IBM Security Systems

IBM Security Services
Security implications of the use of smarter and bigger data
CIO Event Heathrow...
IBM Security Services

What is Big Data?

2

© 2013 IBM Corporation
IBM Security Services

The Facts
The term “Big Data” is a bit of a misnomer.
The Definition
..
– Big Data applies to infor...
IBM Security Services

Friend or Foe?

4

© 2013 IBM Corporation
IBM Security Services

Smarter Planet - what do we mean?

Some case studies
And pause to think what if the integrity, or v...
IBM Security Services

6

© 2013 IBM Corporation
IBM Security Services

7

© 2013 IBM Corporation
IBM Security Services

How Can I use it?

8

© 2013 IBM Corporation
IBM Security Services

As organisations embrace new technologies, adopt new business models and
becoming more interconnect...
IBM Security Services

Attackers are Getting Sophisticated

10

© 2013 IBM Corporation
IBM Security Services

Greater Business Demand for Security Intelligence
Defend the
Brand

Avoid Loss of
Intellectual
Prop...
IBM Security Services

Security Intelligence: integrating data across silos to create actionable
information
Security Devi...
IBM Security Services

Our solutions address the full security intelligence timeline

What are the external
and internal t...
IBM Security Services

Automated

In this “new normal”, organisations need an intelligent view of their
security posture

...
IBM Security Services

Let us not forget the Security
challenges of using Big Data

15

© 2013 IBM Corporation
IBM Security Services

So what must we consider?
As always
– Availability, Integrity and Confidentiality
– Data at rest an...
IBM Security Services

So what must we consider? (continued)
Data Privacy and Data Protection
– A data subject has the rig...
IBM Security Services

At the end of the day
“Big Data” is no different from any other form of data we handle on a day to ...
IBM Security Services

Questions?

19

© 2013 IBM Corporation
IBM Security Services

Integrated security thinking from IBM
Security
Intelligence,
Analytics &
GRC

People

Data

Applica...
IBM Security Services

Trademarks and notes
IBM United Kingdom Limited
PO Box 41
North Harbour
Portsmouth
Hampshire
PO6 3A...
Upcoming SlideShare
Loading in …5
×

Brendan Byrne, Security Services Consulting and Systems Integration Leader at IBM - Security implications of the use of bigger and smarter data

735 views

Published on

Brendan Byrne, Security Services Consulting and Systems Integration Leader at IBM spoke at the CIO Event UK 2013

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
735
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Brendan Byrne, Security Services Consulting and Systems Integration Leader at IBM - Security implications of the use of bigger and smarter data

