By Center for Digital Government estimates the IT spend in 2012 will be relatively flat at $92 billion. As mentioned earlier, SLG is actively seeking out solutions to their budgets woes. Until the national and state economies recover, tight budgets will continue to spur action in the IT realm in the states. Many economists predict that we will see SLG start to rebound financially by 2013. We will do a deep dive into the four largest vertical areas of spend a little later in the presentation but what is evident from our research is that IT will play a key role in transforming service delivery, bolstering program results and delivering cost savings.
Moving from the Industrial Age, to the Information Age to Interaction Age. Right now there is a perfect storm of trends impacting agencies today. This storm is quickly creating a frenzy of new business value creation. The changes driven by computing inventions of the past – the mainframe, client-server computing, the personal computer, even the internet – do not even compare to what we are seeing today. The consumer with smartphone – or tablet – in hand is the defining image of this new era. This new world of change means seamless interaction, whether an organization or military installation. We want to connect to our friends, colleagues, family through our whatever means takes us there the fastest. This new era brings new problems and opportunities.
What we hear from our customers, is that the changes in the current landscape are forcing their IT teams to evolve…or as our CEO, Enrique Salem likes to put it “Rethink” how they run their business. Which leads to some new and evolving challenges to address. Specifically, our customers talk a lot about the challenges of information growth, especially around email and other unstructured data. Every day, there are over 294 billion emails. That’s 2.8 million emails a second. Nearly 90 percent of these are spam or viruses. The remainder carry everything from harmless greetings to the most sensitive corporate information imaginable. Small wonder, unstructured data makes up almost half of the enterprise data explosion. Another top concern is the increased sophistication and impact of new types of attacks like Stuxnet or WikiLeaks. This year on the threat landscape has been unprecedented not just in terms of the overall volume of malware, but also in the new levels of skill (for example Stuxnet) or the magnitude of the possible impact to enterprises (Wikileaks.) What we’re hearing, please tell us if you disagree, is that this year on the threat landscape drew intense board-room attention to the matter of computer security at enterprises worldwide. Everywhere you look you’re seeing the rapid and pervasive consumerization of IT. On the weekend of its debut, the iPad sold 3 million in 4 days. (March 16 th 2012) You know the tablet that left the store on Saturday walked into the your enterprise on Monday. Eighty-eight percent of the Fortune 500 have already realized they have to support the iPad. If you are like our other customers, you are probably considering a strategy to allow employees to connect their own devices to the network. Its no longer about “if” you will support these devices…it’s when? Identity and data protection risks are giving rise to more governance and compliance including state and federal data protection laws. And what we are hearing from our customers, is that these unstoppable forces in the current landscape are forcing IT to evolve and rethink how they do business. Specifically customers are prioritizing efforts to: - virtualization infrastructure, - moving data, applications, and services to the cloud - embrace and protect mobile devices - protect their data and systems critical protection need for these key initiatives, - and finally, the enhanced infrastructure agility to meet the demands of their business. And all of our customers agree that the solutions to the issues, specifically virtualization and cloud, are creating new challenges. The virtual server sprawl that has occurred in our industry has compounded the storage growth for IT. And where that information is access from, or stored, is in the physical, virtual or cloud. And the number 1 request of every IT department is to secure that information, no matter where it resides.
We see a significant change in the role of IT in enterprises from system-centric to information-centric. To date, IT has brought significant productivity benefits to organizations by automating key business processes and driving efficiencies. This landscape was characterized by various business applications working centralized databases, supported by physical infrastructure. A lot of what IT departments did was focused on managing systems, including PCs, servers, storage, and networks. Today, the role of IT is starting look very different. Organizations are looking for the next level of productivity and business agility by improving collaboration and knowledge sharing. They are looking to better connect their employees, teams, business partners and customers to each other. This is changing the nature of data into highly distributed, largely unstructured information. The infrastructure is moving virtual within the company or turning into an external cloud. Instead of focusing of physical systems management, the role of IT is transforming into more information-centric tasks with governance, policies, risks, and controls.
