• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Protecting the "Crown Jewels" by Henrik Bodskov, IBM

Protecting the "Crown Jewels" by Henrik Bodskov, IBM



The presentation was given at the Digital Threats and Solutions conference held by InfinIT on 20 March 2014.

The presentation was given at the Digital Threats and Solutions conference held by InfinIT on 20 March 2014.



Total Views
Views on SlideShare
Embed Views



3 Embeds 266

http://infinit.dk 236
http://www.infinit.dk 29
http://www.google.dk 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Protecting the "Crown Jewels" by Henrik Bodskov, IBM Protecting the "Crown Jewels" by Henrik Bodskov, IBM Presentation Transcript

    • © 2013 IBM Corporation IBM © 2013 IBM Corporation Protecting the "Crown Jewels" -- IBM Confidential A management view on how enterprises protect their most valuable assets “Crown Jewels” March , 2014
    • © 2014 IBM Corporation IBM Protecting the "Crown Jewels" - March 2014 Cyber Security – why do we care? It is a large undertaking to secure the operations and proprietary information of a large enterprise – as IBM we understand this very well • Looking after our own needs: IBM secures the operations and proprietary information for a globally integrated enterprise that spans 150 countries, with more than 450,000 employees, 120,000 servers and a half-a-million networked devices • Looking after our clients : In addition to securing our own global operations, we provide security services and solutions to virtually every sector of global businesses • Selling security software, hardware and services This is a significant and growing business – providing global threat information to public and private sector – from securing the web for new threats to providing state of the art network analysis – such as QRadar
    • © 2014 IBM Corporation IBM Protecting the "Crown Jewels" - Crown jewels are more likely to be stored in unstructured data stores (e.g., MS Office files, Adobe, email) than structured repositories (e.g., SAP, Siebel, DB2, Oracle) and are therefore harder to control. “Crown Jewel” information represents an organization’s most critical information such as: o Trade secrets/IP (product design documents, formulas, algorithms, source code) o Board deliberations o Merger, acquisition & divestiture plans o “C level” recruitment/separation decisions While small in numbers (on average between 0.01 to 2% of an org’s entire data store), 70% of the value of publicly traded corporations is estimated to be in IP (U.S President’s 2006 Economic Report to Congress). Loss of “Crown Jewel” data can be devastating. While theft of crown jewels is not a new phenomenon, the enormous scale of IP theft is a relatively recent phenomenon due in part to the level of digital interconnectivity. Crown Jewel protection programs must balance access needs with prudent control. Protecting the "Crown Jewels" -- IBM ConfidentialOctober 2013 ”Crown Jewels” Protection – an overview
    • © 2013 IBM Corporation IBM Security Board of Advisors Protecting the "Crown Jewels" -- IBM ConfidentialProtecting the "Crown Jewels" -- IBM Confidential http://www.verizonbusiness.com/resources/reports/rp_data- breach-investigations-report-2012_en_xg.pdf?CMP=DMC- SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Time span of events by percent of breaches It’s gone before you realize it October 2013 Compromises are difficult to discover. In 96% of incidents it takes days and in over 91% of incidents it takes weeks.
    • © 2014 IBM Corporation IBM Protecting the "Crown Jewels" - “While it is true that the rise of personal computing has added a new dynamic to protecting intellectual property, it is important to remember that nearly all IP loss, no matter how high- tech, still requires a human component. It is rare that a significant violation is perpetrated through cyber methods alone. In order for IP theft to be successful, a human element is needed. While cyber methods add new challenges, the fight is still human.” source: The Commission on the Theft of American Intellectual Property. Published May 2013 Typical threats Digital data is duplicated, loaded onto portable storage devices, used in non-production environments, sent via email to personal accounts, and copied to “the cloud” Laptops or smart devices are stolen or temporarily accessed, for the purpose of duplicating the hard drive Information is shared via social media channels Products are dissected, re- engineered, and sold without permission or payment Digitized products are pirated and sold illegally; Networks are compromised and “tapped” for the purpose of obtaining trade secrets or “crown jewels” Malware is used to steal user credentials and passwords, which are in turn used to access and steal data Protecting the "Crown Jewels" -- IBM ConfidentialOctober 2013
    • © 2013 IBM Corporation IBM Security Board of Advisors Protecting the "Crown Jewels" -- IBM Confidential Crown jewel data is of high value to the organization Enterprise Critical Executive Regulated Business Strategic Business Unit Critical Critical intellectual property Top-secret plans and formulas Executive and Board Deliberations Acquisition and Divestiture Plans SPI & PII Sarbanes -Oxley HIPAA ITAR Quarterly results External Audit Results Alliances & Joint Venture, Partner Data Business Strategic Plans Design Documents R & D Results Customer records Pricing Data Security Data Operational Project Plans Salaries & Benefits Data Contracts Accounts Receivable Near-Public Revenue Growth by Segments List of Partners Market Intelligence 0.01-0.1% 1-5% 1-50% 10-20% 20-80% Pay Comparison Data 10-80% Data Type Examples % of Sensitive Data D a t a V a l u e 0.1 - 2%
    • © 2013 IBM Corporation IBM Security Board of Advisors Protecting the "Crown Jewels" -- IBM Confidential  Board documents are frequently created and shared amongst small teams in short time scales  Teams use simple tools – for instance mobile devices or tablets - to read, edit and store the information  These devices (tablets, ipads, and phones) are often used for convenience and communicate outside the corporate infrastructure – eg cloud.  Incidents are often the result of employees using external networks, for instance internet mail such as Gmail – for storing and sending sensitive documents and emails – even though it is strictly against corporate rules  Typically people rather than technology are the weak links – a high percentage of corporate security incidents are due to human failings: whether arise out of lack of care, as above, or lack of awareness – for instance clicking on a dubious attachment and downloading malware Protecting the "Crown Jewels" -- IBM ConfidentialOctober 2013 Example of a typically poorly protected asset: Board documents
    • © 2013 IBM Corporation IBM Security Board of Advisors Protecting the "Crown Jewels" -- IBM ConfidentialOctober 2013 IBM Examples Technology •Bring your own Device •Remote wiping •Additional security layers •Crown jewel type documents – not available on hand held devices •Documents that reside on corporate networks not available via mobile devices •High use of technical methods to protect data for instance encryption People •Mandatory training from senior execs down on the need to respect corporate guidelines (BCG programme) covering among other things confidentiality •Digital IBM training course – highlighting risks associated with phishing and so on •Frequent awareness campaigns and CEO led education – for instance Think Fridays and our Security and Privacy training being rolled out now
    • © 2013 IBM Corporation IBM Security Board of Advisors Protecting the "Crown Jewels" -- IBM Confidential ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.