Professional Documents
Culture Documents
Enabling Collaboration
“enabling collaboration while
mitigating risk”
Bruce Hicks
IBM ISS Data Security Services
Agenda
• Are you prepared for the tough questions?
• Statistics, Importance and Costs
• Why a “Holistic Approach”
• An alternative approach
• Data Security is maturing
• Steps for success
• Best practices focus
• Goal for all
• Strategic directions
Are you prepared for the tough questions ?
Are you reporting
consistently across the
Do you know if
enterprise?
How do you prevent administrators
unauthorized are abusing
access? privileges?
How do you know only
How do you authorized users are
Do you know Can your given user accounts?
know your
if anyone auditors get
private
attempted an at the
customer
attack on the information How did you
data is
mainframe? they need? protect your
encrypted?
Web services
applications?
*It is the customer's responsibility to identify, interpret and comply with any laws or regulatory requirements that affect its business.
IBM does not represent that its products or services will ensure that the customer is in compliance with the law.
Data leak prevention: some statistics
• Business data is growing.*
• Data volume doubles approximately every three years.
• By 2010: zettabyte sizes (1 ZB = 1021 = 1 trillion GB)
• Approximately 80% of the world’s data is unstructured.
• More data is being lost/stolen.**
• 2006: 50 million records
• 2007: 160+ million records
• More powerful, and more risk-laden, endpoints
• For example, an 80MB mobile device holds 6,000 Word documents,
720,000 emails, or 360,000 personal records.
Protect corporate IP
and sensitive internal data
39% 35%
Develop BC/DR
33% 42%
capabilities
Manage regulatory
28% 40%
compliance
Perform digital
13% 39%
investigations/eDiscovery
• Decrease in stock value *** April 2007 report Javelin Strategy & Research
**** Tech//404® Data Loss Cost Calculator by Darwin
Why a “Holistic Approach” ?
• Unification of systems and reporting
• Complexity increases the need for proven expertise and cost
management (need to simplify)
• Need for architecture, classification, and lifecycle assessment
efforts to refine priorities and define direction.
• Regulatory requirements puts high demands on knowing, tracking
and proof.
• Various groups within pointing to where perceived problems exists.
• “Death by point products”, regulatory concerns, and need for
specialized skills and best practices with need to integrate security
management .
• Knowing the data within and it’s behavior in motion, at exit and at
rest.
• Resource constraints, understanding of much needed technology
Businesses are requiring comprehensive unification of
system and data security, plus privacy with full coverage
spanning the network, server, and endpoint strategic
control points for flexibility of ever changing regulatory and
compliance requirements
• Vulnerability Management
• Network Protection
• Multifunction Security Threat
• Endpoint and Server Protection Compliance
• Data Security and Content
• Physical Security Data
• Privacy
…. enabled and enhanced
by partnering together to meet these challenges
“These kept intact as a whole can provide ongoing flexibility and proof for business enhancement”
Collaboration brings Complexity
Trust
Risk, Threat, Management
Cost, Complexity
Core Business
Legend
Subsidiaries and
Joint Venture
Customer
Partner / Channel
Isolated Provider /
11 Operations
Outsourcer
Collaboration
Collaboration & Communication
Collaboration brings Complexity
Trust
Risk, Threat, Management
Cost, Complexity
Legend
Core Business
Subsidiaries and
Joint Venture
Select ‘Trusted
22 Customer
Partners’
Partner / Channel
Isolated
11 Operations Provider / Outsourcer
Collaboration
Collaboration & Communication
Collaboration brings Complexity
Trust
Risk, Threat, Management
Cost, Complexity
Legend
Industry-
Centric Value
44 Web Legend
Cross-
Industry
55 Value
Industry- Coalition
Centric Value
44 Web Legend
Defend
2. Build and maintain a
Access secure network.
5. Define and maintain an 3. Build and maintain a
Acceptable Use Policy program to manage
(information security policy) application or infrastructure
6. Implement a program to release, change, and
manage identity and access configuration.
4. Protect critical data in
transit, at rest, in use
Summary: Strategic Directions for
Security and Privacy
• Emerging Capabilities
• Comprehensive Data Protection / Information Lifecycle Mgmt
• Digital Video Surveillance / Video Analytics
• Identity & Access Management / Privileged User Monitoring and Auditing
• Trends
• Logical and Physical Security Convergence
• Security as a Service (On Demand)
• Expanded Scope of Managed Services
• Managed Identity and Access
• Managed Digital Video Surveillance
• Integrated Security
• Managed governance and simplified frameworks
• Comprehensive System and Data Protection
• Unified Policy Management
… powered by leading edge, world class assets
Additional References
• IBM Acts to Transform Risk Management for Businesses
• http://www-03.ibm.com/press/us/en/pressrelease/22534.wss
• IBM Data Security Services
• http://www-935.ibm.com/services/us/index.wss/offerfamily/gts/a1027705
PDF’s available:
• IBM Data Security Services for endpoint data protection
• http://www-01.ibm.com/cgi-bin/common/ssi/ssialias?infotype=an&subtype=ca&htmlfid=897/ENUS608-
017&appname=usn&language=enus
• IBM Data Security Services for enterprise content protection
• http://www-01.ibm.com/cgi-bin/common/ssi/ssialias?infotype=an&subtype=ca&htmlfid=897/ENUS608-
018&appname=usn&language=enus
• IBM Data Security Services for activity compliance monitoring and reporting
• http://www-01.ibm.com/cgi-bin/common/ssi/ssialias?infotype=an&subtype=ca&htmlfid=897/ENUS608-
019&appname=usn&language=enus
Links also available on the ISACA BrightTalk web site for this presentation
Thank You !