Data security strategies and drivers

- 1 - Copyright 2009 Freeform Dynamics Ltd - 1 - Copyright 2010 Freeform Dynamics Ltd

Data Security Trends and Observations

Tony LockFreeform Dynamics Ltd

[email protected], 2010

www.freeformdynamics.com

- 2 - Copyright 2009 Freeform Dynamics LtdCopyright 2010 Freeform Dynamics

Agenda

► Business Drivers Influencing IT Security► Protecting Data► The Future of Encryption


Today, business want to…► Reduce costs

● Leverage existing investments● Rationalise infrastructure / Reduce power consumption ● ‘Optimise everything’!

► Increase agility● Access information on demand● Support new business initiatives quickly & effectively

► Manage risk● Legal & regulatory / Security and privacy● Continuity / resilience● Protect brand

► Be good corporate citizens● Governance / External obligations● Retain Customer trust and satisfaction


4043372030755980512726843227940121734585012 7154539691420762 597242857594404736383206 864822559884522781272859586310783041215189039722995842274740595660911438608619370523665877168914807728150100036532892988233489229168412298957399856995916007784076516717934157958922080355531822072807338276962545494762362555017379346840089604010135260723134336771684303126571878448235124194684200289197340444389979954931395248708578295236216355137975564230921803957049782011111357

Encryption and Key Management


Why is security important?


New risks

► External annoyances (Spam, virus, Drive by web infections, general Phishing, etc.)

► Targeted crime (Hackers, Targeted phishing etc.)► Third parties inside the firewall breaching security► Staff breaching security by design► Staff / Third parties breaching security by accident –

Information leakage


Well Protected?


To what degree do you consider these specific risks during business planning?

0% 20% 40% 60% 80% 100%

Loss of business critical informationDowntime of key IT systems

Illicit use of confidential informationBreach of building security

Legal exposureRegulatory exposure

Criminal activity (e.g. fraud)Malicious damage by employees

Accidental damagePolitical instability

Public health emergencyPoor performance of financial markets

Natural disasterTerrorist activity

Major consideration Some considerationMinimal consideration Unsure


Has regulatory compliance been a specific driver in the following areas?

0% 10% 20% 30% 40% 50% 60% 70% 80%

Financial Services

Public Sector

Communications

Oil & Gas

General Industry/Commerce

Enhancing storage and archiving capability Enhancing information related security


Generally speaking, when you add everything up, how is your spending on IT risk related investments such as security and information management changing?

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Financial Services

Communications

Public Sector

General Industry

Oil & Gas

Increasing dramatically Increasing Static Decreasing


Agenda



Security “culture”


How easy is it to control the potential security risk arising from the proliferation of confidential data across different machines and locations?

Cannot completely

control23%

Controlling it is a

challenge50%

Easy to control22%

Unsure5%


How important are the following when considering the need to secure confidential information?

0% 20% 40% 60% 80% 100%

Avoidance of financial loss

Prevention of legal exposure

Preservation of customer relationships

Regulatory compliance

Maintenance of competitive edge

Protection of brand and image

Particularly important for us Some consideration Less of an issue Unsure


► Link to lack of accurate knowledge • Mixed IT infrastructure deployed• Who has “access” to data, especially

those with escalated privileges• Who is using each service and who

should be?

► Encryption. where used, is deployed piecemeal not across all systems• Lack of process to manage solutions• Lack of awareness that solutions are

now available for a wide range of challenges

What is holding “Data Security” back?


The role of Encryption and Key Management

► Today encryption has been implemented in a piecemeal fashion

● Bit by bit● No central management or strategy● Key management left to individuals or groups

► Encryption will, ultimately, be rolled out to address all of the highlighted risk areas

● Key desktops and laptops● Storage arrays● Mobile Devices

► Problems will occur● And very, very visibly


Agenda



► Define who is responsible for security• How should policy be set? • IT, The Business and Security partners• Set how to create / handle security Procedures?

►Implement security solutions• Encryption and key management• Make as transparent as possible to users• Ensure staff know what is permitted in data security management

►Until these are addressed, change will be difficult and risks will not be managed

Moving “Data Security” and encryption Forward?


Process, process, process► Process

● Define Processes for security● Try to standardise on solutions● Make sure everyone understands security threats and the

consequences● Make sure that routines / procedures are in place to manage all

aspects of security● Especially for mobile / home workers.

► Create a feeling of responsibility for security► Train / Train / Train / Communicate


Overall mix of concerns relating to adoption of latest technologies and working practices

0% 10% 20% 30% 40% 50% 60% 70%

Securityinfrastructure

limitations

Policy and processrelated challenges

Cultural or trustrelated concerns

Encryption can help address th

ese issues


►Use of Encryption will spread, and soon• Silo by Silo• Storage, Desktops, Mobile Devices, Applications• Data at Rest, Data in Motion

► Ultimately encryption will become “expected” ► The importance of key management will be recognised

• But not to begin with• Education will be required or “incidents will happen”

►Standards (ISO 7498-2, ISO 17799 etc.) are important• But customers will need to move before all standards are

finalised and in place.► Best practice / experience is valued along with advice

on where to start.

The Future of Encryption


►Know where data is stored, who is using it and why• Storage platforms / Desktops / Applications / Networks• Combine asset management / identity / encryption and key

management►Define roles and responsibilities for data governance►Create policies for data management and security

• Encrypt where needed• And make sure everyone understands and follows them• Audit data access and alteration

►Define Identities• Personal / Device / Service / Application

► Get good Management Procedures in place, especially for encryption key management

Where to start with Securing Enterprise Data?


Thank You!

► Any Questions?

Tony LockFreeform Dynamics Ltd

[email protected], 2010

www.freeformdynamics.com

Date post:	07-Nov-2014
Category:	Technology
Upload:	freeform-dynamics
View:	2,289 times
Download:	0 times

Data security strategies and drivers

Technology