Information Security for the Future Seminar Tapio Äijälä, Chief Operating Officer NXme FZ-LLC (Nixu Middle East)

Similar documents
Information Security for the Future Seminar Oiva Karppinen, Chief Executive Officer NXme FZ-LLC (Nixu Middle East)

SIEM: Five Requirements that Solve the Bigger Business Issues

Department of Management Services REQUEST FOR INFORMATION

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Security and Privacy Governance Program Guidelines

Accelerate Your Enterprise Private Cloud Initiative

Comprehensive Database Security

Securing Your Microsoft Azure Virtual Networks

Symantec Data Center Migration Service

Securing Your Amazon Web Services Virtual Networks

Security and PCI Compliance for Retail Point-of-Sale Systems

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

GDPR: An Opportunity to Transform Your Security Operations

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

THE CUSTOMER SITUATION. The Customer Background

CASE STUDY GLOBAL CONSUMER GOODS MANUFACTURER ACHIEVES SIGNIFICANT SAVINGS AND FLEXIBILITY THE CUSTOMER THE CHALLENGE

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Total Cost of Ownership: Benefits of ECM in the OpenText Cloud

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

INTELLIGENCE DRIVEN GRC FOR SECURITY

How Cisco IT Improved Development Processes with a New Operating Model

Best Practices in Securing a Multicloud World

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Insights on IPv6 Security

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

GDPR drives compliance to top of security project list for 2018

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Three Key Considerations for Your Public Cloud Infrastructure Strategy

Cyber Espionage A proactive approach to cyber security

Cyber Security. June 2015

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

Policy-Based Security, Compliance, and Risk Management

McAfee epolicy Orchestrator

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Hybrid WAN Operations: Extend Network Monitoring Across SD-WAN and Legacy WAN Infrastructure

Position Description IT Auditor

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

Choosing the Right Security Assessment

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Symantec Business Continuity Solutions for Operational Risk Management

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Uncovering the Risk of SAP Cyber Breaches

Integrated Access Management Solutions. Access Televentures

IMPROVING NETWORK SECURITY

A Model for Resilience

itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Total Cost of Ownership: Benefits of the OpenText Cloud

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

THALES DATA THREAT REPORT

Security Challenges: Integrating Apple Computers into Windows Environments

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Transforming Security from Defense in Depth to Comprehensive Security Assurance

The Business Value of including Cybersecurity and Vendor Risk in ERM

Why Enterprises Need to Optimize Their Data Centers

Redefining IT distribution. The Portfolio. The Nuvias vendor portfolio

DDoS MITIGATION BEST PRACTICES

SECURING DEVICES IN THE INTERNET OF THINGS

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

Symantec Data Center Transformation

Buyer s Guide. What you need to know before selecting a cyber risk analytics solution

Securing Devices in the Internet of Things

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

WHITEPAPER. How to secure your Post-perimeter world

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

10 FOCUS AREAS FOR BREACH PREVENTION

TRACKVIA SECURITY OVERVIEW

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

NEXT GENERATION SECURITY OPERATIONS CENTER

Global Security Consulting Services, compliancy and risk asessment services

Jerry Luftman. Executive Director & Distinguished Professor SIM VP Chapter Relations & Academic Affairs, Emeritus

Healthcare in the Public Cloud DIY vs. Managed Services

Brochure. Data Masking. Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Session ID: CISO-W22 Session Classification: General Interest

An ICS Whitepaper Choosing the Right Security Assessment

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Network Visibility and Segmentation

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

NEN The Education Network

Reinvent Your 2013 Security Management Strategy

Insights on IPv6 Security

Closing the Hybrid Cloud Security Gap with Cavirin

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Manchester Metropolitan University Information Security Strategy

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Transcription:

Information Security for the Future Seminar 28.3.2012 Tapio Äijälä, Chief Operating Officer NXme FZ-LLC (Nixu Middle East)

Corporate Background NXme is a privately owned Dubai-based IT security company operating in the GCC region since 1998 Background in advanced, small, neutral country, Finland Thorough know-how of Internet and security technologies, company's reliability tested in 14 years with demanding government customers In addition NXme has provided its IT security services to a large number of demanding military and financial customers The total number of completed projects is in hundreds 28-Mar-12 Copyright NXme FZ-LLC 2012 2

