Data security strategies and drivers
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Data security strategies and drivers



Audience – Sales and pre-sales audience selling to large enterprises and government. ...

Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics



Total Views
Views on SlideShare
Embed Views



2 Embeds 17 10 7



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • RM – this slides covers the same topics as slide 6, should they be together?
  • RM – starting to get statistic overload by this point!
  • RM – this overlaps with slide 16, maybe rephrase the two as one focused on the goal and the other on barriers to deployment
  • RM – I like the first bullet, but it feels like a sweeping statement, are you going to provide more context – seems we have jumped from fairly generic stats to very specific predictions
  • RM – This is an important messaging slide, need to make sure these points get across. The best practices point is important and the fact that experience with early (high security) adopters like banks sets Thales and it’s partners up very well to take crypto to the mainstream. Is it possible to say more about timing and ordering of technology adoption – like storage before application level protection. What about role of standards and other critical success factors?

Data security strategies and drivers Presentation Transcript

  • 1. Data Security Trends and Observations
    Tony Lock
    Freeform Dynamics Ltd
    April, 2010
  • 2. Agenda
    Business Drivers Influencing IT Security
    Protecting Data
    The Future of Encryption
  • 3. Today, business want to…
    Reduce costs
    Leverage existing investments
    Rationalise infrastructure / Reduce power consumption
    ‘Optimise everything’!
    Increase agility
    Access information on demand
    Support new business initiatives quickly & effectively
    Manage risk
    Legal & regulatory / Security and privacy
    Continuity / resilience
    Protect brand
    Be good corporate citizens
    Governance / External obligations
    Retain Customer trust and satisfaction
  • 4. Encryption and Key Management
    4043372030755980512726843227940121734585012 7154539691420762 597242857594404736383206 864822559884522781272859586310783041215189039722995842274740595660911438608619370523665877168914807728150100036532892988233489229168412298957399856995916007784076516717934157958922080355531822072807338276962545494762362555017379346840089604010135260723134336771684303126571878448235124194684200289197340444389979954931395248708578295236216355137975564230921803957049782011111357
  • 5. Why is security important?
  • 6. New risks
    External annoyances (Spam, virus, Drive by web infections, general Phishing, etc.)
    Targeted crime (Hackers, Targeted phishing etc.)
    Third parties inside the firewall breaching security
    Staff breaching security by design
    Staff / Third parties breaching security by accident – Information leakage
  • 7. Well Protected?
  • 8. To what degree do you consider these specific risks during business planning?
  • 9. Has regulatory compliance been a specific driver in the following areas?
  • 10. Generally speaking, when you add everything up, how is your spending on IT risk related investments such as security and information management changing?
  • 11. Agenda
    Business Drivers Influencing IT Security
    Protecting Data
    The Future of Encryption
  • 12. Security “culture”
  • 13. How easy is it to control the potential security risk arising from the proliferation of confidential data across different machines and locations?
  • 14. How important are the following when considering the need to secure confidential information?
  • 15. What is holding “Data Security” back?
    • Link to lack of accurate knowledge
    • 16. Mixed IT infrastructure deployed
    • 17. Who has “access” to data, especially those with escalated privileges
    • 18. Who is using each service and who should be?
    • 19. Encryption. where used, is deployed piecemeal not across all systems
    • 20. Lack of process to manage solutions
    • 21. Lack of awareness that solutions are now available for a wide range of challenges
  • The role of Encryption and Key Management
    Today encryption has been implemented in a piecemeal fashion
    Bit by bit
    No central management or strategy
    Key management left to individuals or groups
    Encryption will, ultimately, be rolled out to address all of the highlighted risk areas
    Key desktops and laptops
    Storage arrays
    Mobile Devices
    Problems will occur
    And very, very visibly
  • 22. Agenda
    Business Drivers Influencing IT Security
    Protecting Data
    The Future of Encryption
  • 23. Moving “Data Security” and encryption Forward?
    •  Define who is responsible for security
    • 24. How should policy be set?
    • 25. IT, The Businessand Security partners
    • 26. Set how to create / handle security Procedures? 
    • 27. Implement security solutions
    • 28. Encryption and key management
    • 29. Make as transparent as possible to users
    • 30. Ensure staff know what is permitted in data security management
    • 31. Until these are addressed, change will be difficult and risks will not be managed
  • Process, process, process
    Define Processes for security
    Try to standardise on solutions
    Make sure everyone understands security threats and the consequences
    Make sure that routines / procedures are in place to manage all aspects of security
    Especially for mobile / home workers.
    Create a feeling of responsibility for security
    Train / Train / Train / Communicate
  • 32. Overall mix of concerns relating to adoption of latest technologies and working practices
    Encryption can help address these issues
  • 33. The Future of Encryption
    • Use of Encryption will spread, and soon
    • 34. Silo by Silo
    • 35. Storage, Desktops, Mobile Devices, Applications
    • 36. Data at Rest, Data in Motion
    • 37. Ultimately encryption will become “expected”
    • 38. The importance of key management will be recognised
    • 39. But not to begin with
    • 40. Education will be required or “incidents will happen”
    • 41. Standards (ISO 7498-2, ISO 17799 etc.) are important
    • 42. But customers will need to move before all standards are finalised and in place.
    • 43. Best practice / experience is valued along with advice on where to start.
  • Where to start with Securing Enterprise Data?
    • Know where data is stored, who is using it and why
    • 44. Storage platforms / Desktops / Applications / Networks
    • 45. Combine asset management / identity / encryption and key management
    • 46. Define roles and responsibilities for data governance
    • 47. Create policies for data management and security
    • 48. Encrypt where needed
    • 49. And make sure everyone understands and follows them
    • 50. Audit data access and alteration
    • 51. Define Identities
    • 52. Personal / Device / Service / Application
    • 53. Get good Management Procedures in place, especially for encryption key management
  • Thank You!
    Any Questions?
    Tony Lock
    Freeform Dynamics Ltd
    April, 2010