Successfully reported this slideshow.
Your SlideShare is downloading. ×

Data security strategies and drivers

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 23 Ad

Data security strategies and drivers

Download to read offline

Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics

Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Viewers also liked (18)

Advertisement

Similar to Data security strategies and drivers (20)

More from Freeform Dynamics (19)

Advertisement

Recently uploaded (20)

Data security strategies and drivers

  1. 1. Data Security Trends and Observations<br />Tony Lock<br />Freeform Dynamics Ltd<br />tony@freeformdynamics.com<br />April, 2010<br />www.freeformdynamics.com<br />
  2. 2. Agenda<br />Business Drivers Influencing IT Security<br />Protecting Data<br />The Future of Encryption<br />
  3. 3. Today, business want to…<br />Reduce costs<br />Leverage existing investments<br />Rationalise infrastructure / Reduce power consumption <br />‘Optimise everything’!<br />Increase agility<br />Access information on demand<br />Support new business initiatives quickly & effectively<br />Manage risk<br />Legal & regulatory / Security and privacy<br />Continuity / resilience<br />Protect brand<br />Be good corporate citizens<br />Governance / External obligations<br />Retain Customer trust and satisfaction<br />
  4. 4. Encryption and Key Management<br /> 4043372030755980512726843227940121734585012 7154539691420762 597242857594404736383206 864822559884522781272859586310783041215189039722995842274740595660911438608619370523665877168914807728150100036532892988233489229168412298957399856995916007784076516717934157958922080355531822072807338276962545494762362555017379346840089604010135260723134336771684303126571878448235124194684200289197340444389979954931395248708578295236216355137975564230921803957049782011111357<br />
  5. 5. Why is security important?<br />
  6. 6. New risks<br />External annoyances (Spam, virus, Drive by web infections, general Phishing, etc.)<br />Targeted crime (Hackers, Targeted phishing etc.)<br />Third parties inside the firewall breaching security<br />Staff breaching security by design<br />Staff / Third parties breaching security by accident – Information leakage<br />
  7. 7. Well Protected?<br />
  8. 8. To what degree do you consider these specific risks during business planning?<br />
  9. 9. Has regulatory compliance been a specific driver in the following areas?<br />
  10. 10. Generally speaking, when you add everything up, how is your spending on IT risk related investments such as security and information management changing?<br />
  11. 11. Agenda<br />Business Drivers Influencing IT Security<br />Protecting Data<br />The Future of Encryption<br />
  12. 12. Security “culture”<br />
  13. 13. How easy is it to control the potential security risk arising from the proliferation of confidential data across different machines and locations?<br />
  14. 14. How important are the following when considering the need to secure confidential information?<br />
  15. 15. What is holding “Data Security” back?<br /><ul><li>Link to lack of accurate knowledge
  16. 16. Mixed IT infrastructure deployed
  17. 17. Who has “access” to data, especially those with escalated privileges
  18. 18. Who is using each service and who should be?
  19. 19. Encryption. where used, is deployed piecemeal not across all systems
  20. 20. Lack of process to manage solutions
  21. 21. Lack of awareness that solutions are now available for a wide range of challenges</li></li></ul><li>The role of Encryption and Key Management<br />Today encryption has been implemented in a piecemeal fashion<br />Bit by bit<br />No central management or strategy<br />Key management left to individuals or groups<br />Encryption will, ultimately, be rolled out to address all of the highlighted risk areas<br />Key desktops and laptops<br />Storage arrays<br />Mobile Devices<br />Problems will occur<br />And very, very visibly<br />
  22. 22. Agenda<br />Business Drivers Influencing IT Security<br />Protecting Data<br />The Future of Encryption<br />
  23. 23. Moving “Data Security” and encryption Forward?<br /><ul><li> Define who is responsible for security
  24. 24. How should policy be set?
  25. 25. IT, The Businessand Security partners
  26. 26. Set how to create / handle security Procedures? 
  27. 27. Implement security solutions
  28. 28. Encryption and key management
  29. 29. Make as transparent as possible to users
  30. 30. Ensure staff know what is permitted in data security management
  31. 31. Until these are addressed, change will be difficult and risks will not be managed</li></li></ul><li>Process, process, process<br />Process<br />Define Processes for security<br />Try to standardise on solutions<br />Make sure everyone understands security threats and the consequences<br />Make sure that routines / procedures are in place to manage all aspects of security<br />Especially for mobile / home workers.<br />Create a feeling of responsibility for security<br />Train / Train / Train / Communicate<br />
  32. 32. Overall mix of concerns relating to adoption of latest technologies and working practices<br />Encryption can help address these issues<br />
  33. 33. The Future of Encryption<br /><ul><li>Use of Encryption will spread, and soon
  34. 34. Silo by Silo
  35. 35. Storage, Desktops, Mobile Devices, Applications
  36. 36. Data at Rest, Data in Motion
  37. 37. Ultimately encryption will become “expected”
  38. 38. The importance of key management will be recognised
  39. 39. But not to begin with
  40. 40. Education will be required or “incidents will happen”
  41. 41. Standards (ISO 7498-2, ISO 17799 etc.) are important
  42. 42. But customers will need to move before all standards are finalised and in place.
  43. 43. Best practice / experience is valued along with advice on where to start.</li></li></ul><li>Where to start with Securing Enterprise Data?<br /><ul><li>Know where data is stored, who is using it and why
  44. 44. Storage platforms / Desktops / Applications / Networks
  45. 45. Combine asset management / identity / encryption and key management
  46. 46. Define roles and responsibilities for data governance
  47. 47. Create policies for data management and security
  48. 48. Encrypt where needed
  49. 49. And make sure everyone understands and follows them
  50. 50. Audit data access and alteration
  51. 51. Define Identities
  52. 52. Personal / Device / Service / Application
  53. 53. Get good Management Procedures in place, especially for encryption key management</li></li></ul><li>Thank You!<br />Any Questions?<br />Tony Lock<br />Freeform Dynamics Ltd<br />tony@freeformdynamics.com<br />April, 2010<br />www.freeformdynamics.com<br />

Editor's Notes

  • RM – this slides covers the same topics as slide 6, should they be together?
  • RM – starting to get statistic overload by this point!
  • RM – this overlaps with slide 16, maybe rephrase the two as one focused on the goal and the other on barriers to deployment
  • RM – I like the first bullet, but it feels like a sweeping statement, are you going to provide more context – seems we have jumped from fairly generic stats to very specific predictions
  • RM – This is an important messaging slide, need to make sure these points get across. The best practices point is important and the fact that experience with early (high security) adopters like banks sets Thales and it’s partners up very well to take crypto to the mainstream. Is it possible to say more about timing and ordering of technology adoption – like storage before application level protection. What about role of standards and other critical success factors?

×