Keeping Your Digital Business Running

Transcription

1 Keeping Your Digital Business Running Brian Proffitt CTO May 2017 In the future I invented time travel

2 Agenda Keeping Your Digital Business Running 1. Safety What we ve been doing Making your business safe 2. Reliability What we re testing now An in-flight transaction network 3. Connections What we re building next Customer Connect Adding new suppliers AI Robotics Epilogue - The digital future Trending technologies to watch

3 1. Keeping Your Information Safe

4 What is the most likely security threat in 2017?

5 The Cyber Risk Your Business 50% ransomware

6 Should I be worried? Nature of attacks: 46% of all ransomware attacks from How: Typically by encrypting files and requesting payment to unencrypt Cost of attacks: Half of ransomware attacks on the enterprise are in the range $1,000-$2000 Many are paying the ransom: More than 40% of victims paid the ransom demands, generally demanded in bitcoin Which industries: Healthcare and financial services were the leading industries attacked with ransomware globally, followed by manufacturing It s Big Business: Ransomware as a Service

7 Compliance Governance What are Tungsten doing to keep you safe? Ransomware Continual Phishing and Whaling training Advanced security / Daily backups of all data Accreditations ISO ISAE 3402 NIST Cyber Essentials HIPAA Tungsten Security Roadmap Because this is in our DNA Review/Updating of Security Policy Develop SANS 20 CSC & NIST Top 10 Capability Maturity Model TORs Security Sub Working Groups ISO 27001:2015 Re Certification Oct16 -Audit Veracode Scanning Policies Change OWASP, SANS-20CSC Production DB Security Posture Improvement FY 2016 FY 2017 FY 2018 Over Arching Security Strategy/ Develop Road Map of Security Projects Review of Incident Management Policy AWS Audit Assentation (Cloud Security) HIPPA VA Review (USA) Review & Optimisation of existing Security Technologies Mimecast, Bitium roll out & Bus Adoption Leveraging Technology Audit Programme 2017 Overview of Security Processes White Paper Portal Penetration testing & client Facing Reports CC- Firewall Upgrade NextGen Security Governance for Container Driven Services Cleo Performance & Stability Review/ Improvement ISAE 3402& Internal Audits Feb16 HMG Cyber Essentials Certification Container Driven Mico services - Security Insider Threat Programme Evaluate/Select SOC provider Log, monitor threat Intel. forensics Microsoft Sec SharePoint Project Martini Supply Chain Risk & Assurance Programme ISAE 3402 PWC Audit June 2017 BCP ISO22301 Corporate Wide Business Continuity Plan Physical Security HQ London Access Control, Alarm, CCTV Enterprise Data Governance Access (Discovery & Classification ) Physical Security Review Other Offices Access Control, Alarm, CCTV Data Discovery & Classification Tool ISO Organisational Resilience Supply Chain Audits/Assurance Corporate Security Housekeeping Physical and Cyber Processes Enterprise Wide Integrated Cyber & Security Risk Management Security -Moving Production DR to AWS Neupart rollout Risk, BCP & Compliance Tool IT-Service Management ISO/ICE20000 Secure Coding MSDL Enterprise Security risk analysis Next Gen Malware End Point Mobile Protection Trusted Security Partner for Client s & RFP Enquires NIST Cyber Security Framework (Tire4 Maturity) Internal & Production Network Next Gen Protection Gated Approvals of Projects Cyber Security & Compliance - Input CERT Incident forensic Response outsourced Capability Cyber Risk Advisory Programme Achieve EU GDPR Full adherence Compliance Annual Full DR Test Supply Chain Assurance Security & Compliance Client data Deletion Security Awareness Training of Staff & Contractors (Part 1) Training Security, BCP & Incident Management Stress Tests - Annual Docker Training Phishing Exercises Wambat Fully Fledged Profit Centre Advising Clients Software Defined Networks Security Awareness Training of Staff & Contractors (Part 2) Introduction to Secure Coding SECURE CONNECTIONS Connecting Buyer & Suppliers Providing both CLIENTS & STAFF with a seamless security environment that minimises cyber, physical and operational threats. To maximise opportunities & performance On-Going Security Upskilling Training Tech & Awareness Secure Coding & DeveOps Champions On-Going Upskilling Training Tech & Professional DBA Replacement for Pro DBA Skills Matrix Project Team Approach AWS Security Specialist (AT&S) Client Focused Cyber Risk/Security/ Compliance Advisors Security Network Architect Specialist/ Contractor DeveSecOps Specialist Contractor (Frazier L) Skill Resources

8 2. Reliability Keeping Your Business Running

9 Rebuilding our Core Network is like Building a Plane whilst flying Building Planes in the Sky

10 Building Planes in the Sky

11 Rebuilding Our Core Network State of the Art Technologies Enables business logic changes without bespoke code changes Supports Data Science and advanced Business Analytics System Configuration instead of Code Compilation Changes implemented quickly Enables transparency of business rules and processes Using Cloud Technologies Enables multiple to accelerate new Country Compliance Increased resilience to ensure Business Continuity Transformation from bespoke development to configurable tools

12 Rebuilding Our Core Network What this means for You Less planned downtime Changes happen in flight Less unplanned downtime Increased reliability as changes are deployed in parallel and checked for consistency of operation

13 3. Connecting Customers New Connection Requests

14 25% of support requests are from suppliers wishing to connect to other buyers Approving supplier connection requests

15 3. Connecting Customers Adding New Suppliers

16 Loading New Suppliers Validating supplier data Validate the data before starting the Campaign Data that does not meet the minimum standards is highlighted in red

17 Loading New Suppliers Starting a Campaign Each address in the list will be sent an inviting them to join Tungsten on your behalf. Suppliers that have not signed up will be reminded to do so Campaign reports will show take up rates

18 3. Connecting Customers Onboarding New Suppliers

19 Onboarding new suppliers the AI Robotic Invasion What we ve done Worked with the best AI brains in academia to build robotic solutions for the benefit of our customers

20 Onboarding new suppliers the AI Robotic Invasion The problem 20% of new suppliers released to us are already on our network, unfortunately their names, addresses or contact details may not obviously match and we typically only get 20% of these right first time So what have we built AI robots that match new supplier identities with those of current suppliers on the Tungsten Network

21 Onboarding new suppliers the AI Robotic Invasion What does this mean for me as a buyer? Soon, we will be able to match suppliers with >50% accuracy What does this mean for me as a supplier? Easier, and happier, connection to buyers on the Tungsten Network

22 Epilogue - Digital Futures Optional Sub-headline

23 Digital Futures Trending Technologies to Watch IGNORE THIS Chris Parry OWN MAKING SENSE OF THE DATA Leonard Brody WATCH THESE Brian Proffitt

24 Keeping Your Digital Business Running Safer, reliable connections & Tracking parallel digital futures so that you benefit now

25