Your SlideShare is downloading. ×
Download It
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Download It

1,027
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,027
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Note to presenters This is a short CIO / CFO / CSO deck, designed to be integrated with other Adaptive Enterprise presentations. Goals of the presentations “ HP is committed to securing the Adaptive Enterprise.” “ HP can help me with my security needs/pains today.” 2-3 ideas on “where to start” (call to action – “have my CSO or direct reports call HP to learn more about what HP offers”) For questions or comments, please contact Elsie Wu (408-447-4594) or Vicki Metsers (408-447-0729). [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{BCF65AA6-232A-4F3E-A0C1-7C529A67A830}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 The objectives for today’s presentation are: Capture and discuss key IT security issues that face enterprises today Identify security trends and expand upon HP’s holistic approach toward effective security solutions Present HP’s key security solutions and their role in securing an adaptive infrastructure, including the steps taken to: Consult – a full spectrum of consulting, integration and support services Innovate – focused HP investments and products Partner – integrated best-of-breed partner solutions Manage – the HP OpenView framework for security management Validate HP’s approach with client studies outlining our success in building secure environments NOTES TO SPEAKER: The most appropriate AUDIENCE: CIOs and/or business managers. Note that the security specialists of your customer will find this presentation too high level. You should use these slides to generate interest for a services-led approach. Use HPC specialists for detailed security discussions with your customer HP SALES OBJECTIVES Level 1 presentation Generate demand for, and increase sales of, of HP Security Solutions – leading with consulting and services. By association, enhance sales of HP servers, storage, software and services Support HP’s overall adaptive infrastructure messages The next section deals with the evolution of security threats as businesses “expose” more of their internal systems: To employees and contractors To external customers, partners and vendors It provides information on the growing number and type of “cyber” attacks, thereby generating customer motivation to take action to counter a growing threat to their business The section’s objectives are: Establish security as top priority to motivate customer action Provide the context for the discussion – security solutions have evolved in complexity as network-based applications have become pervasive Establish ‘common ground’, evaluate threats and discuss issues in order to articulate HP’s strategy and generate the need for HP’s solutions [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{5A810659-8ACE-4609-8DA3-E1FD18088AFB}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Enterprises today are dealing with an increasingly risky business environment. Today’s interconnected global marketplace has led to an enormously increased pace of change. The increasing speed of technological innovation has contributed to that. The pace of change isn’t going to slow down. We can expect this volatility and lack of predictability to continue to accelerate. As we help our customers to deal with their business and IT challenges, a consistent list has emerged. Can I have a show of hands if this list of business and IT challenges reflect an accurate view of what your company has to deal with ? What’s the role for IT in all of this? - It is the instrument which enables the business to deal with these challenges – hopefully, turning them into opportunities. Traditional and on-going mandates of operational excellence, while coping with day to day issues like cost containment or reduction, backlogs and the like, have not gone away. But new mandates have been added to the list. IT must improve its alignment with the business and its response to new business requirements. Many IT organizations are having a very difficult time with this today The ability to adapt quickly is key. If the organization is agile, it can quickly identify the change in customer demand and market conditions and adapt its value proposal and value delivery system accordingly. Agile companies can manage change for competitive advantage. ============== Additional Notes: You must drive new business models and be able to change directions quickly in order to succeed in the midst of increasing rate of change in market conditions with shorter windows of opportunity and increased speed of innovation that raises the bar for competitive advantage. Creating business value in this type of environment means that you have to gain customer loyalty and respond to external forces and competitive threats with counteroffensives very quickly. You also have to be able to seize market opportunities as they arise. There are new industry drivers that demand your company shorten-time-to-market. Your business will be held back, or become less effective if IT can’t meet information needs (linking business and IT). This linkage and the ability to react quickly becomes especially critical as shortened product cycles become the rule, rather than the exception. Long windows of opportunity to respond disappear and the concentration of profit potential early in the cycle is even more profound leading to a much shorter window for realizing full returns. For example, “not long ago, the big three automakers had 10-year or longer product cycles for their major product lines. Ford’s flagship F-Series pickup went essentially unchanged for 15 years until 1996. Today..U.S. car makers are seeing product cycles shrink to five years or less.” (IT on the Fast Track, John Damgaard, Optimize magazine, Sept, 2002.) Current economic conditions have significantly constrained available resources and brought about pressure to reduce IT spending, however at the same time there is the demand to improve service levels and ROI. Decisions you make today will affect your cost structure both today and tomorrow. Simply throwing more cash towards IT won’t necessarily make your infrastructure more adaptive, it must be systematically designed in and developed, and strategically managed. You might also be dealing with mergers, acquisitions, and divestitures which only add the complexity that your IT environment is operating in. As a result of mergers, acquisitions, and divestitures normal IT priorities are placed on hold while resources are forced to focus on more immediate integration challenges. Your competitors are likely to make the most of the opportunity—putting more pressure on you to act quickly. An adaptive enterprise, delivered by a flexible partner that can work within your parameters to close the gap between your business and IT, will help you be more cost-effective, get the most out of your investment, and achieve a strong overall return on your long-term IT investment. The five IT imperatives listed on this slide are critical requirements to helping a company meet its most pressing business issues. An Adaptive infrastructure helps your business: Improve Agility: Your IT environment must drive competitive advantage with an IT environment that dynamically adapts and evolves to improve business agility. Manage Costs: Reduce acquisition and operating costs, move toward variable (versus fixed) IT costs, and invest in innovation for competitive advantage. Mitigate Risk: Need to mitigate and manage risk to guarantee the secure and continuous operations of the business. Increase Quality: Need to increase the level and quality of IT service delivered to the business. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{396D907E-77B3-4107-9694-697B59867E56}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Slide objectives: Somehow we must paint the picture that we understand customers’ security needs today, can address them today, and help them down the path of an adaptive, trustworthy infrastructure for the future. CIO Feedback from 9/2003 CIO Advisory Forum hosted by HP: Security is one of the few areas in which they foresee increased spending They almost demanded that HP provide tools to monitor, detect, inoculate, and heal threats Intelligent monitoring combined with strong policy-based security management was also important Bottom Line: "Help me keep my business going in light of all these threats" is priority #1 Financial regulations (e.g., Sarbane-Oxley, Gramm-Leach-Bliley) require CFOs to sign their financial statements. As a result, more and more CIOs have dotted line or solid line reporting to the CFOs. And these CFOs are now demanding better access control to data and applications. They are also requiring audit trails to data changes. Privacy Regulations HIPAA in the US for patient privacy (with hospitals and healthcare providers) Safe Harbor between the European Union and the US Privacy Act in Australia In certain US states, a company is required to report “break-ins” to the government and to the consumers when databases or applications that hold consumer/user data have been attacked. “ More dynamic business environments” means… Changing business models and partnerships – new business partnerships come and go at a much faster pace than ever before. How do you make sure the partners have the right level of accesss to only the information they need as soon as the partnership is established, and no more after the partnership ends? How do you make sure that wherever your partners are, both physically and electronically, they do not add additional risk to your business enviornment? Broad, dispersed access devices and access points – think of all the different access devices (e.g., PDAs, cell phones, laptops and devices). CIOs and network managers feel that they can no longer definitively identify where their corporate network ends. And they also fear that there are wireless access points employees set up for themselves that are not secured. And where do the employees typically work now? They are more mobile than before. Many companies have increasingly larger populations of employees working from home. Are their alternate access points safe for your enterprise? “ More complex application environments” means… More versions of applications spread across the enterprise, many out-of-date, some no-longer supported. Bugs, bugs, bugs. Implication of web services and grid computing? Question to customers: How many applications do YOU have to secure to meet the financial data integration and auditing requirements like Gramm-Leach-Bliley Financial Services Modernization Act? Question to customers: How many databases do you have to secure to meet your consumer privacy, or Safe Harbor requirements? [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{28E59B96-05DC-4BEE-B707-DE912928C331}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 This chart illustrates a pretty conservative view of the numbers from the Contingency Planning group. As it shows, the IT infrastructure of businesses today are so interlinked and intertwined that an outage of any kind will have widespread impact. In the case of a disaster striking a brokerage firm’s operations, consider that just 5 hours of downtime could result in lost revenue of just under $40 million dollars. Today’s advanced levels of connectivity, both internally and externally, result in even higher levels of fiscal vulnerability. So what is your real cost of having the doors to your business locked, your IT and your business unavailable? Having your business offline has the same effect as sending your employees home and closing all operations. And as we’ve seen recently, continuity isn’t just about about disaster planning, but more a broad range of availability planning. Having what you need, when you need it – an availability continuum that fits your way of doing business and your tolerance for downtime. We all know that there are so many ways for your business to go offline: human error, power outages, security & service attacks, and of course natural and man-made disasters. And it’s not just servers or applications, it’s the entire continuum of availability that needs to be addressed. A critical aspect of any enterprises’ business continuity planning is security. HP envisions a future where there are no boundaries between real-world security and IT security – with security service-level agreements and unified security models. We see this happening over time. Real world security creates boundaries (both logical and physical), and