Investing in digital technology has become a number one priority for business. However, as seen from the recent ransomware attacks that have shaken organizations across Europe, the maturation of the digital industry has brought its own set of unique challenges. From phishing emails, to DDoS attacks, to mass-scale data breaches; protection against cyber-crime has risen up the business agenda in every organization, making it even more critical for businesses to build security into their workplace to ensure their data remains secure. So how do you stay in control without damaging the user experience? In this session we will examine what steps organizations need to take to deliver a secure workplace environment.
Vice President & CTO, Workspace Services
Head of IT Germany
Head of Digital Workplace Services
The rate and scale of cyber attacks is alarming. There are hundreds of security product vendors, and the industry is collectively spending billions of dollars every year and is expected to top $100 billion by 2020. So why is it so hard for organizations to get their act together and prevent breaches? The cybersecurity problem is hard because organizations have massive and growing attack surfaces. If we look at the sophistication of some of these attacks:
In March Wikileaks stole 8,761 CIA documents – the hacking technique exposed vulnerabilities in smartphones – both iOS and Android WannaCry, originating from North Korea, crippled UK Health Service – the virus spread throughout corporate networks without any need for a user to open anything, old versions of Windows OS were attacked. The Ddos strike which took Twitter and Spotify out was alarming in that we couldn’t see where it came from, because the attack came from millions of IP addresses around the world. And just last week there was Bad Rabbit… We need to identify attacks as they appear in real time. This means monitoring all traffic inside and outside of the enterprise 24 x7 – the reality is we may already have reached the limit of what humans can achieve in terms of cyberdefense…more on this later
But the Insider Threats dwarf cyber threats. The recent Citrix and Ponemon Institute survey published in Jan 2017 reveal three quarters of respondents are worried about security breaches and recognise a new security framework is needed to reduce risk.
The greatest threat of all is simple employee/contractor negligence - 568 breaches out of 874 reported to the Ponemon Institute in 2016.
From creating richer, more rewarding customer relationships to honing razor sharp processes and operations, digital technology is giving organizations the power to reimagine what they can do and what they can be. The reality is that digital disruption is not a negative force, merely an unstoppable one and it’s fundamentally changing organisations - breaking down organisational boundaries. The recent survey published by Fujitsu reveals that 79% organisations are willing to share sensitive business information 63% already running or embarking on co-creation projects More than half of the workforce in major economies such as the US and the UK will be working in a freelance capacity by 2025. A recent Harvard Business School survey showed that the millennial worker, more than anything, is looking for an employer who empowers them. The mindset of a millennial is very different – the feeling of empowerment comes more naturally The cloud is quickly becoming the environment in which we operate. Even companies who have been slow to adopt the cloud have migrated to cloud apps and services and away from on-prem offerings.
On the one hand we have ever increasing levels of threat and on..
…the other hand we have increasing demands for empowerment, productivity and a good user experience.
In this session we are going to show how having a great user experience with increased security is not only possible, it’s essential. We all battle with memorising multiple passwords for multiple applications, we all need to collaborate by sharing documents and data, and the vast majority of us understand the need to protect our identities and our corporate data. We don’t want to be that person who is responsible for a data security breach. We want to be compliant IT has a unique opportunity to deliver a better user experience at the same time as significantly improving security. The traditional perimeter is disappearing, we now need to focus on identifying the user and protecting the data – in motion and at rest. Let’s use a simple scenario to examine this in more detail.
Barbara in social housing has a problem with boiler, she goes on to the housing association’s website to register a fault using a mobile phone. The website authenticates her using a public ID system to verify she is a resident. She fills out a form, the form raises a job request and logs the job.
Annette starts work at the Housing Association at 9am, it takes her 20 minutes to log in to all her systems. She sees the complaint and the job request to fix the boiler and sends Barbara an email that her request to fix the boiler is being dealt with. The maintenance company that services the flats receives the job request. CRM matches the resident against the Housing System and logs the job 3rd party maintenance company raises a job request with one of their local men in vans, who accept the job on their smartphone. Email/SMS/phone call from Housing Association to resident informing them of time of visit of repair man
Man in van visits the site, assesses the job, takes a photo and writes notes to recommend the approval of the repair This approval follows a process through 3rd party maintenance, to CRM and to the finance system to authorise the job Man in Van completes repair, sends notes and photos back. This triggers completion notes and records into Housing, Finance, CRM and sends a customer email to notify of completion.