In 2010, 350.9m PC’s were shipped (177.8m professional, 173.2m home) 2014 # of Agency PC’s (laptop, desktop, notebook): 246,600,000 (Gartner: G00212068, Apr 2011) 2014 # of Consumer PC’s (laptop, desktop, notebook): 293,500,000 (Gartner: G00212068, Apr 2011) 2014 # of Tablets: 116,900,000 (IDC: 227941, Apr 2011) 2014 # of Smartphones: 819,946,600 (IDC: 227367, Mar 2011) Market size for endpoint security in 2014: $9,852.40 million (Agency: $4,089.9 million; Consumer: $5,773.5 million) (IDC: 225759, Nov 2010)
Let’s start with a quick definition of cloud. Let’s start with 3-4-5. 3 service models, 4 deployment models and 5 essential characteristics. This structure corresponds to the NIST definition, and is a good model to start to understand how people talk about cloud. 3. Service Models: 1.Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. 2. Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations . 3. Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). 4.Deployment Models: 1. Private cloud. The cloud infrastructure is operated solely for an organization . It may be managed by the organization or a third party and may exist on premise or off premise. 2. Public cloud. The cloud infrastructure is made available to the general public and is owned by an organization selling cloud services. 3.Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. This might include the ability to store data on your private cloud and public clouds. 4.Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. 5 Essential Characteristics: 1. On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider. 2. Broad network access. client Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick platforms (e.g., mobile phones, laptops, and PDAs). 3. Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. 4. Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out, and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. 5. Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. Now that we have an understanding of the terminology and characteristics of cloud, let’s talk about some of the benefits and risks of cloud.
The reality that we see is that most companies will use many clouds, depending on what is right for them. To gain confidence in your cloud, you must understand the patterns of success for cloud and implement strategies that support the pattern that fits your company and your situation. Our customers tell us they have an average of 5 or more SaaS applications, and 2 or more IaaS partners. They already have many partners for app hosting, web hosting, and IT services. They are deploying a variety of deployment models, including Public, Private, and Hybrid. Reflecting the cloud reality, let’s hear from an innovator in the cloud, Microsoft, and how their cloud platform, Azure, is used to build, host and scale web applications through Microsoft datacenters.
Visual representation of customer’s journey in adopting virtualization. Typically, most organizations start with non-critical assets to take advantage of capex savings. Then, they grow their adoption to more vital, business-critical applications and services. This progress can many times slow due to challenges that materialize in areas of increasing storage costs, concerns over application availability, broken backup and recovery processes and concerns over unknown security and compliance challenges. As they progress, they focus on increasing confidence in IT’s ability to deliver consistent and reliable services levels, increasing and preserving the quality of those services, securing the resiliency and compliance of their infrastructure and overall achieving a higher level of business agility or aligning IT to meet new business challenges and demands. Upon reaching a point of being able to deliver business-critical services, customers begin to understand the greater value that virtualization will bring in developing an agile service delivery architecture. So we say that the road to Cloud goes straight through business-critical virtualization.
Identity Security – Strong Single Sign-on / authentication, context based policy engine Information Security – Strong Box – who has access to what and where – managed or unmanaged device – Auditing – works with any SIEM, incident management, which clients accessing which cloud services, any data loss incidents or violations – device independent and cloud services independent. Leverages Existing IDM Infrastructure Any corporate directory or user store Single ID SSO Strong Authentication VIP OTP Stepped up (per application policy) Other forms using custom portal integration Authorization Context-based policy engine Who (identity-based) What (device-based) Federation & Password Mgmt SAML & OpenID Gateway-based keychain 100 apps catalog (+ connectors) Availability: Q1 CY2012 DLP for information classification Leverages existing DLP deployment Identity context Any device, any cloud Silent File Encryption Leverages existing PGP deployment Key management option Other forms