September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation
Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated Enterprise IT will continue to transform Regulatory pressures are rising in complexity, costs Skills gap keeps widening 72 hours to report a breach mandated by upcoming GDPR regulation 1 84% of successful breaches target application layer 4 53% forecasted increase in demand for security talent in 2017 6 $75B estimated total U.S. ransomware-related business losses in 2016 2 $8T 50% cost of cybercrime to of data loss global businesses by from insider threats 5 2020 3 80% of all targeted attacks exploit privileged user access rights during the attack 7 * Sources listed in Notes September 4, 2017 2
Cybersecurity What my friends think I do What my mother thinks I do What society thinks I do What my boss thinks I do What I think I do What I actually do Welcome September 4, 2017 3
SOC Forum August 2017 September 4, 2017 4
Implications of the digital era stifles business growth Digital is driving business disruption Widening skills gap Business model disruption Transformation pressure Increased cyber threat 30X More IT applications releases as a result of DevOps by 2020 1 90% employees use personal devices for business apps 2 28B IoT devices will be connected to the internet by 2020 3 1M cybersecurity job openings today 4 Next generation security enables business growth Augments security skills shortage Meets regulatory pressures Protects against innovative adversary * Sources listed in Notes September 4, 2017 5
Today s digital enterprises require reliable security solutions Enhanced protection of digital assets Holistic risk and cyber security strategy Understand and measure IT security risk Flexibility for multiple deployment options Identify and preempt threats internal and external view of the global security landscape Operationalize security controls across data, user, network, endpoint Global scale but with local reach and client context Transformation expertise secure the digital transformation Integrated solutions driven from risks down to controls Knowledge and experience architecture and technical domains Visibility of IT security risk Demonstrate compliance both internal and externally Compliance expertise and industry certified personnel Vendor-agnostic Consumable in a way suited to business needs Tiered solutions and services Flexibility in delivery model SaaS hybrid customized September 4, 2017 6
Protect your business-critical digital assets Users Cloud Mobile IoT On-premise Rapid growth and exchange of data lacks data governance and protection at scale Apps Less enforcement and control over data occurs when using myriad of uncontrolled devices Web and mobile applications account for more than a third of breaches 1 81% of hacking-related breaches leveraged stolen/weak passwords 2 Data Protect your digital assets (users, applications, and data) and the interactions between them 1 Veracode 2 Verizon Breach Investigations Report, 2016 September 4, 2017 7
Cybersecurity past... Social Media Phishing/Spear phishing Engineered vulnerabilities Mobile devices Regulatory mandates September 4, 2017 9
Cybersecurity now... EVERYTHING from previous list Cloud BYOD Ransomware Nation-state attacks Roaming user profiles September 4, 2017 10
Cybersecurity Insights Today... 1. The word is out that technology does not solve security problems on its own. Houses don t get built with hammers alone; it takes carpenters, architects and blueprints. Effective cybersecurity needs a similar approach: Addressing your people and process risks is required. 2. Businesses continue to spend more on cybersecurity, but may be spending it on the wrong things. Businesses are seeing the importance of security and finally budgeting for it. However, they re spending their money without clear view of critical assets and may be spending money on things that matter less. 3. Regulations continue to be more than a distraction. (GDPR the $1B potential penalty) 4. Security is now about cyber resilience, not just prevention. 5. Cyberwarfare is asymmetric offense is easier than defense. The bad guys only need to be right once; we need to be 6. Assume compromise and plan accordingly. September 4, 2017 11
Cybersecurity next... EVERYTHING from previous list Artificial intelligence (AI) Internet of things (IoT) Smart cars/cities/homes Massive scaled attacks (cloud) High touch, personalized customer experience September 4, 2017 12
Reporting Security operations and analytics platform architecture (SOAPA) Defense & Response Tools Data e.g. Vulnerabilities, Threats, Assets, Configurations, Endpoint Detection, Sandboxes Intelligence Creation Unit Including Threat Intelligence or machine learning Orchestration Automation Work Flows Collaboration Security Operation September 4, 2017 13
Thank You! Help your company / clients to build a high-quality security framework for Logging & Monitoring (L&M) to align, govern, and steer the business towards a safer more agile future. Mail to: Andreas.Wuchner@dxc.com September 4, 2017 14
DXC Cyber Reference Architecture Set of detailed blueprints developed by performing hundreds of engagements spanning thousands of hours deploying security transformation programs for most of the world s largest organizations Optimize security spending, drive efficiencies & improve security effectiveness leveraging the DXC Cyber Reference Architecture expertise & blueprints. Improve maturity of your intelligent security operations capabilities, leveraging automation, analytics levering our best in class design, implementation & monitoring capabilities. Strategy, Leadership & Governance (SLG) Risk & Compliance Management (RCM) Security Resilient Architecture (SRA) Resilient Workforce (RW) Design & leverage best in class advanced threat detection capabilities & monitoring solutions integrated across your environment to protect against next generation threats. Cyber Defense (CD) Security Orchestration Leverage our expertise to transform faster, more predictably Blueprints to address specific challenges such as how to create an Intelligent Security Operations capability and how to migrate safely to the Cloud Blueprints reduce the time to value, increase standardization, provide benchmarks to evaluate existing capabilities and bring cross-industry experience to our customers Identity & Access Management (IAM) Infrastructure & Endpoint Security (IES) Applications Security (AS) Converged Security (CS) Physical Security (PS) Data Protection & Privacy (DPP) September 4, 2017 15