Information Security Services NXme has Finnish roots and European experience with information security since 1988 Work and recommendations for our clients are based on widely accepted standards and founded on real world experiences Specialized in auditing and consulting all areas of information security from security management practices to technical security controls Key areas technical security audits, security management audits and security management consulting 28-Mar-12 Copyright NXme FZ-LLC 2012 4

Information Security in Finland Finland has had a broad national information security strategy since 2003 (first in Europe) The strategy has been updated several times, the latest version was released 2011 The leading consultant in the process has been Nixu - NXme's (Nixu Middle East) former mother company The strategy is extensively communicated to the general public, e.g. the Parliament is organizing widely recognized national information security days and seminars 28-Mar-12 Copyright NXme FZ-LLC 2012 5

28-Mar-12 Copyright NXme FZ-LLC 2012 6

Moving to The Cloud? Cloud computing is becoming a fundamental part of information technology Globally nearly every enterprise is evaluating or deploying cloud solutions Reasons include lowering costs, streamlining staff, increasing the speed of adaption of new solutions... But how is the security handled? How to scope with concern of turning over responsibility for your application security to an unknown entity? 28-Mar-12 Copyright NXme FZ-LLC 2012 7

Flaws and Vulnerabilities are Real Most of the cloud applications are accessed with a web browser Some reports state that over 80 percent of web applications have had at least one serious security issue These flaws expose organizations to loss of sensitive corporate or customer data, significant brand and reputation damage, and in some cases, direct financial implications A survey in 2011 estimated that there are over 350,000,000 websites in production... 28-Mar-12 Copyright NXme FZ-LLC 2012 8

28-Mar-12 Copyright NXme FZ-LLC 2012 9

Web Application Security Web applications are the primary attack target today But traditionally web application security has been seriously overlooked... Typically only less than 20% of IT security budgets have been allocated to web applications In most organizations application security is even not a strategic corporate initiative A change is needed as companies are moving to cloud computing 28-Mar-12 Copyright NXme FZ-LLC 2012 10

The Abstracted Network Layer Prior to cloud computing, the key security element of any application has been a firewall "Oh, it is a behind of a firewall, it surely is secure" Today the network layer is becoming abstracted by the advent of cloud computing The network infrastructure and especially the network security is now the responsibility of somebody else Confidence -> confusion The only thing you can control: Application 28-Mar-12 Copyright NXme FZ-LLC 2012 11

Lost Visibility of Network Security One of the main concerns is loss of visibility into attacks in progress This is particularly true with Software as a Service (SaaS) offerings Traditionally Intrusion Prevention and/or Intrusion Detection Systems have been used to give early alarms Loss of visibility, loss of control? Active communication and good understanding of the secure measures of your cloud provider required 28-Mar-12 Copyright NXme FZ-LLC 2012 12

New Security Policies and Controls Change in infrastructure is a great time to make policy changes and setup new security controls Easier to reprioritize and reallocate budget spending Good opportunity to pull business, security and development teams together Move to cloud computing can be an excellent opportunity to institute new security policies and controls across the board 28-Mar-12 Copyright NXme FZ-LLC 2012 13

Cloud Security and Business Goals For many organizations, application security has been an afterthought It was not as critical when the applications resided behind the firewall Cloud computing changes this - the value of the data stored in the cloud must be taken into account Accurate asset inventory and prioritization as a basis for vulnerability assessments Only then it is possible to assign value and implement an appropriate solution for the given risk level 28-Mar-12 Copyright NXme FZ-LLC 2012 14

Security is Security, Cloud or Not Ultimately, web application security in the cloud is no different than web application security in your own environment Now it is the time to make web application security a priority Also vendors need to be hold responsible for a good-enough level of network security But still, each company remains accountable for their own data security 28-Mar-12 Copyright NXme FZ-LLC 2012 15

Four Rules to Avoid Pitfalls 1. You can't secure what you don't know you own 2. Assign a champion - designate someone to drive web application security 3. Deploy shielding technologies to mitigate the risk of vulnerable applications 4. Shift budget from infrastructure to application security 28-Mar-12 Copyright NXme FZ-LLC 2012 16

Thank You For more information, please contact: Mr. Oiva Karppinen, CEO, +971 50 6558180 (UAE) Mr. Tapio Äijälä, COO, +966 56 9219884 (KSA) www.nxme.net - info@nxme.net "Thorough know-how of Internet and security technologies, company's reliability tested in 14 years with demanding government customers" 28-Mar-12 Copyright NXme FZ-LLC 2012 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback