TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1
What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust that my assets will only be accessed by appropriate agents for appropriate business purposes? Recoverability Can I trust that I can recover my assets in the event they become corrupted/deleted? 2
Agenda Continuous Availability of Applications, Systems and Data Data Protection with Integrated Backup and Recovery Threats Identified and Repelled with Advanced Security 3
Cost Of Downtime Outages Can Be Disasters In The Always On World ESTIMATES $750/Min $45K/Hr $1.8M/Day * Enterprise Management Associates - 2012 CAUSES Business Disruption Lost Revenue End User Productivity IT Staff Time Allocation Fines and Penalties Company Reputation 4
High Availability And Disaster Recovery Calculate Downtime Costs Within And Across Data Centers Failure Domains Application Disruption Planned Unplanned RTO: Minutes-to-Hours Replication Failover and Fail-back Instance A Active Instance B Passive Passive, Idle Resources 5
Evolution To Continuous Availability Eliminate Downtime Within And Across Data Centers Failure Domains Active / Active Distributed Virtual Volume Replication Instance A Active Instance B Passive Instance A Active Instance B Active 6
RPO Continuous Availability. Redefined Continuous Avail. Seconds GRC Zero RTO Eliminate Restarts Active- Active Traditional Failover Days Days Manual, Stand-by RTO Zero 9s of Availability Swap, Stand-by 7
Continuous Availability. Redefined Protect Against Technical And Operational Failures 8
Agenda Continuous Availability of Applications, Systems and Data Data Protection with Integrated Backup and Recovery Threats Identified and Repelled with Advanced Security 10
Present State Of The Backup World THE PROBLEM 53% Companies with data loss in 2012 (31% in 2011) 24% Do not tell CEOs they are not backing up all files HOW IT HURTS BUSINESS Protect More Data Across More Environments With Shrinking Budgets Source: Acronis Global Disaster Recovery Index: 2012 43% Loss of employee productivity productivity 33% Do not back up virtual servers as often as physical 29% Loss of revenue 29% 49% Back up virtual machines weekly or monthly Loss of customer confidence Source: Vanson Bourne 2012 Backup and Recovery Survey 11
A Growing Rift Between Business & IT Application Owners IT Team 12
Leading To An Accidental Architecture IT Team 13
ACCELERATE Backup And Recovery. Redefined Self Protection Storage Leveraged Infrastructure Native App Support Integrated Traditional Backup Helpdesk 0 Isolated LEVERAGE 100% Dedicated Equipment Application Silos 14
Data Protection Continuum Availability, Replication, Backup and Archive Applications Have Different Data Protection Requirements Avamar, Data Domain, NetWorker ProtectPoint, RecoverPoint, SourceOne, VPLEX Availability Replication Snapshot Backup Archive Complementary Protection Levels To Meet All Service Levels 15
Protection and Software-Defined Storage Microsoft System Center For Exchange Microsoft System Center For SQL Server Oracle RMAN SAP HANA Studio VMWare vcenter ViPR Controller Provisioning Protection Isilon VNX VMAX XIO SIO VPLEX 3 rd Party Native SAME AS PRIMARY Open (NDMP, RecoverPoint, VPLEX OTHER EMC PRIMARY Data Domain Public Cloud 16
Agenda Continuous Availability of Applications, Systems and Data Data Protection with Integrated Backup and Recovery Threats Identified and Repelled with Advanced Security 17
Platform 3 Redefines Security Cloud, Mobile & Social Combined With A New Set Of Threats Cloud & Mobile Perimeters Are Changing Social Networks More Identities To Verify New Threats Examine All Behavior Private Hybrid Public Sophisticated Fraud Advanced Threats 18
Platform 3 Redefines Security Focus on People, Data Flow And Transactions Isolated Events (Correlated) Raw Closely Related Events Archive Real-Time Single Well- Defined Events Platform 19
Advanced Threats Are Different 1 TARGETED SPECIFIC OBJECTIVE 2 INTERACTIVE HUMAN INVOLVEMENT 3 STEALTHY LOW AND SLOW System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time Decrease 1 Dwell Time Attack Identified Speed 2 Response Time Response 20
PERIMETER Advanced Security. Redefined Individual Advanced Security Predictive analysis Activity. What if? Data Science Traditional Security Organization Monitor and Manage Past TIME Future Reports and Response What happened? 22
Advanced Security. Redefined Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Historic Security Spend Future Security Spend 23
RSA Security Analytics Distributed Data Collection Data Enrichment Alerts & Reporting Incident Response NETWORK SYSTEM PACKET METADATA LOG METADATA LIVE Investigation & Forensics Compliance Malware Analysis Intel Feeds Endpoint Visibility & Analysis LIVE Parsing & Tagging LIVE Business & IT Context LIVE - THREAT INTELLIGENCE Rules Parsers Alerts Feeds Apps Directories Reports & Custom Actions 24
CMDB Assets RSA Advanced SOC Incidents Breaches Projects Risks SIEM Discovery DLP ARCHER GRC SECURITY OPERATIONS Vulns SECURITY ANALYTICS ECAT Live Malware Analysis Client Identity Server LIVE - THREAT INTELLIGENCE Rules Parsers Alerts Feeds Apps Directories Reports & Custom Actions 25
Adaptive & Risk-Based Authentication User Action Analysis Engine Private Cloud AUTHENTICATION MANAGER + SECURID Read Email Username & Password Download Sales Pipeline Additional Authentication Two-Factor Device Profile User Behavior Profile Fraud Network Public Cloud Access Bank Account Username & Password Out Of Band IDENTITY PROTECTION & VERIFICATION + WTD Transfer Funds Challenge Q Additional Authentication 26
RSA s IM&G Platform Architecture Business Agility App Access Portal Operational Efficiency Access Lifecycle Policy Lifecycle Resource Lifecycle Reduced Risk Provisioning Remediation Monitoring Compliance Assurance Audit and Review Exception Handling Risk Analytics Business- Friendly UI Authentication / SSO Process Orchestration Integrated Workflow Identity, Resource, Policy Business Logic for Policy-based Governance Security Integration Fabric Collection Provisioning Events Data Query Integration Logic Directory Systems HR Systems On-premise Applications Data Shared Files Cloud Applications SIEM DLP GRC 27
Managing & Tracking Trust Risk Trust Requirements Data Sources RSA Archer Security Risk Asset Management CMDB Process Availability Risk Events HR Data Status Integrity Risk 28
Archer Modules The Foundation for a Best-in-Class Governance, Risk and Compliance Program Audit Management Centrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency. Business Continuity Management Automate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution. Threat Management Track threats through a centralized early warning system to help prevent attacks before they affect your enterprise. Policy Management Centrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance. Risk Management Identify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance. Compliance Management Document your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues. Vendor Management Centralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls. Incident Management Report incidents and ethics violations, manage their escalation, track investigations and analyze resolutions. Enterprise Management Manage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives. 29
Agenda Continuous Availability of Applications, Systems and Data Data Protection with Integrated Backup and Recovery Threats Identified and Repelled with Advanced Security 31