Your SlideShare is downloading. ×
Knowing where the safe zone is  ovum october 22 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Knowing where the safe zone is ovum october 22 2013

201

Published on

2nd Annual Identity and Access Management Conference - Ovum Forum 22 October 2013 , London. Dissuccing concepts and examples of Identity management perimeterization.

2nd Annual Identity and Access Management Conference - Ovum Forum 22 October 2013 , London. Dissuccing concepts and examples of Identity management perimeterization.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
201
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Mark Skilton, Professor of Practice in Information Systems Management, Warwick Business School, UK Warwick Business School
  • 2. Knowing where the safe zone is - Defining perimeter access strategies for an enterprise The modern enterprise today has many connections, relationships and services. Information technology has enabled communication, social communities and transactions to create opportunities for new types of value. But this has also changed the types of risks and security issues as bring your own device (BYOD) and the many types of cloud services have shifted responsibilities. Do you know where the access perimeter of your company security is? How do you define risk and value of new technology? What are the opportunities and challenges of new technologies and on legacy operations? This presentation will look at ways to define the new business – technology boundaries and the risk and challenges of managing new technology across these boundaries. Warwick Business School
  • 3. Overview Knowing the safe zone – perimeter strategies What is your business ecosystem? Describing your security risk and opportunity Managing opportunities – API management Managing access - connectivity The future ? Overview
  • 4. Overview Knowing the safe zone – perimeter strategies What is your business ecosystem ? Describing your security risk and opportunity Managing opportunities – API management Managing access - connectivity The future ? Overview
  • 5. Business Ecosystem the challenges we face Old model Business and IT use of software and hardware assets Project based development lifecycle Platforms and networks Transformational advisory and governance Security controls and audit service monitoring Why business ecosystems ? New model: Data plethora of data types and sources Multi-channel Service marketplaces Devices and “things” Focus on intelligent processes and monetization Compliance and pervasive automated monitoring of security
  • 6. Objects in the Internet of Things There are potentially billions of objects that could connect through IP addresses and network protocols to identify , exchange and collaborate services. Devices Tags, Sensors and platforms Products Content Services Money Places and Machines
  • 7. Era of Internetworking - Where is the perimeter ? Internet Switches Tier 1 Networks NSPs Network Peering and Interconnections Tier 2 ISP Tier 2 Network IP Backbone IXP Examples of ISP services include email, FTP, webhosting ISPs Internetworking Satellite Public Switched Telephone Networks PTSN Tier 3 networks (ISP) Cable Operators DSL, T1, T3 Leased Lines Wide Area Network WAN 4G (3G LTE/SAE) Gateways Gateways 3G / 3.5G Femtocell Wifi Gateways InfraRed Local Area Network LAN GPS Bluetooth Mobile Devices RFID Sensors Proximity, Smart Card
  • 8. + 2.5 Billion Internet Users 2013 Representing 35% World Population Why business ecosystems ?
  • 9. 1.7 billion mobile devices sold in 2012, and 6.8 billion subscriptions equivalent to 96 percent of the world population Why business ecosystems ?
  • 10. Internet video accounting for 61 % of total internet data (cisco) Social Media Is driving massive online Video growth Why business ecosystems ?
  • 11. 1 in 4 people around world use at least one form social networking = 1.7 Billion in 2013 1 in 3 people = 2.55 billion global audience by 2017 all the geo-tagged locations of uploaded Flickr photos by concentration. Why business ecosystems ?
  • 12. Where is the perimeter ? No. People in Organization Ave No. of social network connections No. Hours Online Formal Yourself No. of Devices per person Why business ecosystems ? Near to you Your Network No. of networks informal/formal Your Extended Network No. applications and web sites Visited, used
  • 13. What is your Organization estimated perimeter node score ? Formal X Average No. of Devices per person X 3 Average No. People in Organization 500 X No. of system networks X informal/formal Ave No. of social network connections X X 3 X 300 X No. applications / Web sites Visited, used 10 13,500,000 Illustrative only Why business ecosystems ? X Average No. Hours Online X 5 67,500,000
  • 14. What is your personal estimated perimeter node score ? Formal Average No. of Devices per person 5 X No. of system networks Why business ecosystems ? Ave No. of social network connections X No. applications / Web sites Visited, used X 5 X 2000 X 10 Assume International Travel x5 per year Assume travel 3 times per week Assume WIFI, 3G/4G networks Illustrative only X informal/formal 300,000 X Average No. Hours Online X 10 3,000,000
  • 15. What is a secure perimeter ? Controlled access No. People in Organization Compliant Why business ecosystems ? Secure Controlled system No. of Devices networks per person Controlled social network connections Configured/standards Continuous access and use state monitoring ? Managed
  • 16. Overview Knowing the safe zone – perimeter strategies What is your business ecosystem ? Describing your security risk and opportunity Managing opportunities – API management Managing access - connectivity The future ? Overview
  • 17. Data is getting more complex Structured data Semi-structured data Unstructured data Data | Increasingly Externalized And metadata Your edge profile data Your message payload data Your behavioral metadata - co-presence Your transient data – travel in physical and virtual space Embedded Data shelf life value (“productization of data”)
  • 18. Connectivity is changing Example programmable web have collected a database of Open APIs. Many companies use APIs to establish connectivity services with their web sites Open APIs And Closed (Proprietary) APIs Managed APIs can be problematic if the API specification is changes by the Provider impacting on the users of that API. APIs are a common method for many Cloud system service connections.
  • 19. Enterprise Technology is externalized “as a service” points Protection Points System Access ports Web access Corporate / Private Network Internet Network services Backend services External Firewall Devices Network Network Mobile applications Mobile Data Internal Firewall G A T W A Y APIs Applications Data Active Directory API Management gateway Identity ? Access provisioning Authentication and Data Privacy ? VPN Tunnel Usage Policy Governance, compliance, and controls “AS A SERVICE”
  • 20. Perimeter definitions – heat mapping Market segments and entities Social Network Channels APIs Own data and IP Your Enterprise Networks 3rd party data and IP 3rd party Networks Staff, products, Services, assets, facilities SPAN Of CONTROL
  • 21. Risk - Impact * USB Investment research Federated Devices Authorization Management Certification Processes and services “ ID Theft every 79 Seconds (*) DR and BC Management
  • 22. Risk Scorecard Today Cloud Corporate Risk 5 4 Describing risk Risk Management 4 5 Corporate Reward 4 3 2 3 3 2 1 Risk Awareness 5 3 0 4 2 Risk Impact 4 Severity 2 2 4 Risk impact Probability Warwick Business School Degree of Collaboration Information 4Security Level Requirement
  • 23. Overview Knowing the safe zone – perimeter strategies What is your business ecosystem ? Describing your security risk and opportunity Managing opportunities – API management Managing access - connectivity The future ? Overview
  • 24. API Management Examples Mashery an Intel Company, provide a secure appliance and software system for managing API connectivity to multiple devices and services Web GUI to manage the API policies and use Appliance is used to Manage access to APIs
  • 25. Cloud Aggregator Broker – Orchestrator Example : Mulesoft Cloud Hub – enabled integration of multi-cloud integration Apps Stores Where is the Perimeter? Contract Perimeter versus Technical Perimeter
  • 26. Example Network Traffic Monitoring for Virtualized compute environments Example Net Optics Phantom Virtualization Tap Monitoring of Inter-VM traffic across all best-ofbreed hypervizors in virtual computing environments. The Phantom Monitor component installs in the hypervizor for total traffic visibility. Use with virtual or physical Intrusion Detection Systems (IDSs), protocol analyzers, layer2 and Later-3 probes, and other devices. Network Traffic Monitoring Appliance
  • 27. Example Intrusion Prevention System (IPS) Example McAfee Network Security Platform User Identification Key Features Threat Prevention Botnet detection Behavior-based analysis Malware protection Forensic analysis integrated Scalable web-based management Application Identification Device identification IP de-fragmentation and TCP stream reassembly Anomaly detection Inspection of virtual environments DoS and DDoS prevention File reputation, IP reputation, Geolocation Protocol tunnelling support , IPv6, V4-. MPLS
  • 28. Example Cloud Environment Application Performance management Example Compuware APM. Monitors applications across physical and virtual networks and environments. can be deployed easily into private, public or hybrid cloud applications via either BYOL (bring your own license) or elastic, consumption based models. Application response times User Experience Real time and synthetic load testing
  • 29. Overview Knowing the safe zone – perimeter strategies What is your business ecosystem ? Describing your security risk and opportunity Managing opportunities – API management Managing access - connectivity The future ? Overview
  • 30. Martini model: Any IP, any device, any time anywhere Jericho Forum, The Open Group
  • 31. Cloud “as a services” Security Solutions Device Security Proxy Controls / Appliances Device Authentication Security Endpoint Device Management Strong Password Control Subscriber account security API Usage Port Network connect Device Connect Fillters Intrusion Prevention System (IPS) Chargebacks /Billing Controls Service Metering Controls Web Store Front Cloud Service security Status Anti virus Anti Spam Security Information Cloud Service Reporting management (SIM) Data Loss Prevention (DLP) Mobile Device Management (MDM) Single Signon Wipe data when Lost Remote Application Control Token PKI, SSH Keys Controls User Group, Directory Management Application Virtualization (Secure VDI) Network Monitoring Network Transport Encryption (VPN) Hypervizor / VM Monitoring Database Monitoring Cryptographic controls Data Encryption External Example http://wwwclouage.com Cloud Monitoring Identity and Access Management Virtualization Isolation services Cloud Storage Virtualization Internal Authentication / Authorization Application Usage Monitoring Service Level Outage Monitoring PaaS Development and XaaS Deployment Service Configuration management Code Version Encryption Code/VM Deployment Encryption
  • 32. Overview What is your business ecosystem ? Describing your security risk and opportunity Managing opportunities – API management Managing access - connectivity The future ? Overview
  • 33. Identity is going to get much more broader and personal The future?
  • 34. Mental Health Physiology Dreaming Genetics Activity Drugs Drink Sleep Diet The future?
  • 35. The future?
  • 36. The future?
  • 37. The surface underneath The security layer pervades everywhere Enterprise operating models will need underpinned of legal and security strategies to support and validate an increasingly externalized business model API Management Network management Intrusion Management Application Management Identity and access Management Encryption Management Compliance and IP Management
  • 38. Holistic Governance , Risk & Compliance for ecosystems Security is critical in moving IT services that are potentially no longer under the enterprise control or on premise. The following diagram looks at On-premise and Off premise security controls . Risk Management Compliance Monitoring Management Audit Security Governance Personnel Security Management Security Policy Management Access Management Identity Management Firewall Management Validate Log, Analyze, Event management Test Regime Business Continuity Management Availability Management Backup Management Disaster Recovery Management Identify Translate Incident Management Security Operations Asset Digital Rights Management Management Administrationn Privilege, Deploy, Decommission, Dispose Encryption Management Security Controls Private Network Management Portability Management Secure Development/Operations Coding Standards Code review Unit Test Publish/ Versions
  • 39. Conclusions Knowing where the safe zone is - Defining perimeter access strategies for an enterprise Scaling of business technology will drive changes in cultural and legal issues as data and usage shifts toward social network based economy Cloud enabled commodization and “on stop contract/less” but may alter risk profile complexity There will be a variant of technologies to manage externalized Identity and usage access – – – – API Management Social network usage in processes Data analytics for usage behaviors A combination of both Technologies will enable wider Identity profiles challenging legal boundaries of access and usage The future?

×