Data security strategies and drivers


Published on

Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • RM – this slides covers the same topics as slide 6, should they be together?
  • RM – starting to get statistic overload by this point!
  • RM – this overlaps with slide 16, maybe rephrase the two as one focused on the goal and the other on barriers to deployment
  • RM – I like the first bullet, but it feels like a sweeping statement, are you going to provide more context – seems we have jumped from fairly generic stats to very specific predictions
  • RM – This is an important messaging slide, need to make sure these points get across. The best practices point is important and the fact that experience with early (high security) adopters like banks sets Thales and it’s partners up very well to take crypto to the mainstream. Is it possible to say more about timing and ordering of technology adoption – like storage before application level protection. What about role of standards and other critical success factors?
  • Data security strategies and drivers

    1. 1. Data Security Trends and Observations<br />Tony Lock<br />Freeform Dynamics Ltd<br /><br />April, 2010<br /><br />
    2. 2. Agenda<br />Business Drivers Influencing IT Security<br />Protecting Data<br />The Future of Encryption<br />
    3. 3. Today, business want to…<br />Reduce costs<br />Leverage existing investments<br />Rationalise infrastructure / Reduce power consumption <br />‘Optimise everything’!<br />Increase agility<br />Access information on demand<br />Support new business initiatives quickly & effectively<br />Manage risk<br />Legal & regulatory / Security and privacy<br />Continuity / resilience<br />Protect brand<br />Be good corporate citizens<br />Governance / External obligations<br />Retain Customer trust and satisfaction<br />
    4. 4. Encryption and Key Management<br /> 4043372030755980512726843227940121734585012 7154539691420762 597242857594404736383206 864822559884522781272859586310783041215189039722995842274740595660911438608619370523665877168914807728150100036532892988233489229168412298957399856995916007784076516717934157958922080355531822072807338276962545494762362555017379346840089604010135260723134336771684303126571878448235124194684200289197340444389979954931395248708578295236216355137975564230921803957049782011111357<br />
    5. 5. Why is security important?<br />
    6. 6. New risks<br />External annoyances (Spam, virus, Drive by web infections, general Phishing, etc.)<br />Targeted crime (Hackers, Targeted phishing etc.)<br />Third parties inside the firewall breaching security<br />Staff breaching security by design<br />Staff / Third parties breaching security by accident – Information leakage<br />
    7. 7. Well Protected?<br />
    8. 8. To what degree do you consider these specific risks during business planning?<br />
    9. 9. Has regulatory compliance been a specific driver in the following areas?<br />
    10. 10. Generally speaking, when you add everything up, how is your spending on IT risk related investments such as security and information management changing?<br />
    11. 11. Agenda<br />Business Drivers Influencing IT Security<br />Protecting Data<br />The Future of Encryption<br />
    12. 12. Security “culture”<br />
    13. 13. How easy is it to control the potential security risk arising from the proliferation of confidential data across different machines and locations?<br />
    14. 14. How important are the following when considering the need to secure confidential information?<br />
    15. 15. What is holding “Data Security” back?<br /><ul><li>Link to lack of accurate knowledge
    16. 16. Mixed IT infrastructure deployed
    17. 17. Who has “access” to data, especially those with escalated privileges
    18. 18. Who is using each service and who should be?
    19. 19. Encryption. where used, is deployed piecemeal not across all systems
    20. 20. Lack of process to manage solutions
    21. 21. Lack of awareness that solutions are now available for a wide range of challenges</li></li></ul><li>The role of Encryption and Key Management<br />Today encryption has been implemented in a piecemeal fashion<br />Bit by bit<br />No central management or strategy<br />Key management left to individuals or groups<br />Encryption will, ultimately, be rolled out to address all of the highlighted risk areas<br />Key desktops and laptops<br />Storage arrays<br />Mobile Devices<br />Problems will occur<br />And very, very visibly<br />
    22. 22. Agenda<br />Business Drivers Influencing IT Security<br />Protecting Data<br />The Future of Encryption<br />
    23. 23. Moving “Data Security” and encryption Forward?<br /><ul><li> Define who is responsible for security
    24. 24. How should policy be set?
    25. 25. IT, The Businessand Security partners
    26. 26. Set how to create / handle security Procedures? 
    27. 27. Implement security solutions
    28. 28. Encryption and key management
    29. 29. Make as transparent as possible to users
    30. 30. Ensure staff know what is permitted in data security management
    31. 31. Until these are addressed, change will be difficult and risks will not be managed</li></li></ul><li>Process, process, process<br />Process<br />Define Processes for security<br />Try to standardise on solutions<br />Make sure everyone understands security threats and the consequences<br />Make sure that routines / procedures are in place to manage all aspects of security<br />Especially for mobile / home workers.<br />Create a feeling of responsibility for security<br />Train / Train / Train / Communicate<br />
    32. 32. Overall mix of concerns relating to adoption of latest technologies and working practices<br />Encryption can help address these issues<br />
    33. 33. The Future of Encryption<br /><ul><li>Use of Encryption will spread, and soon
    34. 34. Silo by Silo
    35. 35. Storage, Desktops, Mobile Devices, Applications
    36. 36. Data at Rest, Data in Motion
    37. 37. Ultimately encryption will become “expected”
    38. 38. The importance of key management will be recognised
    39. 39. But not to begin with
    40. 40. Education will be required or “incidents will happen”
    41. 41. Standards (ISO 7498-2, ISO 17799 etc.) are important
    42. 42. But customers will need to move before all standards are finalised and in place.
    43. 43. Best practice / experience is valued along with advice on where to start.</li></li></ul><li>Where to start with Securing Enterprise Data?<br /><ul><li>Know where data is stored, who is using it and why
    44. 44. Storage platforms / Desktops / Applications / Networks
    45. 45. Combine asset management / identity / encryption and key management
    46. 46. Define roles and responsibilities for data governance
    47. 47. Create policies for data management and security
    48. 48. Encrypt where needed
    49. 49. And make sure everyone understands and follows them
    50. 50. Audit data access and alteration
    51. 51. Define Identities
    52. 52. Personal / Device / Service / Application
    53. 53. Get good Management Procedures in place, especially for encryption key management</li></li></ul><li>Thank You!<br />Any Questions?<br />Tony Lock<br />Freeform Dynamics Ltd<br /><br />April, 2010<br /><br />