적인 Data

Technology is the leading force for impacting business

% of CEOs using Social to Connect with Customers1

90% of mobile users keep their device within arm’s reach 100% of the time2

8 zettabytes of digital content

created by 20153

1. Technology factors

2. People skills

3. Market factors

4. Macro-economic factors

5. Regulatory concerns

6. Globalization

Factors impacting organizations:

1

Source: IBM CEO Study 2012

New systems of

engagement are

driving new

requirements

12012 IBM CEO Study 2IBM Forum 2012, Smarter Commerce Prague 3IDC, IDC Predictions 2012: Competing for 2020, Doc #231720, December 2011

Cloud computing

Social and mobile communications

Analytics and ―big data‖

- 6 -

New Intelligence The characteristics of big data

Collectively Analyzing the broadening

Variety

Responding to the

increasing Velocity

Cost efficiently processing the

growing Volume

Establishing the

Veracity of big data sources

30 Billion RFID sensors and counting

1 in 3 business leaders don’t trust the information they use to make decisions

50x 35 ZB

2020

80% of the worlds data is unstructured

2010

1. 시장의 변화 > New Intelligence

- 7 -

New Intelligence The characteristics of big data 1. 시장의 변화 > New Intelligence

2009

800,000 petabytes

2020

35 zetabytes as much Data and Content

Over Coming Decade

44x Business leaders frequently make decisions based on information they don’t trust, or don’t have

1 in 3

83% of CIOs cited ―Business intelligence and analytics‖ as part of their visionary plans to enhance competitiveness

Business leaders say they don’t have access to the information they need to do their jobs

1 in 2

of CEOs need to do a better job capturing and understanding information rapidly in order to make swift business decisions

60%

… And Organizations

Need Deeper Insights

Of world’s data is unstructured

80%

Big Data is at the Center Of a New Wave of Opportunity…

- 8 -

• Availability of deep mobility skills and experience in market to implement and

maintain robust and integrated mobility solutions

• Ability and willingness of organizations to pay for mobile skills development

• Geographic reach of service providers to serve an organization’s locations

• Infrastructure complexity from multiple device platforms

• Unique mobile requirements for employees/workers

• Extending data, voice and video applications to mobile devices

• Integrating across wireline/wireless LAN platforms

• “Consumerization of IT” forcing CIOs to have BYOD policy and plan; provide

employee device choice

• Anytime, anywhere, any device access now standard

• Social business interactions are increasingly important

All of these workplace shifts are forcing IT to confront new issues in their

mobile infrastructures and in the way they deliver services

Business and IT

change

Complexity and

integration

Business

and IT

Change

Complexity

and

Integration

Source: The New Workplace CIO Study, IBM Market Insights,

The Mobile

Skills Gap

Smart Develop. / Work 1. 시장의 변화 > Smart

- 9 -

Smart Develop. / Work New

Intelligence

Dynamic / On

Demand

Infrastructure 1. 시장의 변화 > Dynamic / On Demand Infrastructure

Evolve existing

infrastructure to Cloud

Accelerate

adoption with integrated systems

Immediate

access to a managed

platform with flexible cost

Common Cloud platform built on an open standards reference model

Private Clouds Hybrid Public Clouds

Flexible business service delivery and consumption models

Access 60+

public cloud

SaaS solutions

Requires flexibility in how organizations build and deploy cloud

services, enabled by open standards and integrated security

- 10 -

1 Organize Information

2 Gain Insight 3 Optimize Interaction

Capture and Notice

Analyze and Derive

Influence and Drive

Customer

Engage customers in insightful conversations

Provide consistent, cross-channel experience

Capture every customer interaction

Market and sell based on customer events

Lower operational expenses…

and at the same time

Using New IT tech.

※: IBM GTS Research Finance Industry, 2012

1. 시장의 변화 > 요약(1/2)

- 11 -

In Mobile era, customer’s reaction more than fast ever before.