This is not an unusual scenario, but let’s look at the complexity of systems supporting these processes
Let’s look at all the vulnerabilities: The devices and any data stored on them – there are vulnerabilities in the iOS and Android operating systems, the devices could be lost or stolen. The laptops – the microphone and camera are vulnerable, an outdated Windows operating system without the latest patches, and the user’s potential password fatigue make them easily hacked. The user opening an email with malware attached. The user saving files including confidential customer data on a USB stick. A rogue employee or contractor downloading data on to a dropbox folder to sell or take to a new employer. Barbara’s details are sent across public networks, to public clouds and private legacy systems behind firewalls. All of these systems, we know, criminals are trying to hack on a daily basis. The challenge for security professionals is how they ensure, a good customer experience for the tenant, a good UX for Annette the worker, for the staff in the property maintenance company and the plumber who has to fix the job and process the payment. And at the same time ensure all data and identities are secure?
I am now going to invite Ann and Christian on to the stage and ask them what Microsoft and Citrix are doing both individually and as partners to address these vulnerabilities.
What is Microsoft doing to protect organisations Windows estate from Cyber attacks ?
2. For organisations moving workloads to the public cloud, what would be the security benefits of moving to Azure?
3. How are you making sure that every Microsoft employee’s data and identity is protected?
How can a better User Experience also deliver better security?
2. How do you see the integration of Citrix and Microsoft transforming the security in the workplace?
3. Can you give us some examples of organisations who have implemented best practice?
Pulling all of these capabilities together, understanding how it integrates, knowing what is the best solution for your organisation is where Fujitsu adds value.
Fujitsu manages more than 5m desktops worldwide, we are the most strategic partner are CITRIX and we a decade long relationship with Microsoft. But we are not only a Systems Integrator and Managed Service Provider. We are a world leader in Artificial Intelligence with more patents filed than any other company. We have taken an intelligence led approach to security with our Advanced Biometrics and AI in Cyber security.
Cybercriminals combine social engineering and technology to access sensitive corporate intellectual property or financial data – it just takes a single employee in a company’s finance department to open an email attachment that looks like an invoice for an infection takes hold. Faked documents contain macros that download self-installing programs, manipulating the host computer to capture confidential data that can later be used for phishing attacks. We need to identify attacks as they appear, in real time. We do this by monitoring all the traffic inside and outside of the enterprise, 24 x 7.
Of course, no security expert can do this, no matter how skilled. In fact, with the level of attacks we see today, the reality is that we may already have reached the limit of what humans can achieve in terms of cyberdefense. That’s why we are leveraging the ability of Artificial Intelligence (AI) to analyze these huge amounts of complex data with speed and accuracy. By identifying behaviour patterns in unstructured data, we can identify possible threats. We just need to ask the system to examine four parameters for all the traffic that enters or leaves a business: Its source, destination, port number ,location. With guidance from our experts, AI machine learning has established what familiar patterns look like and can recognize normal traffic. Therefore, when it encounters data packets that fall outside of these normal patterns, it immediately flags the anomalies. This machine learning is cumulative – so it keeps on improving. Early in the training cycle, these systems raise a lot of false alarms, but over time they get better and better at identifying true threats. Threats can’t be avoided but we can monitor and be more proactive in minimizing the risk they present. And with the continued operation of businesses at stake, you would have to be out of your natural intelligence not to deploy artificial intelligence to reduce the threat of cyberattacks.
We have 6 Security Operations Centres across EMEA and 2 Advanced Cyber Threat Centres in UK and Germany monitoring our customers estates 24 x 7.
IDENTITY We have talked about the importance of identifying users, passwords are the weak link, they can be easily hacked and users become exasperated trying to remember several different passwords for different applications. Biometrics is far more effective and delivers a far superior user experience. Microsoft are using Iris recognition, thumb print recognition for Windows 10, Fujitsu has patented Palm Vein recognition which is more reliable and even more secure than thumb print. It is so secure that a Brazilian bank has rolled it out for their customers to withdraw cash from ATM’s. We are working with CITRIX now to integrate PalmSecure with Netscaler to enable PalmSecure laptops to provide a single sign on for all applications.
Fujitsu Microsoft and Citrix have the capabilities to help you deliver user centric security. By that we mean: SSO: Going back to Annette in the scenario: there are workers today who have to sign on to multiple apps. Make it simple – sign on once and get access to all applications. Know me, know where I am: We don’t need two step authentication if we are usually logging in at home, but if you see me logging in from China then introduce two or three step authentication Know what I can or can’t share: With GDPR around the corner, no employee wants to be the one responsible for a data breach. We need to protect users form making mistakes, by ensuring all sensitive data is held centrally and cannot be downloaded/forwarded etc. Protect my identity and Protect my data (with work and personal lives blurring – we look to our employers to protect our identities and our personal data from attacks. And finally – make it easy for me to collaborate securely with employees, customers and partners.
No silver bullet, but complexity is the enemy of security Multi-layered clear strategy focused on the identity of the user and securing the data and apps Cloud First strategy simplifies security Focus on User Experience Fujitsu, Microsoft and CITRIX, working together, have the skills and technology to protect enterprises