IT security protects assets: its identities, data integrity, and continuity. So, let’s just define Business Continuity -- it is… … a way of doing business and continuing to stay in business … a plan to assure business processes - including suppliers and service providers - are always available to meet critical needs It isn’t… … a specific product or technology … a “project” with a beginning and an end … just disaster recovery or high-availability Let’s now look at some of the different layers of the business continuity story… [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{F6BD5B7C-ECFD-4BF0-B322-1A26FE875A5E}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 The bottom line, however, is the bottom line. Recent research by the Contingency Planning group demonstrates the dramatic financial impact of down time to various industries. These economic benchmarks can serve not only to underscore the importance of business continuity but they can also help as you evaluate the economics of your needs. To save a few thousand dollars you probably don’t want to spend millions. On the other hand, the potential loss of millions of dollars might very quickly lead to justifying a multi-hundred-thousand dollar investment. Loss of data and downtime is, at best, inconvenient. For instance, if access to the ATM goes down, the customer can still go to a local branch office. You may lose ATM fees, but the customer can keep going. If you’re shipping packages for someone, a package can still be a day late without totally losing your customer. But in other areas, the cost of down time can be catastrophic. Consider some of these human and intangible sides of downtime. “ 911 Emergency Services” availability means lives saved, not lost. Poison control center database availability means the same. As do hospital and pharmacy records. Further health and safety issues surround nuclear power plants and air traffic control. For an e-business that experiences reduced availability, lost business is only a mouse click away: a mouse click by the lost customer. Brokerage operations can effect the state of the world economy! But with money as the measure, the figures can be astounding. In 1998, the Standish Group (1998) reported that costs of downtime typically range from US$1,000 to US$27,000 per minute. What’s more, in some cases the cost of downtime for a single incident has exceeded US$10,000,000. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{DF5A83CA-5B50-4DD6-8CEF-CE71EF61176E}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 [needs to be rescripted to address additional transitions and to speak to the X-axis in RPO/RTO context.] [This slide is built with three transitions.] [Click 1] The longer a business process is unavailable, the greater the losses. [Click 2] The faster you want to recover, the more it costs. [Click 3] There is a point at which the potential loss equals the cost of recovery. This is one way to determine how much to spend on your plan and how long the process is allowed to be unavailable. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{5DB93639-89CA-4CF8-ADB9-F13013BCE648}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Put this slide on Screen Show Mode This describes how the five security solution families relate to the Adaptive Enterprise “Darwin Reference Architecture” SLIDE NOTES: HP’s vision for the Adaptive Enterprise recognizes the role of information technology (IT) in an enterprise is shifting. This evolution is required to enable companies to become truly adaptive, to handle change without disrupting the business, to both respond to and take advantage of change. HP has developed a standards-based framework for this, the Darwin Reference Architecture, which provides an evolutionary path to the adaptive enterprise. This framework supports the necessary changes in the way IT is architected, managed, and operated. One of the key shifts on the way to an adaptive enterprise is to move from implementing business processes through discrete applications and dedicated resources (vertical silos) to a horizontal model, where the IT infrastructure is a foundation that serves the entire enterprise, not discrete business processes or business groups in isolation. Likewise, access to information shifts from being application-specific to becoming context-specific. Security is a key concern in any IT infrastructure. Ad-hoc security implementations often result on interlocking the various components of a business application, creating implementation silos. The Enterprise Security Governance program provides an enterprise-wide policy foundation that applies uniformly to the whole IT environment. The enterprise security program is setup so it remains aligned with the business requirements and the ever-changing risk environment. This enables the shift from a vertical to an horizontal model. As such, it is an integral part of how the IT system is integrated and orchestrated. Resources in the IT environment for the adaptive enterprise are defined by the characteristics of the service they provide, including how strongly the business applications are protected. The Trusted Infrastructure solution provides a methodology and the fundamental building blocks to create an IT resource infrastructure which supports the needs of the adaptive enterprise. The adaptive management of the security system is much more than the management of each of the security services implemented in the IT environment. The ability to monitor events and respond to incidents at the level of the enterprise is an essential part of the security lifecycle. The effectiveness of the security system is dependant on this capability. This functionality is an integral part of Management and Control, focusing initially at the resource level and extending to service and business levels as the IT environment matures to support the adaptive enterprise. Application and infrastructure services evolve in parallel to the resources provided by the IT environment: rather than building a dedicated environment for each business application or group, business processes are implemented through shared application and infrastructure services. In particular, rather than having each application implement its own user and authorization registration and enforcement, the adaptive enterprise architecture calls for an enterprise-level Identity Management solution, provisioned as an infrastructure service to be used in the implementation of the business processes. The Identity Management solution also covers all aspects of identity provisioning. When combined, these four security solutions create the backbone of an enterprise security system that can adapt to the changing needs of the adaptive enterprise. NOTE: it can be also noted that, just like all other aspects of the IT infrastructure of the adaptive enterprise, there is no “one-size-fits-all” solution. The solution effectively deployed must be structured to fit the principles of the company, hence the importance of a modular approach to allow building a solution tailored to the specific needs of the business without having to incur the cost and inefficiencies of a full custom solution. HP invents, designs, delivers, and manages business-enabling and cost-effective security components and solutions, linked across a distributed and heterogeneous environment for customers, enabling an adaptive enterprise AND minimizing potential exposure to security vulnerabilities and liabilities. HP builds security into all our products. (From devices to data centers, wired to wireless.) HP security solutions span an entire IT infrastructure (environment, host, network, devices, email, printing); secure business solutions (single-sign-on, directories, secure payment). HP security life cycle services: assess, plan, design, deploy, & manage and support. HP integrates and partners with “best of breed” security vendors. HP designed security into the Darwin Reference Architecture for the Adaptive Enterprise (AE). HP helps build the bridge between your security today, and your secure, adaptive enterprise. (From point security products and solutions to multiple and integrated security solutions linked across the enterprise.) [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{99B0587E-A7E4-4CBE-AF15-58FB3F809EC0}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Planning & Governance: How HP is Different? Security expertise across the distributed and heterogeneous, multi-vendor environment In bridging a customer’s point security products and solutions to extend to the adaptive enterprise, HP provides planning and governance services for the secure application services, infrastructure services and virtualized resources that support the AE. leverage HP’s investments in services, products and technologies that that will improve the adaptability of their infrastructure. Worldwide “one-stop-shop” – global projects and local deployments (Secure access devices and client systems to data center security requirements, host and system security, and security services offerings including consulting, systems integration, project management, training and managed services. Ability to examine and derive cost effective security solutions from risk mitigation and management to network security architecture and application security. HP as a third party “Trusted Advisor” in the selection, integration and management of “best-in-breed” products and technologies for the enterprise. Trustworthy Infrastructure: How HP is Different? Security designed into HP products, systems and solutions; several layers of built-in security in networking solutions. HP’s secure infrastructure offerings include secure Operating Systems and platforms, trusted platform architecture, encryption, security application integration, secure storage and printing, physical asset protection. Expertise across the distributed and heterogeneous, multi-vendor environment productivity devices to data centers wired to wireless systems to applications, web services Integration of secure mobility into existing network architecture. Open VMS Implementations. Trusted infrastructure technologies mapped to HP’s Darwin Reference Architecture – the foundation of products, services and solutions which, when implemented together build to establish a utility-like environment which enables the highest order of business agility. Here, the linkage between business processes and applications is extended across suppliers, employees, customers and partners. Management and control across resources, operations and business processes is automated and intelligent. Mapped to HP’s Darwin Reference Architecture are the following HP security offerings: Identity Management (Authentication & Access Control, Directory Services, Access Management, SSO, PKI, Smart Card Integration, Enterprise Access Management) Trusted Infrastructure (Infrastructure Review & Implementation Design, Physical Asset Protection, Network Security, Adaptive Network Architecture, System and Host Security, Secure Printing, Secure Email, Application Scanning and Secure Storage Solutions) Security Event & Incident Management (Security Policy Management, Security Event Correlation, Security Incident Management, Managed Security) Enterprises Security Governance (Security Strategy and Policy Services, Risk, Threat & Vulnerability Assessment, Security Training & Awareness) Bridge today’s security priorities with tomorrow’s adaptive enterprise. In bridging a customer’s point security products and solutions to extend to the adaptive enterprise, HP’s Adaptive Infrastructure security products, services and technologies includes the application services, infrastructure services and virtualized resources to support the AE, and include major investments in TCG and extending OpenView into a new model: HP’s Adaptive Management Model. Identity & Access Management: How HP is Different? Expertise with marketing leading technologies from Microsoft, Netegrity, Critical Paths, and many others Improve your identity and access management ROIT across the enterprise business solutions (e.g., single-sign-on, directories, enterprise portal, e-commerce, e-business) Deploys more Microsoft implementations than any other company. Bridge to the Adaptive Enterprise with policy-based resource identity and access management at all levels of the Darwin Reference Architecture Security Management: How HP is Different? “ Single Pane of Glass View” across system, identity, access, and security management Worldwide, 7x24 mutli-vendor support for your distributed, heterogeneous security needs Business and Commerce Enabling Solutions: How HP is Different? Security from infrastructure devices to business applications Secure HP platforms for critical financial transactions and secure government environments. Atalla security products provide a complete range of hardware processors for banking, Internet and enterprise applications. Using encryption technology embedded in hardware to safeguard sensitive data, including financial transactions over private and public networks. It is these products that bring strong hardware-based security required for financial networks to back office operations as part of HP’s NonStop Enterprise Division. HP’s NonStop servers feature a shared-nothing highly parallel processing architecture with a modular operating system. Except for a small kernel, most of the NonStop Kernel operating system functionality is handled by specialized system processes, such as the memory manager, communications manager, network manager, and disk access manager, that communicate through interprocess messages. Processes run in their own virtual address space so no matter what a nonprivileged process does, it cannot view the memory of, or negatively impact, any other process running on the system. Processes send messages to each other; therefore, they cannot overwrite each other’s memory. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{925CD051-8061-432E-B047-E3D752E5DC20}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 CISSP = Certified Information Systems Security Professionals VPN = Virtual Private Network (full point-to-point secure network connection, generally used for B2B connection, or employee-to-office) Worldwide “one-stop-shop” – global projects and local deployments (Secure access devices and client systems to data center security requirements, host and system security, and security services offerings including consulting, systems integration, project management, training and managed services.) Ability to examine and derive cost effective security solutions from risk mitigation and management to network security architecture and application security. HP Security + HP Business Continuity Implementations = Total Trusted Environment. Our network security strengths 32 countries with Cisco VPN Security Certifications 700 NW consultants, 2800 NW support engineers, 2500 Managed services network operation specialists. 25 WW Operations centers delivering network support 1600 Cisco certified engineers holding 6000 Cisco certifications, 37 Cisco Gold countries, 10 Silver Certified companies across the globe Routers Managed = ~30,000 Switches Managed = ~ 520,000, supporting ~ 1.5M Ports Wireless Access Points Managed = ~ 3,500 Network Traffic Managed = ~900,000 GB/month [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{F83B26E2-01C8-4C79-9B57-54D5D727AFED}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Example of “Planning and Governance” Solution Delivery DO NOT MODIFY. THIS HAS BEEN APPROVED BY CUSTOMER. HP Security Solution Family: Planning and Governance   Adaptiveness / Agility (measured by time, range, and ease) takeaway: By defining and employing a set of global security standards for the entire company, Munich Re built a foundation for security in current and future IT projects. (“Standardize” is one of the more adaptive enterprise design principles). Background: Munich Re is the world’s leading re-insurance company. By definition, insurance is all about risk. Munich Re has devoted countless resources to assess all shorts of risks – from natural catastrophe like earthquakes, windstorms, and floods to man-made disasters like bankruptcy and political unrest.  “ Information security”, says Michael Lardschneider, Corporate Information Security Officer for the Munich Re, “is a must. No company can live without it today.” secure e-commerce Munich Re engaged HP Consulting and Integration to help them realize their information security goals – including defining global security standards, selecting and testing security tools, designing and implementing global information security practices, setting up an information security office to implement and manage change, and conducting security awareness training sessions for management and employees in Germany and North America. “ HP consultants are not only well educated, they are up to date on security issues. They know what they are talking about and they know how to communicate their expertise to the group at large. They have a lot of experience moderating and organizing workshops, and then following up with documentation and delivery,” said Michael Lardschneider, Corporate Information Security Officer at Munich Re. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{C8EAAACC-7B2E-4156-8FA5-67CE253FEF5F}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{F036A486-14ED-455C-BDAF-7D5A93DD9178}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Security designed into networking products & solutions: OS’s & Platforms Trusted Platform Architectures (chips embedded into all devices to store device identity) HP Atalla’s Encryption Embedded Security Applications Secure wireless and mobility solutions integration. HP’s Zero Latency Enterprise (ZLE) architecture for homeland security. HP ProtectTools on HP Compaq Desktop won the “Best Security Product” and “Best of Show” awards at TechXNY in 9/2003 (see <http://www.techxny.com/home.cfm>) Our network security strengths 32 countries with Cisco VPN Security Certifications 700 NW consultants, 2800 NW support engineers, 2500 Managed services network operation specialists. 25 WW Operations centers delivering network support 1600 Cisco certified engineers holding 6000 Cisco certifications, 37 Cisco Gold countries, 10 Silver Certified companies across the globe Routers Managed = ~30,000 Switches Managed = ~ 520,000, supporting ~ 1.5M Ports Wireless Access Points Managed = ~ 3,500 Network Traffic Managed = ~900,000 GB/month Secure wireless and mobility solutions integration. HP’s Zero Latency Enterprise (ZLE) architecture for homeland security. HP’s Darwin Reference Architecture – the foundation of products, services and solutions which, when implemented together build to establish a utility-like environment which enables the highest order of business agility. Here, the linkage between business processes and applications is extended across suppliers, employees, customers and partners. Management and control across resources, operations and business processes is automated and intelligent. Mapped to HP’s Darwin Reference Architecture are the following HP security offerings: Identity Management (Authentication & Access Control, Directory Services, Access Management, SSO, PKI, Smart Card Integration, Enterprise Access Management) Trusted Infrastructure (Infrastructure Review & Implementation Design, Physical Asset Protection, Network Security, Adaptive Network Architecture, System and Host Security, Secure Printing, Secure Email, Application Scanning and Secure Storage Solutions) Security Event & Incident Management (Security Policy Management, Security Event Correlation, Security Incident Management, Managed Security) Enterprises Security Governance (Security Strategy and Policy Services, Risk, Threat & Vulnerability Assessment, Security Training & Awareness) Integration of secure mobility into existing network architecture. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{BE5C07E7-DD17-41C0-B1E8-C66DE2533518}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Example of “Trustworthy Infrastructure” Solution Delivery – “Secure Printing” DO NOT MODIFY. THIS HAS BEEN APPROVED BY CUSTOMER. Security Solution Families Trustworthy Infrastructure Identity and Access Management   Adaptiveness / Agility (measured by time, range, and ease) Use of XML makes it easier to support other documents in the future. Use of PKI-based encryption and decryption ensures secure transition. Digital processing over the internet offers considerable saving of time and cost, enabling the Chambers and the applicants to become more agile to meet their business needs. Background The 21 Dutch Chambers of Commerce together handle more than 500,000 export-related documents per year. During the processing of these documents various aspects are verified. Much time and cost is involved, particularly in the physical delivery. The Chamber of Commerce wanted a solution to process the export documents digitally via the internet. The total solution, named Export Documents Online (EDO), had to include a Web based application together with a secure means of printing locally.   The requirements set by the Chambers of Commerce for the total solution were as follows: • Security Straight forward accessibility for authorised users and easy to use Compliance with all legal requirements (Dutch, European and International) The ability to print official documents (COOs) Extensible with regard to supporting evidence (proof) concerning COOs Easy to interface to the internal systems of the Dutch Chambers of Commerce   HP engaged partners Datascan and JetCAPS for the development of this solution. This solution enabled secure, one-off transmission and printing of document. After printing, the data is erased by the built-in Java technology from HP Chai.   For the Chambers this solution means an enormous simplification in the flow of forms. The documents can be produced at the applicants’ premises without any security issues and the Chambers can now offer a far higher level of service. For those applying for the certificates it also offers a considerable saving of time and cost. The improved procedure for handling applications has meant much more efficient work practices, which in turn has lead to a reduction in turnaround times for the authentication of documents. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{80DF34EC-EAE8-42B4-893F-10D72C478C8D}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Example of “Trustworthy Infrastructure” Solution Delivery – Secure Wireless LAN” DO NOT MODIFY. THIS HAS BEEN APPROVED BY CUSTOMER. Security Solution Families Trustworthy Infrastructure Background: University of Alberta, which places a strong emphasis on technology's role in teaching and learning, has emerged as one of Canada's largest research-intensive universities. Placing an equally strong emphasis on network security, the university's Faculty of Engineering recently set out to create the most secure network for their unique communication needs while providing personalized network services to users. They chose and implemented HP ProCurve's networking solution because it ensures the most secure network possible, protecting highly confidential, potentially valuable information--and peace of mind--for faculty and students. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{D7FEDF91-9135-4104-9488-1D0A45A2B996}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{70A35D02-887D-43BB-BF44-060B1038EF35}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Traditionally “identity and access mgmt” means user access to systems. It includes employee access from outside the firewall (e.g., with VPN), and “single-sign-on” to enterprise portal. User authentication can take three forms – 1. something you know (like a password); 2. something you have (like a smart card); and 3. something about you (like a fingerprint). Using these authentication mechanisms in conjunction with one another, make them even stronger and more difficult to forge/crack. HP is also leading the development of a new kind of authentication solution - Trusted Computing – in its award winning ProtectTools Embedded Security solution which authenticates the device. Bridge to the Adaptive Enterprise (core part of “Adaptive Mgmt”) This is one of areas with significant HP investment (including the recent acquisitions of Select Access, Talking Heads, Extreme Logic, and potentially a few more). Our investment is to extend the traditional “Identity and Access Mgmt” from users to include devices, systems, applications, and web services. HP is the leader in this extension. Our investment is also to integrate the traditional “system mgmt” (with OpenView), and “security mgmt” (through OpenView and our security product partners), with this new, extended “identity and access mgmt” for a “single-pane-of-glass view” that no-other vendor has. This will significantly reduce the TCO (e.g., development, maintenance, and management cost), and significantly mitigate risks (easier to monitor, faster to detect and react and heal). This is a core part of “Adaptive Mgmt”. Improved RoIT by extending identity and access mgmt into enterprise business solutions Most of the identity and access mgmt vendors provide point products today. Very few companies can really bring it all together for the enterprise-scale implementations. HP is also actively participating in the Liberty Alliance for “federated identity” in the web services paradigm – whether through .NET or J2EE. With our strategic partnerships with Microsoft (for .NET), BEA (for J2EE), and Oracle (for J2EE), we’re in a better position than any other vendor to bring it all together across the heterogeneous environment, at the application and web services level. HP can further lower TCO and improve RoIT by taking “identity and access management” into other business applications – such as enterprise directories, enterprise portal (e.g., single-sign-on for @hp portal), e-commerce and e-business (our Netscape Directory Server on HP-UX is being used by some of the largest ISPs in the world) HP is vigorously participating in key security standards Liberty Alliance for web services security (and the notion of “federated identity”), Trusted Computing Group (TCG) for device identity and authentication BioAPI for biometrics Spectrum of buying options Product purchases (HP products on any HP platforms; partner products on HP platforms) HPC&I (for horizontal and vertical implementations) HP-MS (for managed identity and access mgmt) [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{9CDED66F-1D4C-4F67-89CA-E7380F238E62}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Example of “Trustworthy Infrastructure” and “Identity and Access Management” Solution Delivery DO NOT MODIFY. THIS HAS BEEN APPROVED BY CUSTOMER. Security Solution Families: Trustworthy Infrastructure Identity and Access Management Adaptiveness / Agility (measured by time, range, and ease) Standardizing on one user authentication mechanism (“single-sign-on”) enables Timex to quickly and costly effectively deploy new IT services and capabilities without comprising infrastructure security or impeding user productivity. (“Standardize” is one of the more adaptive enterprise design principles) Using Microsoft Active Directory for “single-sign-on” leverages existing authentication mechanism (in “Microsoft NT Domain”) for future growth (i.e. ease of deployment for Microsoft Exchange). Background Timex Corporation began life in 1854 as Waterbury Clock, one of the first makers of affordable timekeepers for working-class Americans. Annual surveys consistently rank the Timex brand as No. 1 out of 50 fashion brands in jewelry and accessories, and the third most popular of all women's accessory brands. The key challenge for Timex is to maintain and extend its dominance in the jewelry and fashion accessory consumer category on a global basis. To help accomplish this, the company must have a flexible, adaptable IT infrastructure one that can support rapid changes in company structures and market dynamics.   The switch to Microsoft Windows Server 2003 on HP ProLiant servers is providing some “serious services” to Timex end users, according to Aaron Forstrum, the company's technical services manager. Chief among these new services is the move toward a single sign-on procedure for end users, provided by Active Directory. “As we bring new applications on to Microsoft Windows Server 2003, we plan to center everything on Active Directory,” Forstrum explains. “Active Directory and Windows Server 2003 on HP ProLiant servers reduces our overall costs of managing our infrastructure, improves security, eliminates redundancy, and provides the adaptive infrastructure we must have to compete.”   [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{486881BB-2E4D-40A7-9E48-FB9E068483A7}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{ACD341FA-3107-4234-A25D-1025BE4E3DA4}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 What HP Offers: OpenView integrated with market leading network and security products and applications for security alerts HPC&I to design and implement “security mgmt” with OpenView HP-CS 7x24 mutli-vendor support for your distributed, heterogeneous security needs HP-MS offerings, as listed below. Bridge to the Adaptive Enterprise (core part of “Adaptive Mgmt”) This is one of areas with significant HP investment (including the recent acquisitions of Select Access, Talking Heads, Extreme Logic, and potentially a few more). Our investment is to integrate the traditional “system mgmt” (with OpenView), and “security mgmt” (through OpenView and our security product partners), with this new, extended “identity and access mgmt” for a “single-pane-of-glass view” that no-other vendor has. This will significantly reduce the TCO (e.g., development, maintenance, and management cost), and significantly mitigate risks (easier to monitor, faster to detect and react and heal). This is a core part of “Adaptive Mgmt”. Managed Security Offerings from HP-MS Firewall management—provides operations services to manage many popular firewall solutions, including Cisco and Check Point Edge-to-edge virtual private network (VPN) connectivity—enables a secure VPN over the Internet between two managed VPN nodes; configures and manages VPNs at the firewall both to work with and require a firewall management service, if necessary Network intrusion-detection management — provides services that include service-level, incident, operations, and change management Vulnerability scanning—regularly and automatically scans a predetermined list of customer IP addresses; includes scans for UNIX®, Windows NT®, and other network vulnerabilities Identity and Access Mgmt—offers a standardized approach to user authentication, including differing levels of authorization and remote access to resources; supports integration with authorization tools, such as SiteMinder [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{D8A58ED0-AC4C-4125-841A-5CF1CD52DEFA}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 HP’s NonStop Enterprise Division with Atalla’s cryptographic solutions. HP Atalla Cryptographic Engine benchmark for trusted financial security products. HP’s Advanced Technology Center: NonStop System secure computing resource. HP ProCurve secure mobile networks. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{1778DE6F-82F2-4408-B2E7-96059D2B1E22}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Example of “Business and Commerce Enabling Security” Solution Delivery DO NOT MODIFY. THIS HAS BEEN APPROVED BY CUSTOMER. Security Solution Families: Trustworthy Infrastructure Business and Commerce Enabling Security Background: Visa Debit Process Service (DPS) is a wholly owned subsidiary of Visa USA. Debit card processing has enjoyed phenomenal growth of the past several years. It handles approximately 1 billion transactions every 70 days. Larry Van Vleet, vice president of Technology and Strategic Planning at Visa DPS is just breaking in the company’s new 50,000-square-foot data center in the Denver area. Van Vleet loves the new data center, but he loves his NonStop systems even more. “Data integrity, scalability, and availability are the three most significant issues that we need to address in terms of making our business successful,” he concluded. “And that’s why Visa DPS relies on the NonStop platform to handle our mission critical processing.” Network security processor products from the HP Atalla Security Products Group handle the encryption needs at Visa DPS.   “ We have absolute confidence in their reliability and their capacity to service the volumes we throw at them,” commented Van Vleet. “We also get good support from the Atalla folks in helping us take advantage of new encryption standards, such as Triple DES. Thanks to the Atalla products, encryption is one of those things we really don’t have to think too much about.” [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{E978059D-AC79-4289-93B7-3F7E54E79703}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{575CE1F8-5C1A-4512-AEAB-350108A121B9}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 This is a slide from the Business Continuity Solutions customer presentation. Use this slide to demonstrate that emphasize that HP can “bring it together” from both a security and a business continuity perspective. If data can fail, so can other components of your infrastructure. This diagram illustrates a simple definition of the multiple layers that should be addressed when building your business continuity plan, and reinforces that planning is more than data backups – it’s an important step, but a first step only. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{6CD68871-0BC3-4874-906C-A25CAFA8BCBC}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 HP Services has over 65,000 professionals covering every required specialty, throughout the world ready to help you. We are one of only two companies anywhere capable of meeting your broadest and most particular Business Continuity needs. You know Hewlett-Packard is a leading global provider of computing, internet and intranet solutions – all of which are recognized for excellence in quality and support. What you might not know about is that HP is also one of only two global vendors in the disaster recovery industry. HP has worked in disaster-recovery and business-continuity for over twelve years. We have over 50 recovery facilities worldwide. Our customers and facilities are located in Africa, Asia, Australia, Latin America, North America, Middle East, Western Europe, and Eastern Europe. We intend to keep our customers’ businesses running no matter what, no matter where. The size of HP’s organization is one of our attributes. Not only are our customers guaranteed global service, they’re reassured by our strong understanding of business-critical environments. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{3CA0CEBC-087F-439B-BC8C-8EDB21C70C98}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Agility improvements can be made at any layer or in any aspect of the infrastructure. The 4 fundamental AI design principles identified by HP can guide needs assessment, facilitate problem solving, and set standards for achieving desired results. The degree to which IT enables business agility can be tracked in virtually any scenario by 3 key measurements: time, range and ease. Time – length of time taken by an organization to affect a needed change; Range – breadth of changes an organization can handle; extent, adaptability, complexity Ease – relates to the effort (cost) and manageability of those changes. Together, our metrics and design principles help enterprises move at whatever pace and whatever scale is required for their business to implement an adaptive enterprise that employs deep technology expertise and services leadership Some ideas the “Where do I Start” discussion with customers: Simplification: Reduce complexity and risk -- Assessment and training; consolidation to fewer and more secure OS and applications; automated security patch management; “single pane of glass view” for system and security management; streamlined identity & access provisioning. Standardization: Increase flexibility through standards-based components and processes -- Standards-based trusted computing base (TCG) for devices and hardware components; standards- and policy-based identity, access, and security management (Liberty Alliance, Adaptive Mgmt); integrated web services management. Modularity: Change, manage, virtualize and utilize components collectively -- Secure all infrastructure products and systems (host hardening, secure storage and server networks, secure WLANs, secure e-mail, secure printing) Integration: Integrate all components into a uniform system easily managed, modified and changed -- Single-sign-on, enterprise directory, enterprise portal; adaptive management; business continuity and availability planning [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{37BAB583-FCC7-490E-A7C1-7F81E8B392B2}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{7432C151-EC22-41E3-A3E0-1ED97CE743B4}}
  • http://inside-it.corp.HP.com/IT_Connection/NEWS/awards.htm#MAKE MAKE Hall of Fame For the fifth straight year, the Know Network has awarded HP a global MAKE Award. The award, sponsored by Teleos of the KNOW Network, is in its fifth year.  The 2002 MAKE study ranked companies for  Innovation and delivery of knowledge-based services/solutions (we ranked No. 1 in this category) Organizational learning  Transforming corporate knowledge into shareholder value. HP Vice President of Data & Knowledge Management Bipin Junnarkar notes: "The new HP has made an even greater commitment to knowledge management. The collective knowledge of our 145,000 employees will better enable us to demonstrate our passion for customers through our global products and services."  The MAKE study recognizes companies with the best practices in eight segments including developing knowledge leaders, creating a learning organization and focusing on customer knowledge.  [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{D26A4B9C-26FE-42C0-B650-0B0D44792045}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Back-up slide. So to sum up our approach. We function from a disciplined, system methodology that addresses your whole system requirements. We have the services, the technologies, the people, the processes, and the experience. Now I’d like to shift to a summary look at our offerings. First the services and hen the technology. The key to surviving any loss of continuity, whether it be an actual disaster or a security attack or a power outage is: advanced planning, preparation and practice across the organization. The first step in developing your business continuity plan is a business continuity audit and impact assessment. This phase will identify your risks and exposures and characterize the maximum amount of tolerable downtime, the relative priorities of business applications, and the minimum requirements necessary for recovery. By working closely with you, we can identify and develop a solution to meet your specific needs. In addition to a consultative approach, we have developed a set of business continuity reference architectures to deploy our high-availability to fault-tolerant solutions. To complement our multi-OS solutions portfolio, we also offer comprehensive Business Recovery Services. HP can help architect the solution necessary to meet your specific recovery time objectives (RTO) including sizing the network and recommending data replication alternatives based upon your database and operating platform. Our offerings include: Comprehensive, high-availability software, including application restoration capabilities provided by HP MC/ServiceGuard; administration and monitoring tools for mission-critical server resources; and disaster-tolerant clustering solutions for UNIX, Linux, and Windows systems. HP’s high-availability server and storage solutions ensure anytime access to applications and data by protecting your critical information assets while closely controlling costs. HP Business Continuity Services to identify and define recovery requirements to support critical business operations, maintain or recover critical IT-based business processes following natural disasters, man-made disasters, and critical hardware/software failures. Storage disaster recovery capabilities with HP Surestore disk arrays and enterprise-class extended clustering which work with HP OpenView Omniback II to provide a complete zero downtime back-up solution. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{734C7D36-600F-4340-911E-B9FB2DE68CF4}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 HP labs are working in a number of areas: Identity – HP PROTECT - HP has a leading role in the Liberty Alliance Consortium, which is attempting to build independent standards for identity management on the web (competitor to MS Passport). HP is undertaking research in the establishment of secure identities for components within the adaptive enterprise - in order to build ‘trusted domains’ of hardware, storage, networks and software – able to communicate by means of specific encryption algorithms Security Management – HP OPTIMIZE - Cyber Disease Control – HP solutions played a huge role in slowing the impact of recent worms and viruses such as Code Red, Nimda. We are also working on software tools to help with policy governance and enforcement Security Infrastructure – HP ENABLE – HP is building into appliances and operating environments the standards approved by the Trusted Computing Platform Association. We initiated the TCPA Consortium, lead the technical committee, produced the specification. The TCPA will further create standards to help build ‘trusted domains’ of hardware, storage, networks and software – able to communicate by means of specific encryption algorithms. Overall, HP invests $4B in R&D annually (~5%) [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{41D385D8-FC9D-4274-B971-76EF7270947F}}
  • For CPC tracking purposes only – PLEASE DO NOT REMOVE: Title: HP Security solutions – Securing your Adaptive Enterprise Content Author: Elsie Wu: [email_address] Content Manager: Robert Owyang: [email_address] Business group: ESG Date posted: 11/02/03 Certifications include CISSP = Certified Information Systems Security Professionals. Found in the mid-1989 as an independent, nonprofit corporation, the International Information Systems Security  Certification Consortium’s sole charter is to develop and  administer a certification program for information security practitioners. Now  firmly established in North America, the program is quickly gaining  international acceptance. GIAC = Global Information Assurance Certification (founded and led by SANS Institute). According to their web site – “The SANS Institute enables more than 156,000 security professionals, auditors, system administrators, and network administrators to share the lessons they are learning and find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community." HP consultants also has certifications / expertise in Business Continuity. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{13B6BC55-54AF-43C2-BD4A-F8D6450C4DD9}}
  • [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{7B7D77E3-26F2-4D7B-B726-9D6CE8677D6F}}
  • [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{45F17044-D2DF-47E0-B648-817D6B683164}}
  • Planning & Governance: How HP is Different? Security expertise across the distributed and heterogeneous, multi-vendor environment In bridging a customer’s point security products and solutions to extend to the adaptive enterprise, HP provides planning and governance services for the secure application services, infrastructure services and virtualized resources that support the AE. leverage HP’s investments in services, products and technologies that that will improve the adaptability of their infrastructure. Worldwide “one-stop-shop” – global projects and local deployments (Secure access devices and client systems to data center security requirements, host and system security, and security services offerings including consulting, systems integration, project management, training and managed services. Ability to examine and derive cost effective security solutions from risk mitigation and management to network security architecture and application security. HP as a third party “Trusted Advisor” in the selection, integration and management of “best-in-breed” products and technologies for the enterprise. Trustworthy Infrastructure: How HP is Different? Security designed into HP products, systems and solutions; several layers of built-in security in networking solutions. HP’s secure infrastructure offerings include secure Operating Systems and platforms, trusted platform architecture, encryption, security application integration, secure storage and printing, physical asset protection. Expertise across the distributed and heterogeneous, multi-vendor environment productivity devices to data centers wired to wireless systems to applications, web services Integration of secure mobility into existing network architecture. Open VMS Implementations. Trusted infrastructure technologies mapped to HP’s Darwin Reference Architecture – the foundation of products, services and solutions which, when implemented together build to establish a utility-like environment which enables the highest order of business agility. Here, the linkage between business processes and applications is extended across suppliers, employees, customers and partners. Management and control across resources, operations and business processes is automated and intelligent. Mapped to HP’s Darwin Reference Architecture are the following HP security offerings: Identity Management (Authentication & Access Control, Directory Services, Access Management, SSO, PKI, Smart Card Integration, Enterprise Access Management) Trusted Infrastructure (Infrastructure Review & Implementation Design, Physical Asset Protection, Network Security, Adaptive Network Architecture, System and Host Security, Secure Printing, Secure Email, Application Scanning and Secure Storage Solutions) Security Event & Incident Management (Security Policy Management, Security Event Correlation, Security Incident Management, Managed Security) Enterprises Security Governance (Security Strategy and Policy Services, Risk, Threat & Vulnerability Assessment, Security Training & Awareness) Bridge today’s security priorities with tomorrow’s adaptive enterprise. In bridging a customer’s point security products and solutions to extend to the adaptive enterprise, HP’s Adaptive Infrastructure security products, services and technologies includes the application services, infrastructure services and virtualized resources to support the AE, and include major investments in TCG and extending OpenView into a new model: HP’s Adaptive Management Model. Identity & Access Management: How HP is Different? Expertise with marketing leading technologies from Microsoft, Netegrity, Critical Paths, and many others Improve your identity and access management ROIT across the enterprise business solutions (e.g., single-sign-on, directories, enterprise portal, e-commerce, e-business) Deploys more Microsoft implementations than any other company. Bridge to the Adaptive Enterprise with policy-based resource identity and access management at all levels of the Darwin Reference Architecture Security Management: How HP is Different? “ Single Pane of Glass View” across system, identity, access, and security management Worldwide, 7x24 mutli-vendor support for your distributed, heterogeneous security needs Business and Commerce Enabling Solutions: How HP is Different? Security from infrastructure devices to business applications Secure HP platforms for critical financial transactions and secure government environments. Atalla security products provide a complete range of hardware processors for banking, Internet and enterprise applications. Using encryption technology embedded in hardware to safeguard sensitive data, including financial transactions over private and public networks. It is these products that bring strong hardware-based security required for financial networks to back office operations as part of HP’s NonStop Enterprise Division. HP’s NonStop servers feature a shared-nothing highly parallel processing architecture with a modular operating system. Except for a small kernel, most of the NonStop Kernel operating system functionality is handled by specialized system processes, such as the memory manager, communications manager, network manager, and disk access manager, that communicate through interprocess messages. Processes run in their own virtual address space so no matter what a nonprivileged process does, it cannot view the memory of, or negatively impact, any other process running on the system. Processes send messages to each other; therefore, they cannot overwrite each other’s memory. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{E5D72DD9-517A-4597-9FDA-1FE66B07AC7F}}
  • SLIDE OBJECTIVE: To describe how the HP Security Services 4 key practice areas fit into the HP Adaptive Enterprise model SLIDE NOTES: HP’s vision for the Adaptive Enterprise recognizes the role of information technology (IT) in an enterprise is shifting. This evolution is required to enable companies to become truly adaptive, to handle change without disrupting the business, to both respond to and take advantage of change. HP has developed a standards-based framework for this, the Darwin Reference Architecture, which provides an evolutionary path to the adaptive enterprise. This framework supports the necessary changes in the way IT is architected, managed, and operated. One of the key shifts on the way to an adaptive enterprise is to move from implementing business processes through discrete applications and dedicated resources (vertical silos) to a horizontal model, where the IT infrastructure is a foundation that serves the entire enterprise, not discrete business processes or business groups in isolation. Likewise, access to information shifts from being application-specific to becoming context-specific. Security is a key concern in any IT infrastructure. Ad-hoc security implementations often result on interlocking the various components of a business application, creating implementation silos. The Enterprise Security Governance program provides an enterprise-wide policy foundation that applies uniformly to the whole IT environment. The enterprise security program is setup so it remains aligned with the business requirements and the ever-changing risk environment. This enables the shift from a vertical to an horizontal model. As such, it is an integral part of how the IT system is integrated and orchestrated. Resources in the IT environment for the adaptive enterprise are defined by the characteristics of the service they provide, including how strongly the business applications are protected. The Trusted Infrastructure solution provides a methodology and the fundamental building blocks to create an IT resource infrastructure which supports the needs of the adaptive enterprise. The adaptive management of the security system is much more than the management of each of the security services implemented in the IT environment. The ability to monitor events and respond to incidents at the level of the enterprise is an essential part of the security lifecycle. The effectiveness of the security system is dependant on this capability. This functionality is an integral part of Management and Control, focusing initially at the resource level and extending to service and business levels as the IT environment matures to support the adaptive enterprise. Application and infrastructure services evolve in parallel to the resources provided by the IT environment: rather than building a dedicated environment for each business application or group, business processes are implemented through shared application and infrastructure services. In particular, rather than having each application implement its own user and authorization registration and enforcement, the adaptive enterprise architecture calls for an enterprise-level Identity Management solution, provisioned as an infrastructure service to be used in the implementation of the business processes. The Identity Management solution also covers all aspects of identity provisioning. When combined, these four security solutions create the backbone of an enterprise security system that can adapt to the changing needs of the adaptive enterprise. NOTE: it can be also noted that, just like all other aspects of the IT infrastructure of the adaptive enterprise, there is no “one-size-fits-all” solution. The solution effectively deployed must be structured to fit the principles of the company, hence the importance of a modular approach to allow building a solution tailored to the specific needs of the business without having to incur the cost and inefficiencies of a full custom solution. SLIDE TRANSITION: In the next four slides we will describe what each of these practice areas are. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{7FE2AD2D-A0D4-46E3-AA44-11668AC99C59}}
  • HP has a security lab established at Microsoft in Redmond, Washington Together, HP and Microsoft have defined and created Secure Extension (SE) solutions for Microsoft Windows HP has also worked with Microsoft and other vendors to prepackage, integrate and sell a number of security appliances [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{F21CC779-454D-462A-B49B-FA799BAE2784}}
  • HP has a security lab established at Microsoft in Redmond, Washington Together, HP and Microsoft have defined and created Secure Extension (SE) solutions for Microsoft Windows HP has also worked with Microsoft and other vendors to prepackage, integrate and sell a number of security appliances [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{98602095-EAC3-4D95-A826-277D91774FD9}}
  • HP has added a host of physical security features to its popular ranges of notebooks, desktops and PDAs [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{AFCC7281-68F9-4411-8303-DE679837047D}}
  • Our recommendation is to NOT use this slide unless customers specifically requests. So, what makes our partnership strategy unique? Its based upon maximizing choice and responsiveness to your requirements. We have a leading position with partners who drive industry and defacto standards. As Microsoft’s leading partner, The FrontLine Partnership with Microsoft is unique in the industry. It is designed around working together at both marketing and technical levels to deliver industry-standard computing with data center reliability and lower cost of ownership. HP is the #1 platform for Exchange and SQL server with over 2 times the share of the nearest provider. As Intel’s leading partner, the Itanium partnership will result in a new standard for 64-bit platforms across the enterprise. Together, both companies are currently initiating extensive ISV pilot programs and have major customer pilot systems operational in a number of enterprise accounts. Neither IBM nor Sun have the relationships with these partners as HP. With respect to the leading application software vendors, we have #1 market share with Oracle, Siebel, SAP and PeopleSoft. We work very closely with them to test, characterize, and optimize their applications on multiple platforms. As a result we are uniquely positioned to offer you your choice of solution platforms (Windows, Linux, or UNIX) that best match your business need- not based upon bias of the platform vendor like Sun, Dell, and IBM. By virtue of our position with these application partners, you are assured timely availability of the latest offerings, optimized for fast deployment. Unlike IBM, we don’t claim to be the world’s expert in everything. For business solutions, we combine our expertise in infrastructure with System Integration partners who provide the applications, business process and solution expertise. Together we deliver to you a higher return on your IT investments based upon total cost of ownership, business agility, and favorable risk and time-to-solution. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{AA799911-E0D1-4A88-8CA3-0C27F386750B}}
  • The Atalla solutions are of particular interest to financial services, retail and other customers requiring higher levels of security for e-commerce and e-banking services. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{D8863C3A-DC24-4073-8043-009F9A90E943}}
  • [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{2BA94F5F-EC9A-4A74-80B5-E029E7DF88AF}}
  • This ties it back to Adaptive Enterprise. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{BAA10212-B2DE-44E4-A42F-DFAEE3B289C3}}
  • This ties it back to Adaptive Enterprise. [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{E1F4548B-3D33-43C6-9725-72B2EA7E1970}}
  • [Enter any extra notes here; leave the item ID line at the bottom] Avitage! Item ID: {{BD827DB2-38FD-43EF-AF52-90D5E469E8B8}}
  • Transcript

    • 1. HP Security solutions, Securing your Adaptive Enterprise Speaker: Jim Fiannaca Date: 11/10/04
    • 2. Agenda
      • Key security issues facing today’s enterprises
      • Security trends and HP’s approach to security solutions
      • HP Security solutions
    • 3. Today’s business challenges require IT to adapt Ability to adapt quickly
      • Business challenges
      • Improve business performance, quality and ROI, while reducing costs
      • Minimize risk associated with change
      • Drive new business models and direction
      • Shorten time-to-market
      • Enable mergers, acquisitions and divestitures
      • IT imperatives
      • Link business and IT
      • Reduce costs, ensure stability and flexibility
      • Reduce complexity
      • Optimize assets today and tomorrow
      • Extend value and reach of the enterprise
      Increased volume of change An adaptive infrastructure is one that can quickly respond to and capitalize on change for business advantage
    • 4. Your business demands security
      • "Help me keep my business going in light of all these threats!”
      • Financial regulations require tighter access control to data and applications, better audit trails
      • Consumers, governments, and employees demand more privacy and better confidentiality
      • More dynamic business environment requires more dynamic, and more adaptive security measures
      HP Security solutions enable business agility
    • 5. Why is security important to the adaptive enterprise? Consider the cost of downtime
      • Productivity
      • Number employees impacted x hours out x burdened hours =
      • Revenue
      • Direct loss
      • Compensatory payment
      • Lost future revenues
      • Billing losses
      • Investment losses
      Other expenses
      • Temporary employees
      • Equipment rental
      Know your downtime cost: Per hour, per day, over 2 days…
      • Financial performance
      • Revenue recognition
      • Cash flow
      • Lost discounts (A/P)
      • Payment guarantees
      • Credit rating
      • Stock price
      • Damaged reputation
      • Customers
      • Suppliers
      • Financial markets
      • Banks
      • Business partners
      • Overtime & travel costs
      • Extra shipping expenses
    • 6. Financial cost of downtime is relative to who feels the pain Source: Contingency Planning Research, 2002 Industry Financial Financial Media Retail Retail Transportation Entertainment Shipping Financial Application Brokerage operations Credit card sales Pay-per-view Home shopping (TV) Catalog sales Airline reservations Tele-ticket sales Package shipping ATM fees Average cost per hour of downtime (US$) $ 7,840,000 $ 3,160,000 $ 183,000 $ 137,000 $ 109,000 $ 108,000 $ 83,000 $ 34,000 $ 18,000
    • 7. Identifying your pain point Time to recover amount of data preserved Money C O S T L O S S Maximum cost of control Acceptable downtime Spend less lose more Break even How strong is the competition? How loyal are your customers? How easy would it be for them to switch? Do you have alternate sales channels? Spend more lose less
    • 8. HP Security solutions Security Mgmt Business and Commerce Enabling Security Trustworthy Infrastructure Planning and Governance Identity and Access Management Business Strategy Integrate & Orchestrate Manage & control Plan Maintain Provision Inventory Control Monitor Business Level Service Level Resource Level Demand Application Services Infrastructure Virtualized resources Resources Virtualization Sourcing Sharing Pooling Clients Printers Servers Storage Infrastructure services Registry services Grid services Security services Web services Business Processes … Network Content Environ- ment ERP CRM Collabor- ation Productivity … Supply HP Services: Assess, plan, design, deploy, manage and support
    • 9. HP Security solutions portfolio Planning & Governance Identity & Access Management Trustworthy Infrastructure
      • Infrastructure review & implementation design
      • Physical asset protection
      • Network, system and host security
      • Secure printing
      • Secure email
      • Application scanning
      • Identity & access control environments
      • Identity & access control provisioning
      • Enterprise directories
      • Security event correlation
      • Security incident management
      • Managed security
      • Risk/threat/vulnerability assessments
      • Security strategy & policy
      • Security training & awareness
      Security Management Business & Commerce Enabling Security
      • Secure internet Banking
      • eCommerce back office solutions
      • Secure mobile services delivery platform
      • Fraud management for telecom
    • 10. Security planning and governance solutions
      • HP offerings
      • Risk, threat, and vulnerability assessment
      • Security strategy and policy services
      • Security training and awareness
      • How HP is different?
      • Security expertise for your distributed, heterogeneous, multi-vendor security
          • 600+ CISSP certified consultants
          • 32 countries with Cisco VPN security certifications
          • Microsoft Gold Security Partner
          • ~100 security related patents
      • Strategic alliances with market leading security vendors – to be your trusted advisor
      • Bridge today’s security priorities with tomorrow’s adaptive enterprise
      HP Security + HP business continuity = Total trusted environment
    • 11. Munich Re Group - Defining & implementing global information security standards
      • Challenge
        • Prepare for secure e-commerce
        • Create a organization to roll-out, administer, and maintain new security standards
        • Implement the architecture
        • Train 33,000 employees around the world
      • Solution
        • Behavioral & change management
        • Standards: policies, procedures, controls, roles & responsibilities.
        • Information security practices
        • Security technology training
        • Selected, tested, & piloted security technology
      • Results
        • Protection of Munich Re global reputation
        • Behavioral changes towards security
        • Foundation of a corporate-wide security architecture
        • Enabled secure e-commerce
      -
    • 12. Quote slide “ We have proved that people can change. They no longer resist security standards – they are living security.” Michael Lardschneider Corporate Information Security Officer
    • 13. Trustworthy infrastructure solutions
      • HP offerings
      • Infrastructure review and implementation design
      • Physical asset protection
      • Network security
      • System and host security
      • Secure printing
      • Secure e-mail
      • Application scanning
      • How HP is different?
      • Deep and broad capabilities base, including:
          • Security enhancements on all HP supported OS
          • Award winning Trusted Computing (TCG) architecture with HP ProtectTools for business PCs
          • Microsoft certified Security Enhancements (SE) for MS Windows and MS Exchange
          • Advanced secure wireless solution with ProCurve and CISCO
          • Patented Adaptive Network Architecture for B2B integration
          • Storage security with StorageWorks
          • Industrial strength encryption with Atalla
          • Secure printing with JetCAPS and Capella
          • Many secure e-mail options
      • Enterprise-scale experience to “bring it all together”
      Security “designed in”, not “bolted on”
    • 14. Netherlands Chambers of Commerce Simplifying and securing export documentation
      • Challenge
        • Distributing & printing 500,000 export documents via the internet
        • Secure environment
        • Proof of delivery & printing
        • Compliance with NL, EEC, laws
        • Ease of use, ease of integration
      • Solution
        • HP Chai technology
        • PKI encryption and decryption
        • one-off transmission & printing
        • HP print environment & HP LaserJet 4100
      • Results
        • 5000–6000 companies can now print export documents and licenses
        • Documents printed on the applicant’s premises
        • No courier charges
        • Reduced turn around time
        • Enormous simplification of export process
      The requestor can only print the approved export license once – and then a report is sent to the issuing authority, and the local data is erased.
    • 15. University of Alberta
      • Challenge
        • Protect an academic computing network from security breach while providing high bandwidth and functionality to approved users
      • Solution
        • HP ProCurve networking adaptive EDGE architecture
        • Hp ProCurve routing switch 9300m series
        • HP ProCurve switch 2524
        • HP network design services, technical support
      • Results
        • Secure network with more than 4,200 ports protecting highly confidential, potentially valuable, information
        • High network performance
        • Flexible, scalable solution allowing for future growth
    • 16. Quote slide “ The HP ProCurve solution has given us the opportunity to provide our students and faculty with optimal bandwidth in a highly secure environment.” Kees denHartigh Systems and Network Administrator, University of Alberta
    • 17. Identity and Access Management solutions
      • HP offerings
      • Identity and access control environments
      • Identity and access provisioning
      • Enterprise directories
      • How HP is different?
      • Deep expertise with market leading technologies from Microsoft, Netegrity, Critical Paths, Entrust, RSA and our own:
          • Highly scalable, standards-based identity mgmt with SelectAccess
          • Award-winning ProtectTools for integrated and multi-factor user and device authentication
      • Significant new investment for the Adaptive Enterprise with policy-based resource identity, access, and security mgmt
          • For users, devices, systems, applications, and web services
      • Enterprise-scale implementations experience, including our own!
      Improved RoIT through secure and integrated enterprise business solutions
    • 18. Timex Corporation
      • Challenge
        • Create a flexible, adaptable IT infrastructure that can support rapid changes in company structure and market dynamics
      • Solution
        • HP ProLiant Servers
        • Microsoft Windows Server 2003
        • Microsoft Active Directory
      • Results
        • Reduced costs to manage IT infrastructure
        • Improved security through “single sign-on” procedure for end users
        • Adaptable infrastructure to enhance competitiveness
    • 19. Quote slide “ We have confidence in our long-standing relationship with HP and Microsoft. I can't speak any more highly of either company. The benefits for Timex have been tremendous, and we all know that here. HP's expertise and solutions reduced our design, testing, and implementation efforts. HP provided a strong support team for us, which helped us address our company IT needs.” Bob Lutz IT Manager, Timex
    • 20. Security Management solutions
      • HP offerings
      • Security event correlation
      • Security incident management
      • Managed security
          • Firewall management
          • Edge-to-edge VNP connectivity
          • Network intrusion detection mgmt
          • Vulnerability scanning
          • Identity and access mgmt
      • How HP is different?
      • “ Single Pane of Glass” View for system, identity, access, and security management with HP OpenView
      • A full lifecycle of managed security services that can substantially contribute to YOUR peace of mind
      • Significant new investment for the Adaptive Enterprise with policy-based resource identity and access, and security management at all levels of the Darwin Reference Architecture.
      • Global support and global reach – wherever you are, HP is there with you.
      “ Single pane of glass” view for lowest TCO
    • 21. Business and commerce enabling security solutions
      • HP offerings
      • Secure Internet banking
      • Secure payment
      • eCommerce back office solutions
      • Secure mobile services delivery platform
      • Fraud management for Telecom
      • How HP is different?
      • Security from infrastructure devices to business applications
      • Secure HP platforms for critical financial transactions and secure government environments.
      • Secure web services delivery platform for both J2EE and .NET (MSDP)
      Making it easier and more secure to do business on the Worldwide Web
    • 22. Visa Debit Processing Service (DPS)
      • Challenge
        • Ensure 24 x 7 availability at new data center after physical move
      • Solution
        • HP High Availability Review Service, focusing on:
          • Production NonStop S-series systems
          • Systems software configuration and performance
          • Physical and logical network
        • Network security processor products from HP Atalla for encryption
      • Results
        • Assurance that IT infrastructure would be up to the task of peak transaction volumes
        • Critical concerns identified and changes made before holiday season
        • Final report containing hundreds of pages of detailed IT infrastructure documentation
    • 23. Quote slide “ We have absolute confidence in their reliability and their capacity to service the volumes we throw at them….We also get good support from the Atalla folks in helping us take advantage of new encryption standards, such as Triple DES. Thanks to the Atalla products, encryption is one of those things we really don’t have to think too much about.” Ike Johnson Vice President for Systems Support, VISA DPS
    • 24. HP Business Continuity model Regional Building/ office Data center Network System Application/ Database Data
      • Power management
      • Work area recovery
      • Business process recovery
      • Data protection
      • Data replication
      • Data integrity
      • Failover/redundancy
      • Disaster tolerance
      • Recovery procedures
      • Physical security
      • Data center protection
      • Data center backup
      • Network backup
      • Network rerouting
      • Network management
      • Relocation
      • Virtual workspace
      • Crisis management
      • Database backup
      • Application clustering
      • Information security
    • 25. HP Business Continuity services: Size, stability, and global presence HP recovery facilities (includes hubs, satellites, data, and office facilities)
    • 26. Where do I start?
      • Simplification : Reduce overall infrastructure complexity for better control, better management, and lower risk
      • Standardization : Increase flexibility through standards-based security architectural design and implementation
      • Modularity : Secure infrastructure building blocks at all levels of your architecture, across your distributed, heterogeneous environment
      • Integration : Lower TCO through “Single Pane of Glass” view for system, security, identity and access management
      • Where do you see the most pain and ROI?
      • HP can help you assess and prioritize your enterprise security investments
      HP adaptive enterprise design principles Integration Simplification Standardization Modularity
    • 27. Transition slide Why HP for security?
    • 28. Why HP for security & consulting?
      • • HP Consulting Services Security Practice has won “Best Security Service Award” at 2001 and 2002 Secure Computing magazine awards
      • • Over 20 years of security consulting experience with tens of thousands of customers.
      • • HP has 600 CISSP and SANS certified individuals to ensure our security solutions are properly aligned with your business needs
      • • HP has world-class security centers in the Americas and Asia Pacific that are continually researching hackers tools and tactics, security breaches and new attacks
      • • HP received its 5 th consecutive most admired knowledge enterprise (MAKE) award in 2002
      • • HP is the largest Microsoft integrator in the world and Microsoft Gold Security Partner
    • 29. HP Business Continuity solutions: Dramatically increasing uptime while ensuring stability Reference Architectures People & Process Services Technology
      • BroadVision
      • Oracle CRM
      • Oracle 9i
      • Telecom billing
      • ISM
      • From single system RAS servers to UNIX to OpenVMS to NonStop
      • Clustering fabric
      • Middleware
      • Anytime, anywhere storage
      Technology, services and partnerships applied together to create solutions tailored to your unique needs
      • Business continuity services
      • Mission-critical support services
      • Security services
      • Experience
      • Support
      • Management
    • 30. HP R&D: Innovating in security
      • Security infrastructure
      • Enabling new, secure IT services
      • Incorporation of TCG standards into HP technologies and solutions:
        • Hardware security appliances
        • Trusted Windows and HP-UX
      • Secure, encrypted information flow across trust domains
      • Identity
      • Protecting your assets
      • Liberty Alliance for web services
      • logical and transient identities
      • identity based encryption (IBE)
      • Biometrics
      • Security management
      • Optimizing the infrastructure
      • Cyber disease control
      • Software-based security policy enforcement
      HP is investing in three key areas to support emerging security standards
    • 31. Security designed in, not bolted on
      • End to end offerings from point security products to multiple and integrated security solutions linked across the heterogeneous enterprise;
      • Both information and infrastructure security;
      • Expert security staff of 600+ CISSPs and SANS certified individuals; 32 countries for Cisco VPN Specialization Certifications;
      • Strategic alliances and expertise with market leading security partners;
      • Largest Microsoft integrator in the world and a Microsoft Gold Security Partner;
      • Deep technical expertise and inventiveness to address today's security problems and tomorrow's opportunities – ~100 patents in security alone.
    • 32. BACK UP SLIDES
    • 33. Adaptive Enterprise security challenges
      • Continuous operation
        • On going stream of new and changing threats
        • Complexity: Broad dispersed # of access devices
        • Governance: How do you force / help users to remain secure & follow policy
        • Management: Security policies across business processes, applications and systems
        • Quick threat detection, Controlling damage, Efficient Recovery
      • Privacy & confidentiality
        • Across all constituents: Consumer/ Customer, Employee, Partner, Business Critical Data
        • Protected databases, storage, applications, ID & Policy management for …
        • Regulatory compliance issues
      • Trusted transactions
        • End-to-end internal transactions; inter-organizational transactions, eg. Supply chain
        • Outsourcing, etc.
        • Financial …. Money, credit, assets, resources changing
        • Audit ability, non-repudiation
        • Trust policies and agreements across ecosystems (I.e. Identrus for Financial)
    • 34. HP Security solutions portfolio Business and commerce enabling security
      • How HP is Different?
      • HP’s NonStop Enterprise Division with Atalla’s crtyptographic solutions
      • HP Atalla Cryptographic Engine benchmark for trusted financial security products
      • HP’s Advanced Technology Center: NonStop System secure computing resource
      • What HP Offers:
      • Secure Internet Banking
      • Secure Payments Infrastructures
      • eCommerce Back Office Solutions
      • Secure Mobile Services Delivery Platform
      Planning & governance Identity & access management Trustworthy infrastructure
      • What HP offers:
      • Infrastructure Review & Implementation Design
      • Physical Asset Protection
      • Network, System and Host Security
      • Secure Printing; Secure Email
      • Application Scanning
      • How HP is different?
      • Security designed into system and networking products & solutions
      • Platform and OS security
      • HP Security Enhancements for Windows and Exchange
      • HP ProtectTools for Business PCs
      • Secure wireless and mobility solutions with Cisco and ProCurve
      • HP Atalla Encryption
      • Adaptive Network Architecture for B2B integration
      Security management
      • What HP offers:
      • Identity & Access Control Environments
      • Identity & Access Control Provisioning
      • Enterprise Directories
      • How HP is different?
      • Identity & access management ROIT improved across enterprise business solutions.
      • Bridge to AE with policy-based resource identity and access management between IT resources and infrastructure services
      • Adaptive Management software include Select Access
      • What HP offers:
      • Security Event Correlation
      • Security Incident Management
      • Managed Security
      • Global support
      • How is HP different?
      • “ Single Pane of Glass View” across system, identity access, & security management.
      • Threat management solutions integrated with OpenView
      • ID management systems integrated and deployed with OpenView.
      • Management S/W security strategy to automate management and control of resources, services and business processes – extending OpenView into HP’s Adaptive Management model.
      • What HP offers:
      • Risk/ Threat/ Vulnerability Assessments
      • Security Strategy & Policy
      • Security Training & Awareness
      • How is HP different?
      • Expertise across, distributed, heterogeneous multi-vendor environments
      • Can bridge today’s point security products & solutions with tomorrow’s Adaptive Enterprise.
      • HP Security + HP Business Continuity Implementations = Total Trusted Environment
    • 35. Security services - Mapped to HP’s Darwin reference architecture Business Strategy Integrate & Orchestrate Manage & control Demand HP Services: plan, design, deploy, manage, evolve
      • Security Strategy and Policy Services
      • Risk, Threat & Vulnerability Assessment
      • Security Training & Awareness
      • Security Policy Management
      • Security Event Correlation
      • Security Incident Management
      • Managed Security (Incident response, secure operations, support, ISS offering)
      • Authentication & Access control
      • Directory/ Meta Directory Services
      • Access Management
      • Single-Sign On
      • Public Key Infrastructure
      • Smart Card Integration
      • Enterprise Access Management
      • Client authentication with ProtectTools
      • Infrastructure review and Implementation design (Architecture & Planning)
      • Physical Asset Protection
      • Network Security
      • Adaptive Network Architecture
      • System and Host Security (Hardening & protection)
      • Secure Printing
      • Secure E-mail
      • Application Scanning
      • Secure Storage solutions
      • Atalla-based encryption
      • Vertical Solution integration: Manuf supply chain, Financial Wealth Mngmt, etc.
      • Helping customers w/ Regulatory Compliance: HIPPA, European Privacy Act, etc…..
      Plan Maintain Provision Inventory Control Monitor Business Level Service Level Resource Level Application Services Infrastructure Virtualized resources Resources Virtualization Sourcing Sharing Pooling Clients Printers Servers Storage Infrastructure services Registry services Grid services Security services Web services Business Processes … Network Content Environ- ment ERP CRM Collabor- ation Productivity …
    • 36. Security solutions for Windows and ProLiant servers
      • Wireless security solutions: – Secure wireless gateway – RSA PKI accelerator for mobile devices – Secure wireless entry points – Secure wireless cards for notebooks and handhelds
      • Firewall and secure e-mail servers
      Prepackaged, integrated, tested and supported by HP The HP/Microsoft Windows Security Enhancements (SE) products provide secure feature extensions and add the configurable functionality of multiple desktops, diskette auditing, denial of multiple logons and inter-domain trusts. Largest Microsoft integrator in the world and a Microsoft Gold Security Partner
    • 37. Secure HP UNIX servers and HP-UX • Authentication, Authorization and Audit (AAA) server • Mobile AAA server • LDAP server • Kerberos server • Bastille — HPUX lockdown • Host-based Intrusion Detection System • IP Filter • Security Patch Check “ HP-UX is the most secure commercially-available UNIX.” — D.H. Brown
    • 38. Built-in security for access devices
      • Protect physical PCs and components
      • Disable hard drive removal
      • Smart Cover Sensor and Lock guard against unauthorized chassis
      • Memory Change Alert — Proactively detect unauthorized modifications
      • Ensure security of data transmission
      • Hardware Internet Protocol Security (IPsec) cards
      • Enhanced security
        • Fingerprint identification technology
        • Smart Card technology
      HP ProtectTools – Winner of “Best Security Product” TechXNY, 9/2003
      • Access control and authentication
      • Power-on password
      • DriveLock — password-protected access to notebook hard drives
    • 39.
      • Strategic technology partnerships with the industry leaders
      Key partnerships & strategic alliances Complementary services for business consulting and solutions implementation Driving open and defacto standards
        • RSA Security Netegrity
        • Entrust ISS
        • Capella JetCAPS
        • CheckPoint Nokia
        • Cisco Symantec
        • Entrust F-Secure
        • e-Security Oblix
        • Interlink Network
        • TripWire Microsoft
        • K2 Defender SafeGuard
        • St. Bernard BindView
        • Schlumberger eSentinel
        • Trend Micro Critical Path
        • Mtech Courion
        • Netegrity
        • Symantec
        • RSA
        • Schlumberger
      Microsoft Netegrity RSA Entrust Cisco Nokia
    • 40. HP Atalla Network Security Processors and SSL Accelerator Cards
      • State-of-the-art in hardware-based
      • cryptographic processing
      • Security for ATM, Point-of-Sale (POS)
      • or Electronic Funds Transfer (EFT)
      • applications
      • PIN security and key management
      Hardware SSL Acceleration Cards • Plug-and-play design • Offloads most compute-intensive component of cryptographic processing • Drivers for Microsoft Windows (2000, NT, .NET) and Linux • AXL600L optimized specifically for Linux Models 10100, A9100, A8100
    • 41. HP Utility Data Center (UDC)
      • The HP Utility Data Center with Utility Controller Software creates and runs virtual IT environments as a highly automated service.
      • Rigorous “Vulnerability Analysis” and “Ethical Hacking” are integral to our design and development process.
    • 42. Getting started Range Time Ease Step 1. Measure and assess business agility Step 2. Architect and integrate by applying a consistent set of design principles Integration Simplification Standardization Modularity + + + Link business and IT, Connect applications and business processes within and outside the enterprise Break down monolithic structures, Create reusable components, Implement logical architectures Use standard technologies and interfaces, Adopt common enterprise architecture, Implement standard processes Reduce number of elements, Eliminate customization, Automate change Level of effort, cost, and risk required to introduce and support change Breadth of change that can be supported or introduced Speed at which infrastructure changes can be implemented
    • 43. Where do you begin?
      • Improve agility:
        • Agility Assessment Services
        • Enterprise Integration Readiness and Needs Assessment
      • Manage costs:
      • Business Value Assessment
      • IT consolidation/TCO Assessment
      • Increase quality:
      • Managed Services planning workshop.
      • Integrated Support planning workshop
      • Mitigate risk:
      • Business Continuity and Availability Assessment
      • Security Assessment
      • On time, on budget projects planning
      Strategy Visioning workshop
    • 44. HP white on blue logo

    ×