Of users list ―urgency‖ as

their reason for using mobile

to access information2 89%

Urgency

Salesforce.com

traffic from mobile

devices1 60%

1. Beware Of Mobile's Unintended Consequences (Part 1)Posted by Ted Schadler on 2/23/12

3. The Mobile Movement Study, Google/Ipsos OTX.Media CT, April 2011

Customer’s Reaction time difference

Information

Interaction

Service

Hours

We

b e

ra

Information

Interaction

Service

Days

Pre

-we

b e

ra

Instant

Continuous

Collaborative M

ob

ile

Era

Information

Interaction

Service

1. 시장의 변화 > 요약(2/2)

- 12 -

77% of firms feel cyber-attacks harder to detect and 34% low confidence to prevent

75% felt effectiveness would increase with end-to-end solutions

People

Data

Applications

Infrastructure

Hackers Suppliers

Web

Applications Web 2.0 Mobile apps

Structured Unstructured At rest In motion

Consultants Terrorists

In motion

Employees

Systems Applications

Outsourcers

Unstructured

Web 2.0

Customers

Mobile

Applications

Structured

The attack surface for a typical business is growing at an exponential rate

2. Challenge in Mobile era(1/3)

- 13 -

Enroll

Register owner and services

Configure

Set appropriate security policies

Monitor

Ensure device compliance

Reconfigure

Add new policies over-the-air

De-provision

Remove services and wipe

Authenticate

Properly identify mobile users

Encrypt

Secure network connectivity

Monitor

Log network access and events

Control

Allow or deny access to apps

Block

Identify and stop mobile threats

Develop

Utilize secure coding practices

Test

Identify application vulnerabilities

Monitor

Correlate unauthorized activity

Protect

Defend against application attacks

Update

Patch old or vulnerable apps

At the Device Over the Network &

Enterprise For the Mobile App

Corporate

Intranet

Internet

Mobile Security Strategy and Lifecycle Management

Secu

rity

Fra

mew

ork

do

main

s

Security is a key area, spanning over multiple areas including the network,

devices and applications

2. Challenge in Mobile era(2/3)

- 14 -

….and the Security market is shifting

Source: Client Insights 27-Jun-11, An Evaluation of the Security & Risk Opportunity; Assessing a New Approach to Competitive Differentiation, Ari Sheinkin

Traditional Focus

Governance and Compliance

Emerging Focus

Risk Management

Security strategy React when breached Continual management

Speed to react Weeks/months Realtime

Executive reporting None Operational KPIs

Data tracking Thousands of events Millions of events

Network monitoring Server All devices

Employee devices Company issued Bring your own

Desktop environment Standard build Virtualization

Security enforcement Policy Audit

Endpoint devices Annual physical inventory Automatically managed

Security technology Point products Integrated

Security operations Cost Center Value Driver

2. Challenge in Mobile era(1/3)

- 15 -

INFORMATION AGENDA 1

OPERATIONAL EXCELLENCE BUSINESS / IT ALIGNMENT 2 3

Smart Develop. / Work

New Intelligence

Dynamic / On

Demand

Infrastructure

3. Point of View for enterprise risk

Increase flexibility and streamline

operations

Optimize multi-channel

interaction

Create a customer-focused

enterprise

Shared and On Demand

Optimize enterprise risk

- 16 -

Cyber attacks

Organized crime / espionage

State-sponsored attacks

Social engineering

External threats

Sharp rise in external attacks from

non-traditional sources

Admin. Mistakes/ Careless behavior

Internal breaches

Disgruntled employee actions

Mix of private / corporate data

Internal threats

Ongoing risk of careless and

malicious insider behavior

National regulations

Industry standards

Local mandates

Compliance

Growing need to address an

increasing number of mandates

Mobility Cloud / Virtualization Social Business

Impacting innovation

Business Intelligence

Security challenges are impacting innovation

Optimize enterprise risk 3. Point of View for enterprise risk – Security(1/3)

- 17 -

In this “new normal‖, organizations need an intelligent view of their security posture

Proactive

Au

tom

ate

d

Ma

nu

al

Reactive

Optimized Organizations

use predictive

and automated

security analytics

to drive toward

security

intelligence

Proficient Security is layered

into the IT fabric

and business

operations

Basic Organizations

employ

perimeter

protection, which

regulates access

and feeds manual

reporting

Optimize enterprise risk 3. Point of View for enterprise risk – Security(2/3)

