Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | tobias-potter |
View: | 214 times |
Download: | 0 times |
Review of the problem statement and existing work Assessing and managing third party vendor
security requirements and practices for outsourced services Existing solution
Established Vendor Review Process Technical Infrastructure Evaluation Scheduled Reviews & Onsite Visits Contractual Obligations
Real World Problem – VCNA
E-Commerce Portal Technical Literature Integration with Production Lines – VINs Help System Payment Processing VIDA Software Downloads and Configurations
Real World Problem – VCNA Cont… Security Concerns
Personally Identifiable Information Complete VIN List Credit Card Processing Trade Secrets – Software Configurations
Governing Bodies EPA/CARB PCI Ford Motor Company
Technical Solution Personally Identifiable Information
Entire site is encrypted using SSL Passwords are encrypted in database Customer is segregated on individual VLAN Backups are encrypted and shipped off-site
Complete VIN List Encrypted Secure Transmission to Locksmiths
Credit Card Processing Industry Standard Encryption
Technical Solution Cont…
Trade Secrets – Software Configurations Software Subscriptions
Secure Login from Public Internet All information is passed via https Passwords are encrypted in database
Configured in Sweden per Order Software is placed in shopping cart Order is passed to Volvo (Sweden) over a VPN
connection Configured Software Request is Sent Back via VPN
Technical Solution Cont…
Trade Secrets – Software Configurations Sold Via E-Commerce Application
Software is Purchased using Credit Card SSL Encryption Verisign Integration
Transmitted to Ford Network Software Request is sent to Ford
Uses VPN connection with Limited IP and Port Number Request is Dropped into Message Queue
Configured Software is Downloaded from Ford Installed on Cars for Diagnostic Testing
Business, Risk, and Cost Considerations Benefits of outsourcing services/data
Cost savings Economies of scale
Consistency of quality Expansion of business line
E-Commerce site Risks
Data security Costs of a data breach – Survey conducted by Ponemon Inst.
$197 per company record Average total $6.3 million per breach Ranged from $225K to $35M
Feasibility
The outsourcing vendor has the same incentive to secure the data Breach of their customers’ data will be just as damaging to
them as to the customer Loss of revenue Loss of reputation
Costs of securing data is low compared to the cost of breach 1 year of SSL Validity – VeriSign.com
$400 - $1600 per server Varies based on trust level, security level, encryption strength
Increase in competition will require vendors to provide adequate security levels
Conclusion
As long as we need to outsource data, we need to continue to balance security with usability and ensure that our vendors have the proper level of security in place for the data they have