using custom portal integration iPad Secure Sandbox App “ bring your iPad to work” Integrated with gateway (SSL VPN with 2FA) Sandbox data at rest encryption Availability: 2H CY2012 Cloud Audits Cloud logs consolidated in ONE place Gateway visibility spawns all cloud services Gateway visibility spawns both access & information events Cloud Security Management Standard logging format (Syslog) Well understood by existing log mgmt solutions Enables SIEM and event correlation across internal and external systems Cloud Compliance Management O3 logs are foundational to cloud compliance Demonstrable controls (gateway policy) and collectable proofs and evidence (gateway logs) “ Cloud PCI”, “Cloud HIPAA” become possible Availability: Q1 CY2012 for access events 2H CY2012 for info events
Opening Keynote and Welcome
Symantec Government Technology SummitSymantec Government Technology Summit 2012 1
Welcome Craig P. Abod President Carahsoft TechnologySymantec Government Technology Summit 2012 2
About Today’s Event• Government focused• Hands-on product training• Technical experts• Access to Symantec’s government sales team• Access to partners who specialize in what government needs during sessions and in the exhibit hall• Detailed break-out sessions covering: – Virtualization and how to manage it – Open-ness of Data – Evolution of Endpoint – Transparency of Government – Cyber Threat Landscape• Keynotes from Symantec’s Jennifer Nowell and Author Joel Brenner• Network with other government Symantec users throughout the day and at our closing reception.Symantec Government Technology Summit 2012 3
About Carahsoft• Carahsoft serves as the master GSA Schedule holder and distributor for many of our vendors.• We support the partner ecosystem with access to contract vehicles, marketing, sales and support.• Our goal is to bring leading-edge technologies to the government and make them easy to procure.Symantec Government Technology Summit 2012 4
Upcoming Events Symantec Webcast - AFCEA Joint Warfighting 2012 NetBackup May 15-17, 2012 March 21, 2012 (tomorrow) Virginia Beach Convention Center Time: 2pm Eastern Symantec Webcast DoDIIS April 1-4, 2012 June 27, 2012 Denver, CO Time: 2pm Eastern Symantec | Clearwell Webcast Symantec Government User Groups April 25, 2012 Coming soon in 2012 Time: 2pm Eastern DISA Symantec Backup For Your VMware May 7-10, 2012 Environments Tampa, FL www.VirtualBackupPlan.com Symantec Army Webcast May 10, 2012 Time: 2pm Eastern Visit: www.carahsoft.com/symantecSymantec Government Technology Summit 2012 5
Thanks to Our Sponsors Symantec Government Technology Summit 2012 6
Contact Us877-GOV-SYMC (468-7962)firstname.lastname@example.org www.carahsoft.com/symantecSymantec Government Technology Summit 2012 7
Morning Keynote: Jennifer Nowell Director, Government Solutions Group SymantecSymantec Government Technology Summit 2012 8
Americas Public Sector – Current State of AffairsJennifer NowellDirector, Government Solutions Group, Americas Public Sector 10
Current State of Affairs - Americas Public Sector 1 Federal Budget continue to decline but there is hope 2 Continued mandates to safeguard the future 3 New Trends straining Traditional Models 4 Symantec Public Sector Direction and Promise for the Future 5 Q&A 11
Public Sector IT Market $94.4 B $95 B $92.5 B $92 B $92 B $81.2 B $75.8 B $78.8 B $72 B $67 B $20 B $21 B $19.7 B $19.7 B $19.8 BSource: Center for Digital Government Center for Digital Government, 2012
Navigating in a tight budget climate• Agencies and/or programs are being forced to cut back – Overall software maintenance contracts across vendors – Efficiencies and focus on optimization• Programs/initiatives that will be highlighted by White House in Presidential elections – Federal Data Center Consolidation Initiative Savings – Cyber Security and progress on CNCI – Cloud First policy and efficiency gained • Eventhough FedRAMP is a work in progress• Agencies considering new funding sources – CapEx v. OpEx funding sources 13
Yet, they still have requirements to contend with…New/Reformed Legislation• Information Sharing• FISMA Reform with Continuous Monitoring• Critical Infrastructure Protection• Data Breach Notification• Supply Chain Security• Privacy 14
New Trends Straining Traditional ModelsWhat Got Us Here Will Not Take Us Forward• Mobilization •Cloud-based security controls• Consumerization• Virtualization •Context awareness• Cloudification •More sensors, big data and analytics• Industrialization of Hackers •Virtualization of security controls• Nationalization of Hackers •Anomaly detection of advanced• Externalization and Collaboration threats •Cloud security gateways •Intelligence/situational awarenessGartner 2011 15
Interaction AgeCloud & Mobility Driving Increase Pace and Value of Connectivity 3.0% Growth in Connectivity Interaction Era (2007 – ) (1959 – Today) 2.5%Value of Connectivity 2.0% Internet Era (1996 – 2007) 1.5% 1.0% Client-Server Era (1981 – 1996) Mainframe Era 0.5% (1959 – 1981) Thousands Millions Billions Number of Connections 16
