SECURITY REDEFINED Managing risk and securing the business in the age of the third platform 1
BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS Source: IDC, 2012 MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS 2
BUSINESS IT 3
Old IT New IT Infrastructure & Applications Designed For A Different Era Customers & Employees Want Immediate, Frictionless Access Through Mobile Devices 4
Old IT New IT HELP THE CFO Build New Customer-Centric Applications & Rapidly Iterate Based On Community Feedback. 5
Old IT New IT IT Systems Focused On Data Warehousing 10101010100101010 011001010101110010 1101010100101011111 IT Skills Focused On Reporting Historical Internal Data Process Vast Quantities Of Customer & Partner Data In Real Time & Build Predictive Models Of The Future 6
Old IT New IT IT Infrastructure Is Siloed & Labor Intensive To Manage IT Infrastructure Is Slow To Provision Immediate Access To Low Cost, Elastic Compute, Storage & Network Infrastructure 7
ITaaS Management Copyright 2012 EMC Corporation. All rights reserved. 8 Security Disruptors in the Third Platform Enterprise Admins Users User Access Transformation Mobile Computing Data Center Applications Threat Landscape Transformation Advanced Threats Information Big Data Infrastructure Infrastructure Transformation Cloud Computing
We Must REDEFINE Security 9
A New Security Strategy 2 ND PLATFORM LAN/Internet PC Client/Server 3 RD PLATFORM Mobile Cloud Big Data Social Mobile Devices IT CONTROLLED PERIMETER-BOUND PREVENTION SIGNATURE-BASED USER-CENTRIC BORDERLESS DETECTION INTELLIGENCE-DRIVEN 10
Intelligence-Driven Security Reactive Historical Traditional Roles Computer Scientists Silos of responsibility People Intelligence-Driven New Cross-functional roles Social engineers, data scientists and business analysts Shared responsibility (not accountability) 11
Intelligence-Driven Security Model Reactive Historical Static policy/procedures Traditional delivery cycles Siloed governance Intelligence-Driven New Continuous monitoring and improvement Rapid/agile delivery Cross-functional / interactive governance Process 12
Intelligence-Driven Security Model Reactive Historical Perimeter-based Static controls deployed in silos Ad hoc/limited threat intelligence Technology Intelligence-Driven New Risk / Context-based Dynamic/flexible controls across IT systems Real-time actionable intelligence Intelligence must include session, network, external 13
Intelligence-Driven Security VISIBILITY ANALYSIS ACTION Collect data about what matters Risk Network Traffic Identities - Transactions Detect anomalies that indicate threats Act to mitigate business damage or loss 14
Transforming Budgets Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 15
http://www.emc.com/microsites/rsa/security-for-business-innovation-council.htm 16
Focus Areas For Technology Investment 1. Cyber-threat Resilience Detection and response to minimize damage or loss 2. End-user Experience Optimization Improved UX of security feature / function 3. Cloud Security Enhanced visibility and control 17
People / Staff Recommendations 1. Redefine and strengthen core competencies 2. Delegate routine operations 3. Borrow or rent experts 4. Lead risk owners in risk management 5. Hire process optimization specialists 6. Build key relationships 7. Think out-of-the-box for future talent 18
Process Improvement Recommendations 1. Shift Focus from Technical Assets to Critical Business Processes 2. Institute Business Estimates of Cybersecurity Risks 3. Establish Business-Centric Risk Assessments 4. Set a Course for Evidence-Based Controls Assurance 5. Develop Informed Data Collection Techniques 19
What You Can Achieve Risk-driven Prioritize activity and resources appropriately Incremental, Steady Progress New capabilities improve your maturity over time Future proof Enables response to changes in landscape not based on adding new products Agile Enables the business to take advantage of new technology and IT-driven opportunities 20