  1. 1. IBM Security Systems IBM Security Services Security implications of the use of smarter and bigger data CIO Event Heathrow, November 2013 Brendan Byrne – Associate Partner IBM 1© 2013 IBM Corporation © 2012 IBM Corporation
  2. 2. IBM Security Services What is Big Data? 2 © 2013 IBM Corporation
  3. 3. IBM Security Services The Facts The term “Big Data” is a bit of a misnomer. The Definition .. – Big Data applies to information that can’t be processed or analysed using traditional processes or tools. Big Data is about the collection, storage, correlation, analysis and application of this data – unlocking it’s business value through the creation of actionable business intelligence and insights. 2.5 Quintillion bytes of data created every day. 1 Billion transistors for every person on the planet. 4 Billion mobile phones worldwide. – Growing to 10 Billion internet connected mobile devices by 2016. 30 Billion RFID tags. Organisations are facing the challenge of how to get more value from the rich data in their systems while also ensuring the data is secure and being handled appropriately. 3 © 2013 IBM Corporation
  4. 4. IBM Security Services Friend or Foe? 4 © 2013 IBM Corporation
  5. 5. IBM Security Services Smarter Planet - what do we mean? Some case studies And pause to think what if the integrity, or veracity, of data is questionable? 5 © 2013 IBM Corporation
  6. 6. IBM Security Services 6 © 2013 IBM Corporation
  7. 7. IBM Security Services 7 © 2013 IBM Corporation
  8. 8. IBM Security Services How Can I use it? 8 © 2013 IBM Corporation
  9. 9. IBM Security Services As organisations embrace new technologies, adopt new business models and becoming more interconnected, their security risk is increasing Embracing New Technologies, Adopting New Business Models Exploding and Interconnected Digital Universe 30 billion RFID tags (products, passports, buildings, animals) Large existing IT infrastructures with a globalized workforce, 3rd party services, and a growing customer base 1 billion workers will be remote or mobile 1 trillion connected objects (cars, appliances, cameras) 1B Mobile Internet users 30% growth of 3G devices Bring Your Own IT Social Business Mobility Cloud / Virtualization 9 33% of all new business software spending will be Software as a Service © 2013 IBM Corporation
  10. 10. IBM Security Services Attackers are Getting Sophisticated 10 © 2013 IBM Corporation
  11. 11. IBM Security Services Greater Business Demand for Security Intelligence Defend the Brand Avoid Loss of Intellectual Property Maintain Compliance with Government Regulations 11 Mitigate Fraud Safeguard Trust Relationships © 2013 IBM Corporation
  12. 12. IBM Security Services Security Intelligence: integrating data across silos to create actionable information Security Devices Servers & Hosts Event Correlation Network & Virtual Activity Logs Flows IP Reputation Geo Location Offense Identification Database Activity Activity Baselining & Anomaly Detection Application Activity User Activity Database Activity Application Activity Network Activity Configuration Info Vulnerability Info Credibility Severity Relevance User Activity High Priority Offenses Extensive Data Sources 12 + Deep Intelligence = Exceptionally Accurate and Actionable Insight © 2013 IBM Corporation
  13. 13. IBM Security Services Our solutions address the full security intelligence timeline What are the external and internal threats? Are we configured to protect against these threats? What is happening right now? What was the impact? Prediction & Prevention Risk Management Vulnerability Management Configuration Monitoring IBM X-Force® Threat Intelligence Compliance Management Reporting and Scorecards 13 Reaction & Remediation SIEM Log Management Incident Response Network Anomaly Detection Packet Forensics Database Activity Monitoring Data Loss Prevention © 2013 IBM Corporation
  14. 14. IBM Security Services Automated In this “new normal”, organisations need an intelligent view of their security posture Optimized Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting Manual Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations Reactive 14 Proactive © 2013 IBM Corporation
  15. 15. IBM Security Services Let us not forget the Security challenges of using Big Data 15 © 2013 IBM Corporation
  16. 16. IBM Security Services So what must we consider? As always – Availability, Integrity and Confidentiality – Data at rest and in transit. but also • At point of creation.. a Trillion ‘smart’ devices but can they be accurately identified, trusted. and • At point of consumption; who uses the ‘intelligence’ and where – how is it accessed Risk increased by – collaborative nature of data collection/data sourcing and storage – across intra and inter business boundaries and multiple systems/technologies; – tooling – especially Open Source software such as Hadoop – use of intelligent search engines – no longer possible to rely on ‘needle in haystack’/’security by obscurity’ defence – Greater risk further down the supply chain. 16 © 2013 IBM Corporation
  17. 17. IBM Security Services So what must we consider? (continued) Data Privacy and Data Protection – A data subject has the right by notice, to prevent a data controller from taking evaluation decisions concerning him or her by automated means alone. – Data controller must be able to explain the logic. Data Inference – What can you infer from data processing it in more intelligent ways. – Remember how fraud engines work. The aggregation of data – Data has value, but the value varies depending on the nature of the business. – Current/future market value of personal data Your supply chain – Are you and all your suppliers on the same page when it comes to Information Security? 17 © 2013 IBM Corporation
  18. 18. IBM Security Services At the end of the day “Big Data” is no different from any other form of data we handle on a day to day basis. – It has value. – It has rules governing its use. Information Security is not rocket science. Get the basics right: – Embed the culture of security in the organisation. – Awareness and training. – “Secure by Design” Information Security has always been and will always be an enabler for business. 18 © 2013 IBM Corporation
  19. 19. IBM Security Services Questions? 19 © 2013 IBM Corporation
  20. 20. IBM Security Services Integrated security thinking from IBM Security Intelligence, Analytics & GRC People Data Applications Brendan Byrne Associate Partner, Consulting and SI Leader for IBM Security Services Infrastructure E-mail: bbyrne@uk.ibm.com Mobile: +44(0) 776 428 3054 20 © 2013 IBM Corporation
  21. 21. IBM Security Services Trademarks and notes IBM United Kingdom Limited PO Box 41 North Harbour Portsmouth Hampshire PO6 3AU United Kingdom IBM Ireland Limited Oldbrook House 24-32 Pembroke Road Dublin 4 IBM Ireland Limited is registered in Ireland under company number 16226. The IBM home page can be found at ibm.com, IBM, the IBM logo, ibm.com and IBM X-FORCE are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at ‘Copyright and trademark information’ at ibm.com/legal/copytrade.shtml Other company, product and service names may be trademarks, or service marks of others. References in this publication to IBM products, programs or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program or service is not intended to imply that only IBM products, programs or services may be used. Any functionally equivalent product, program or service may be used instead. This publication is for general guidance only. Information is subject to change without notice. Please contact your local IBM sales office or reseller for latest information on IBM products and services. IBM does not provide legal, accounting or audit advice or represent or warrant that its products or services ensure compliance with laws. Clients are responsible for compliance with applicable securities laws and regulations, including national laws and regulations. Photographs may show design models. © Copyright IBM Corporation 2013 21 © 2013 IBM Corporation

×