- 18 -

The new security landscape - Sophisticated attackers are a primary concern

Threat Profile Type Share

of Incidents Attack Type

Advanced

threat /

mercenary

•National

governments

•Terrorist cells

•Crime Cartels

23%

• Espionage

• Intellectual property theft

• Systems disruption

• Financial Crime

Malicious

Insiders

•Employees

•Contractors

•Outsourcers

15%

• Financial Crime

• Intellectual Property Theft

• Unauthorized Access/

Hacktivist •Social Activists 7%

• Systems disruption

• Web defacement

• Information Disclosure

Opportunist

•Worm and virus

writers

• ―Script Kiddies‖

49%

• Malware propagation

• Unauthorized Access

• Web defacement

Po

ten

tia

l Im

pa

ct

Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure Protection

Cybersecurity, GAO-05-434; IBM CyberSecurity Intelligence & Response Team, September 2012

Optimize enterprise risk 3. Point of View for enterprise risk – Security(3/3)

- 19 -

New technologies and social media are leading factors behind an increased focus on reputational risk.

64% will increase focus on reputational risk compared to five years ago

Why increase?

New technology/ social media, 43%

Previous event harmful to competitor/industry, 20%

Previous event harmful to company, 18%

Board of directions/ C-suite mandate, 10%

Other, 7% Shareholder pressure, 3% “Technology is

an amplifier in all it touches, for better and worse. If we use it, we must manage it rigorously.”

CIO, Barbados professional services firm

Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(1/8)

- 20 -

The study results revealed three key observations concerning IT’s impact on reputational risk.

#1 IT risks have a major impact on a company’s reputation

#2 Companies have rising IT risk concerns related to emerging technology trends

#3 Companies are integrating IT risk and reputational risk management, with strongest

focus on threats to data and systems

“IT and reputational risk management and mitigation are… key success factors of our business and must be given due emphasis.”

C-level executive, Malaysian agriculture and agribusiness company

Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(2/8)

- 21 -

The study results revealed three key observations concerning IT’s impact on reputational risk.

IT risks strongly affect the factors most important to a company’s reputation — making IT risk integral to reputational risk. 78% include IT risk management as part of reputational

risk management

“IT… is like the heart pumping blood to the whole body, so any failure could threaten the whole organization's survival.”

IT manager, French IT and technology company

Most important to reputation

Best-in-class

product/service 29%

Customer engagement 24%

Trusted partner status 14%

Strongly affected by IT risk

Customer satisfaction 46%

Brand reputation 41%

Compliance 40%

Source: Q2: Is IT risk management part of your organization’s overall reputational risk management strategy? Q6: Which of the following is the single most important factor driving your company’s reputation? Q3: In your estimation, how much do IT risks affect the following?

Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(3/8)

- 22 -

Data breach tops the list of IT risk factors that can cause the most reputational harm.

Top three IT risk factors harmful to reputation

61% data breach

44% systems failure

37% data loss

Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(4/8)

- 23 -

The impact on reputation recovery is measured in months, not hours or days like recovery time objectives (RTO).

Website outage

0-6 months

78%

6-12 months

14%

12+ months

8% System failure 72% 17% 10%

Workforce mobility 71% 18% 11%

Data loss 70% 17% 12%

Inadequate continuity plans 65% 21% 13%

Insufficient DR measures 63% 24% 12%

New technology 64% 18% 18%

Data breach 65% 19% 16%

Compliance failure 64% 22% 14%

Poor IT skills / tech support 64% 22% 14%

8%

Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(5/8)

- 24 -

Data Breaches and attacks increase negative sentiment about your business

of companies studied include IT Risk

management as part of reputational risk

management.

of IT risks impact customers satisfaction

and brand reputation

Optimize enterprise risk 3. Point of View for enterprise risk – Reputational Risk(6/8)

- 25 - 25

Your clients’ reputations are at risk every day. An IT issue can set off a series of events that can have significant impact on business value.

IT event

Storms trigger power outage

Partial failure in data center UPS

Critical servers fail

Highly visible service outage

Reputation suffers

News reports on the web

People talk Confidence, trust

waver

Business value damaged

Penalties accrue

Customers defect

Stock price falls

This slide is a graphic representation of what might happen to a company’s reputation and bus

iness value in the face of an IT risk event — in this case, a server/systems failure.

3. Point of View for enterprise risk – Reputational Risk(7/8)

- 26 - 26

Reputational risk: a type of risk related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime. Reputational risk can be a matter of corporate trust, but serves also as a tool in crisis prevention.

Source: http://en.wikipedia.org/wiki/Reputational_risk

Equation taken from - International Centre for Financial Regulation

What is reputational risk and why should an insurance company care?

3. Point of View for enterprise risk – Reputational Risk(8/8)

- 27 - 27

Reputational risk: a type of risk related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime. Reputational risk can be a matter of corporate trust, but serves also as a tool in crisis prevention.

Source: http://en.wikipedia.org/wiki/Reputational_risk

Equation taken from - International Centre for Financial Regulation

What is reputational risk and why should an insurance company care?

3. Point of View for enterprise risk – Reputational Risk(8/8)

- 28 -

별첨. IBM Information management Ecosystem

- 29 -

IBM의 CRMD 및 Global Asset을 통해 조사·분석해본 결과, 국외 선진사례 는 4대 Trend 중심으로 실무 적용 사례가 만들어 지고 있습니다.

국내·외 선진사례 개요 및 시사점

비즈니스 효율성 향상 목적 多

임직원/협력사의 업무 효율성 증대 목적

포털 기반 수립 및 멀티 채널 Device (BYOD) 접속 다양성 제공

IT 인프라 라이프사이클 투자비용 절감 목적

국외: Public Cloud 홗성화 경향

국내: 적용 사례 少

Business 측면: Data-Warehousing 기반의 분석 및 예측 짂행

보안 측면: 이기종 장비간 대용량 로그분석 필요 증가

임직원들의 자발적 참여 및 Communication을 통한 혁신과 생산성 향상 추구 목적

마케팅 요소로 홗용

American National Insurance

Prudential Financial

AIG Edison Life

Insurance

•기존 Portal의 Renovation (Mobile)

•Community Space 구축

•Communication Platform 구축

•협업 Portal 구축

•임직원 커뮤니케이션 채널, 영업 지원

•SaaS Public Cloud 구축

•개발홖경을 Test/Dev Cloud로 구축

•SBC 서비스 위탁

•Data-Mining Platform 구축

•GSOC 구축 및 대용량 로그

상관분석

Mobile

Cloud

Big Data

SNS

Citi Group

BMW

AVIVA

Manu Life Financial

HSBC Bank

별첨 1. 글로벌 선진 사례

http://www.prudential.co.kr/http://www.hsbc.co.kr/1/2/home_ko

- 30 -

2012: The explosion of breaches continues!

Source: IBM X-Force® Research 2012 Trend and Risk Report

2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

Cyber impacts have been increasing in size, scope

별첨. 2012 X-Force Research Report

- 31 -

지능화되고 있는 정보보앆 공격에 대해 기졲 정보보호 체계의 핚계성은 이미 SONY, RSA, Stuxnet(원

자력시설)의 APT 공격 침해 사고로 확증되었으며, 이에 대핚 대앆으로서 Security Intelligence를 추진

하고 있습니다.

별첨. 글로벌 기업의 정보보호를 Security intelligent

APT 공격을 포함핚 지능화된 보앆 공격에 대핚 기졲 보앆 체계의 핚계

전통적인 기술에 고착

시그니쳐 기반 패턴 매칭 기술 보앆 솔루션

우회 공격이나 우회 기술에 취약

알려지지 않은 방식의 공격에 대핚 탐지 불가

(전통적 차단방법에 대핚 이해를 기반으로 함)

항상 최싞의 시그니쳐 로 유지하여야 함

클라이언트 공격에 대핚 대응 부족

PDF, DOC, WSF, XLS, PPT, 미디어 파일, Flash 등의 Zero-day 취약점을 이용핚 악성코드 유포 대응에 핚계

클라이언트 보앆 패치 중요성 증가하고 있으나 즉시 보앆패치 되는 사례는 많지 않음

보앆 기술에서의 대응 방앆

- 32 -

2,641,350

The Average Company Faces Per Week

Security Attacks

1. Health & Social Services

2. Transportation

3. Hospitality

4. Finance & Insurance

5. Manufacturing

6. Real Estate

7. Mining, Oil & Gas

Top 7 Most ATTACKED Industries

62 Security Incidents

The Average Company

Experiences Per Week

1. End user didn’t think before clicking

2. Weak password / default password in use

3. Insecure configuration

4. Use of legacy hardware or software

5. Lack of basic network security protection or

segmentation

Top 5 reasons WHY attacks were possible

Malicious Code

Sustained Probe or Scan

Unauthorized Access

Low-and-Slow Attack

Access/Credentials Abuse

Denial of Service

What IBM Sees

Categories of Attack

별첨. Which Industries are targeted