What We Are Hearing From Our CustomersCurrent …is Forcing IT …and CreatesLandscape… to Evolve… New Challenges• Growth of information • Virtualize • Virtualization compounds• Sophistication of infrastructure storage growth attacks • Move to cloud • Information distributed• Consumerization of IT • Embrace and protect across physical, virtual• More compliance mobile devices and cloud requirements such as • Enhance infrastructure • Security of virtual, cloud Continuous Monitoring agility and mobile environments 17
IT Must Evolve to Meet New Demands Information & Identity System • Driver: Next level of productivity and agility with collaboration • Driver: Business automation, and knowledge sharing, mobile e.g., ERP, functional apps workforce • Data: Centralized, structured • Data: Distributed, unstructured • Infrastructure: Physical • Infrastructure: virtual, cloud, • IT focus: Systems tasks outsourced,
Fundamental Shift in the Threat Landscape State Actors Government Sponsored Attackers Malicious Outsiders Insiders Malicious and Non-Malicious Hack-tivists Hacking for a Cause Cyber Criminals Hacking for Profit
CyberScope – DefinedExecutive Order M-10-15Issued: April 21, 2010SUBJECT: FY 2010 Reporting Instructions FISMA“ Agencies need to be able to continuously monitor security-related information from across the enterprise in a manageable and actionable way. Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and other agency management all need to have different levels of this information presented to them in ways that enable timely decision making. To do this, agencies need to automate security-related activities, to the extent possible, and acquire tools that correlate and analyze security- related information. ““Agencies need to develop automated risk models and apply them to the vulnerabilities and threats identified by security management tools.” 20
Agency Requirements & ChallengesAutomated Administrative & Mission ReportingEach agency must:2.Respond to their administrative duty to produce validated content to report into CyberScope3.Meet their daily mission to adhere to the needs of their customers by ensuring the health and security of their organization while protecting the privacy of their information and guaranteeing the availability of accessing that information and the performance of the network 21
Consumerization is Driving Disruption Embracing the Personally-Owned & Unmanaged – “BYOD” Info/App Access Only Data Sources: Gartner, & IDC Evolving Focus Unmanaged 246M Corp PCs Relevent 293M Personal PCs Devices 819M Smartphones Today 116M Tablets Future Devices 177M Corp PCs Full Control Managed 300M Smarphones 15M Tablets Traditional Focus Agency-Owned Personally-Owned DevicesSymantec Confidential and Proprietary - Not for Distribution Outside SYMC
Cloud Differs from Traditional IT Service Deployment Models Cloud Needs Models 1. Infrastructure 1. Public Cloud 1. On-Demand Self-service 2. Platform 2. Private Cloud 2. Resource pooling 3. Software 3. Hybrid Cloud 3. Rapid elasticity 4. Community Cloud 4. Measured service23
Cloud Reality PaaS (Azure) IaaS SaaS Apps (AWS, (SFDC, Concur) Rackspace) SYMC Apps Private Cloud (e.g. VIP) (HP, Fujitsu, VMware)• Most customers will use many clouds• Variety of deployment models
The Typical Virtualization Adoption Path“Today, 20-25% of server workloads are virtualized…” - Gartner, December 2010 Hybrid Cloud Business- critical Apps Increasing… Line of Business IT Confidence Apps File, Print, Quality of Service DNS Resiliency and ComplianceTest &Dev Business Agility The road to the Cloud goes straight through business- critical virtualization… Symantec Virtualization Solutions 25
Mobility, Cloud and I.T. Mega- Pains Mobile Must support to enhance employees productivity I do not have the means to control security, risk, and Frustration compliance across all of these new I.T. platforms Private Cloud Cloud Must embrace to drive business agility and lower costs
Symantec O3 : Changing the Interaction Model Access Control Information Protection Cloud Visibility O3 Control Security Compliance Private Cloud To embrace the cloud with confidence 28
Symantec O3 Welcome Jon Kuhn From Agency 1 • Allows enterprise IT to define and enforce their own security independently of the cloud platform Click on any icon to log in providers Cloud Based Protection • Primarily access control and information protection • Access control: “who can access what cloud applications” (authentication, authorization, federation) Agency/Enterprise SYMC 03 Cloud • Information protection: “what information can flow O3 Gateway O3 Intelligence Center to the cloud” (DLP , encryption) DLP Encrypt Key Mgmt Disruptive Technology “Secure” Box • “Cloud Firewall” concept • Both as software (large enterprises) or as SaaS (SME) • For the first time, identity and information security combined into a single security control point Box in the CloudSymantec Confidential and Proprietary - Not for Distribution Outside SYMC