What trends are we facing?So what trends are we facing?Well, your data is everywhere.Here now. There yesterday. It’s on devices you own and devices you don’t. It’s being accessed in the office, and on the move. It’s up in the cloud, it’s back on the ground – somewhere, anywhere. Meanwhile, the constantly shape-shifting shadow of data loss looms over every organisation. Not forgetting the increased threat of targeted attacks. Bring your own device, consumerisation of IT and business, and use of social media in work is impacting security policy and strategy.In fact, Cisco predicts over 15 billion network-connected devices will be in use by 2015; and the average US citizen will own seven devices! Meanwhile, organisations want to take advantage of the cloud without taking security risks.It’s almost impossible for businesses to maintain the traditional outer perimeter they’ve so carefully built up. That perimeter has moved from static to completely elastic in the shortest possible time, because we are now more connected than ever. Controlling and protecting the entire information supply chain has become a series of instant solutions to sudden problems, because the rules of five or ten years ago are still accepted despite the fact they no longer apply. The older ideas said that you had to control the whole information supply chain: the device you use, the apps you run, the network you go across, the resources you access. But it’s very expensive, and failure-prone.New thinking is to accept you can’t control the device or the public network, but you can control the gateways and the policy. Policy, in turn, drives exactly what and how you can access things, and what you can do once you have information on your device. In the real-time world, where we are always connected to a critical resource, risks to business are moving too fast for reactive security systems. Controlling and protecting the flow of information has become a series of instant solutions to surface problems that mask the risks rather than understanding the sometimes unusual reasons for their existence. If there’s ever been a time to stop, review and refresh how we approach business security, it’s now.
Mobile Device Management Secures, monitors, manages & supports mobile devices whether corporate or employed owned. It is customisable to your requirements, helping you to define and enforce policies, such as enforcement of security policies, including PIN codes, password complexity and protection against data loss, with the ability to remotely reset, lock and wipe. It also gives you up-to-date view of your mobile inventory, including visibility of applications installed by users and their version. What's new on our journey to rethink the risk? With business risk changing and shifting so rapidly, it’s no longer enough to react to threats as they appear – we simply cannot move fast enough. This is why BT Assure is working with its partners and clients to rethink the risk and redraw the lines of a new security reality. So what products are we launching which can help you on your journey to rethink the risk? Assure Secure Web With Assure Secure web, we can offer customers a uniform web access policy for all remote devices, whether employee- or company-owned, with one single, centralised and instantly updatable view, global reporting, and role-based control, so there is no need to reach each device individually. The major enhancement is to migrate the traditional web application proxy or gateway into the cloud, which does away with the need to maintain your own network of these devices around the world for all your internet gateways. Assure Cyber Using Assure Cyber, we can offer customers a less hands-on, more controlled approach to security incident and event management. Cyber brings together all the components of a top-of-the-line Information Assurance programme, including professional services, technology platforms, and managed security services. This was originally created specifically for the UK Ministry of Defence, and is now commercialised and available for your customers. Assure Cyber allows for analysis and reports that are fully interactive and customisable. This streamlines incident response, so you can learn lessons for the future. BT Assure Cyber supports the most sophisticated environments, where a higher degree of internal control is required, while still providing BT’s expertise and using state of the art tools.Assure Analytics Using Assure Analytics, we can bring to life in real-time, the potential threats and outcomes faced by organisations, helping them make the right decisions for effective policies. As a result of over 10 years of R&D inside BT, a remarkable step change in data assimilation and analysis is possible using a tool called Saturn. This is a ground-breaking data analytics and visualisation system that learns as it runs. It can interpret huge volumes of information and translate it into interactive visual information. Using this tool, we can find unexpected patterns and highlight areas for investigation, for instance understanding typical attacker threat profiles or predicting future attacks.The first trial customers for this went live in March, and there will be a formal launch across wider customer base during Q2. Please be aware, Assure Analytics is an addition to the Assure Threat Monitoring portfolio, rather than a standalone offering. If your customers are interested in adding this capability, you should arrange a conversation with a BT Assure security specialist to discuss how to deploy Assure Threat Monitoring and Correlation, including Assure Analytics. Assure Hosted Security Services Assure Hosted Security Services – with its secure network gateways for web traffic, firewalls and intrusion prevention – lets businesses deploy all the tools they want or need, in a way and at a cost that suits them best. A new cloud-based option gives customers more flexibility, and there is no price penalty for exercising those choices, since it’s all part of standard portfolio. The Formal portfolio launch is in Q3, but parts are already Ready for Sale today. Mobile Device Management Additionally, Mobile Device Management is device-independent management for employee or company-owned devices. It is customisable to your requirements, helping you to define and enforce policies, such as enforcement of security policies, including PIN codes, password complexity and protection against data loss, with the ability to remotely reset, lock and wipe. Managed Mobility Expenses By allowing BYOD within an organisation, there is a risk that costs can quickly escalate. BT Managed Mobility Expenses enables you to control mobility costs, optimise internal processes and manage usage levels. We can work with you to evaluate your mobile contracts, tariffs, inventory and usage data through call data analysis tools and supplier reviews. We will ensure you are being invoiced against contracted tariffs, claim any credits due to overcharging, improve tariffs from your mobile operators and help you implement strong corporate mobility policies and tolls that reduce usage / costs. And our MobileXpress App enables customers of BT MobileXpress using iPhones or iPads to securely access BT’s global Wi-Fi footprint, a cost-effective alternative to the 3G network To find out more about the products just mentioned, and to find out more about what products are being launched when, and where, please visit our intranet pages
Mobile Device ManagementMobile Device Management enables you to control and demonstrate compliance of all enterprise data on smartphone devices – protecting you against data loss, with the ability to remotely reset, lock and wipe. It provides you with an accurate up-to-date inventory of your mobile devices, including the visibility of applications installed and their versions. It enables OTA distribution of applications, data and configuration settings to ensure that all devices reflect your current policies. Policies can also be set that limit data roaming charges when the user is travelling to help manage costs. A self-service portal enables end-users to resolve simple issues such as password resetting without contacting your IT helpdesk.
BT Assure eValuator Building on the success of the ConnectIQ Evaluator for the last market mover launch, we have developed the Assure Evaluator. Our BT Assure eValuator is a tool to help assess and rethink your network’s security. By registering your customer for a BT Assure eValuation session with us you are taking a step towards looking at how your customer’s network security is aligned with their organisation’s objectives and goals. We can examine how your customer’s state of security-readiness compares to typical enterprises, and help steer them towards the areas of most pressing concern. The BT Assure eValuator is a multi-dimensional tool that looks at metrics which we believe are needed for secure network. The evaluator assesses the three elements of security: people, processes and technology. The output of the eValuator provides you with a detailed view of your readiness in key areas which will help you to prioritise your security spend and activities for the coming 12-24 months. Register your customers today and we will be in touch to get a date in the diary to rethink the risk. Quick Starts Furthermore our existing Quick Start services can help too. These short, structured, service-led engagements with a customer are designed to get to the heart of their business challenges and identify potential solutions. Using these services, we can enable organisations to rapidly assess their network security and business continuity profile, identify weaknesses, and then take cost-effective, remedial and preventative measures in line with their business priorities and strategies. Today we address our customers’ needs through a collection of Quick Start services that support the global BT Assure portfolios These are:Our Ethical Hacking Quick StartOur Business Continuity Quick StartOur Cyber Defence Quick StartAnd our Smart Device Quick Start for BYOD As a multi-vendor consultancy we have relationships with over 100 technology partners of which 66 focused specifically on security. The top 5 are Checkpoint, Cisco, Bluecoat, HP and Juniper. Through these business relationships, BT can provide services and products backed up by the world-leading security companies, to ensure consistent delivery of such services and products to its customer base. To find out more about these Quick Starts, please visit our intranet pages.
Rethink the risk overview final
Rethink the risk BT Assure. Security that matters
What trends are we facing? Your data is everywhere! Growth of mobile data and devices, BYOD, consumerisation of IT, and use of social media in work impacting security policy and strategy The traditional, single outer perimeter doesn’t exist anymore Shift to cloud; >50% of Global 1000 businesses will have customer data in cloud by 2016Old thinking was that you had to control the whole information supply. New thinking is toaccept you can’t control the device or the public network, but you can control the gateways and the policyRisks to business are moving too fast for reactive security systemsMove from reaction to proactive planning, to enable the organisationto grow, safely
Rethink the risk: our latest researchWe surveyed 2,000 users and managers across 11 countries to compare their views oncyber security threats, data loss, and the use of personal devices on corporate networks:• Mobile device security is single biggest concern for 74% of IT Directors & Execs “Security exists to• 33% of employees see no risk in BYOD, yet only 10% facilitate trust. Trust is of IT Directors agree with them the goal and security is how we enable it.”• 68% of IT Directors believe data leakage (due to theft or Bruce Schneier, BT Chief loss) is the greatest threat Security Technology Officer• 67% of IT Directors believe tighter controls on networks, processes, and equipment will reduce the risk of mobility and cloud transformation projects
The information supply chain: security across the ecosystem
The BT Assure capabilities Managed FirewallSecure Web Intrusion Prevention Managed FirewallSecure Device ManagementMobile Web Global UTM Intrusion PreventionLog Retention Message ScanMobile Device Management Global UTM DoS MitigationLog Retention Message Scan Cyber DDoS Mitigation Cyber Public Key InfrastructureThreat Monitoring Voice ContinuitySecurity Analytics Public Key InfrastructureThreat Monitoring IT & Workplace RecoveryVulnerability Scanning Voice ContinuitySecurity Analytics Authentication ManagementeValuator IT & Workplace RecoveryVulnerability Scanning Fraud Reduction Authentication ManagementeValuator Fraud Reduction New Enhanced Established
Whats new on our journey to rethink the risk?Assure Offers a uniform web access policy for all remote devices, withSecure Web one single, centralised and instantly updatable view, global reporting, and role-based control Supported BT Advise QuickMobile Device Secures, monitors, manages and supports company-owned Starts -Management and employee-owned devices Advise Devices QSAssure Government-grade security infrastructure combiningCyber integrated technology, process, cloud infrastructure, BT governance & oversight Ethical Hacking QSAssure Hosted Offers secure network gateways for web traffic, firewalls and CyberSecurity intrusion prevention – in a way that suits them best.Services Defence QSAssure Managed Security Service offering cloud and virtual SecureGlobal deployment options, bundled Assure Threat Monitoring, and NetworkingUTM enterprise features at all price points QSAssure Highlight the warning signs you need to know today, but can’t BusinessAnalytics find on your own amongst vast amounts of security data. Continuity QSAssure Assess your state of security readiness across a full range ofeValuator essential performance criteria, and prioritise your 24 month plans in response
Cloud Solutions – rethinking howyou do business to bring you flexibility • Assure Cyber ‒ Fully-integrated platforms that work together and under the watchful eye of BT’s security leadership • Cyber Defence Quick Start ‒ Testing and modeling, adapted to the particular needs of government and public sector organisations • Assure Hosted Security Services ‒ More deployment options for classic managed security services; accommodate next-gen extranets • Assure Global UTM ‒ One-box solution, whether cloud, virtual, or on premises, with threat monitoring & correlation built in.
BYOD – rethinking your security strategyto deal with this phenomenon • Assure Secure Web ‒ Immediate response to policy updates, no latency and no touching of endpoints required • Mobile Device Management ‒ Enforce on-device security and usage policies, including remote reset, lock & wipe • Advise Devices Quick Start ‒ Prepare for the strategic introduction of smart devices. Minimise the risks of BYOD.
Analytics – scrutinising the unthinkableso you don’t have to • Assure Threat Monitoring & Analytics ‒ Find essential warning signs before they become big problems, improve internal governance, investigate huge data sets quickly and without knowing what to look for in advance • Assure eValuator ‒ Learn the strengths and weaknesses of your current security posture and validate plans for the next 24 months • Ethical Hacking Quick Start ‒ Learn the real state of your defences and how to protect against modern risk.
Let’s assess how secure your network is .....our BT Assure eValuator BT Assure Evaluator Our security experts will provide you with a multidimensional rating of your security readiness and guidance on bt.com/btassure/securitythatmatters the highest 2 year priorities. Your security program will benefit from BT’s best practices with our systematic approach to evaluation.
And we are already working with you A consumer goods manufacturer Issue: Legacy estate of secure web gateways suffering inconsistent policies, difficult reporting, slow response to emerging threats Resolution: Implemented BT Assure Secure Web for 100k+ users, leveraged BT Advise for planning and integration Impact: Switchover completed in 3 days; MTTR reduced from 5+ days to <1 hour; running costs reduced 40%+ A major Issue: investment bank Major public charity campaign scheduled to launch in 48 hours, but no assessment or penetration testing completed; compromise would be a major embarrassment Resolution: BT Assure performed a comprehensive assessment and remediation, including design, architecture, and code, in 36 hours Impact: Campaign able to launch on time with high confidence of integrity and resilience of the donation site; customer leveraged process for future activities “ UK Ministry Issue: of Defence Wanted to integrate existing security information sources to create With [Assure Cyber] we a centralised security capacity and expand its situational awareness can successfully complete work that previously took Resolution: around two weeks in BT designed and deployed a fully-accredited cyber-defence solution called eCND to deliver round-the-clock support less than 30 seconds. It makes a real difference.” Impact: Member, Information Systems eCND is helping the MoD identify potential vulnerabilities more and Service, MOD effectively, reducing the window of exploitation open to threat sources
The case for BT Assure Experience 7,000 corporate and public sector customers across more than 170 countries Leadership Our thought leaders – including Bruce Schneier – drive us to plan ahead. 1,800 professionals help deliver Innovation Technology transfer – such as Assure Analytics and BT for Life Sciences R&D – benefits customers and leads the market Reach 9 global SOCs today, with 3 more opening in the next 12 months. Our global presence is big, and growing Partnership We combine people, process, and technology, supporting the biggest global customers while delivering locally
Don’t just listen to us…. A truly global solutions provider The BT managed security services demonstrate a very complete offering both in breadth and depth July, 2011 Highest ranking for BT Global Services BT Global Services is one of only THREE providers noted as having “strong positive” ranking for its managed security services in Gartner’s Market Scope for Managed October 2011 Security Services in Europe 190+ security papers ISO27001, SSAE16, 300,000+ devices published and 30% ISAE3402, SAS70-II monitored for over of people with audit & security 1000 customers advanced degrees standards 1,800+ professionals and a combined total of 10,000 years experience!
SummaryYour data is everywhere• If there’s ever been a time to stop, review, and refresh our approach to “ By end of 2016, more managing business risk, it’s now than 50% of Global 1000 companies will have customer –Rethink the risk, using the tools we have to help address these changes sensitive data in the cloud, and 40% of• Our ability to deliver world-class security across portfolio areas is enterprises will require unmatched by major competitors independent security testing of cloudOne portfolio, many solutions solutions” Gartner 2012• Security cannot be a one-size-fits-all, but has to rely on robust, Predictions consistent foundationsThe experience to guide, the wisdom to lead• Trusted by over 7,000 customers across four major vertical segments worldwide• Significant investments to develop local delivery capability for a global portfolio• Sponsorship and support of critical security community activities throughout our 1,800 security professionals and benefiting 20,000 colleagues throughout Global Services
BT Assure Security that matterswww.bt.com/btassure/securitythatmatters