Gemalto's Gary Marsden takes us through the hyper-developing world of 'Data Protection On Demand In Hybrid IT' and why companies need to change their behaviours to suit the customers.
1. What is Hybrid IT ?
The Security Heretic ….The Case For Change
In The Data Protection Market
Gary Marsden, Senior Director, Data Protection Services
December 2017
2. Are traditional methods and beliefs hindering the
advancement of our industry?
“If I'd asked customers what they wanted, they would have said
"a faster horse” (Henry Ford)
……so, you have to ask the question to think outside of the box
Are traditional methods and
beliefs hindering the
advancement of our industry?
Hey, I just proved that you can
simplify Data Protection
Retract your findings immediately we
cant have customers finding out!!!
Only DEVILS think they
can improve the world so
others can understand it
Do it for the good of the industry you beast!!
3. The Security Market Needs to Change
“No one wakes up in
the morning wanting
to buy a HSM”
“Don’t even think of selling
me ‘just one more product’.”
“Make it so my 5 year old can use it,
and I only want to pay for what I use.
Period.”
“Encryption is a religion
Marsden, and you are a
heretic”
4. How Security SHOULD Feel to Enterprise Users and IT
Administrators….
….secured with the push of a button
5. Example: The Cloud Has Reset IT Expectations
“I deployed my application
in five minutes.”
Rapid Time to Market
“No more time spent on low-level
infrastructure management.”
One-Click Simplicity
“I use and pay for just what I
need only when I need it.”
Fractional IT Consumption
“New capabilities are available
on a regular basis.”
Continuous Innovation
6. Too many clouds, can make things a bit foggy…..
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
One to three Four to Eight Nine to Twelve
Number of clouds within an organization
Number of Clouds
06.12.17Title6 Source: Gemalto – Sept 2017
7. Example: The Extent of The Problem
7
Total Germany
0% 9% 2%
1% 5% 0%
2% 13% 13%
3% 16% 31%
4% 15% 18%
5-10% 31% 27%
*More than 10% (please specify) 8% 2%
Don’t know 4% 7%
Average percentage of breached data
that was protected by encryption
8.36% 4.52%
Thinking about your organisation’s most recent
breach, what percentage of the breached data was
protected by encryption?
Source: Gemalto – July 2017
Click to
download
8. GOAL: All data is secured
Multiple borders and data silo’s
Too many solutions, high
management overhead
Individual SaaS providers become
Crypto custodians
Lost of portability and control
Struggle to define a unified security
policy
Investment is prohibitive
……. which makes compliance
TOUGH!!
The Challenge: Compliance in a Cloudy World
9. Example: The Complex Path To Compliance and CIAAA
How do I ensure that
only I have access to my
data forever
How do I ensure that I set
and manage the policies for
my encrypted data
How do I control my
keys across such
disparate
environments?
How do I secure my keys
without adding cost and
complexity
Reminder: Confidentiality, Integrity, Availability, Auditability, Accountability
10. And What About The Future…… More Complexity?
10
LDAP
IDaaS
Data
Protection
IoT
PaaS
IAM
Encrypt
PKI
SAML
HSM
Block-
Chain
2FA
Biz Process
IaaS
Oracle
SAP
API
SaaS
SFDC
KMIP
Usage
Billing
Micro
Services
Challenge: Adopting New Models to Keep Pace
11. Example: The Changing Audience
Partner/SP
Prod Mgr
Partner/SP
CIO/
CISO
IT /Sec
Dir
Distributor or Service Provider Tenant
Responsible for delivering
solutions that secure all
data in-line with company
policies and industry
standards
Owns
Budget
Economical Buyer
App Owner
(Use Cases)
Tenant
Admin
Users
Defines or Confirms
requirements
Responsible for applications
which need to be secured.
Meets data security
requirements, manages
application lifecycles,
increasingly Dev Ops
Application
Owner
Technical Buyer
Wants help
doing their job
Enterprise
Customer/
Consumer
Customer
ServiceMgr.
Responsible for the corporate
system of record which
contains personal identifiable
information. Multiple roles
across different disciplines
with the organization
Functional Buyer
ITSecurity
Director
12. Example: Good Security Takes Too Long to Build
12
Monday Tuesday Wednesday Thursday Friday
X
Purchase
Delivery
Understand
X
Configure
Deploy
X
Test
Use
Manage
Support
Upgrade
X
Design
Select
Plan
13. Situation: Data Protection Needs Today and Tomorrow
Affordability
Move to OPEX base
cloud models
Investment
Leverage Pay-as-
you-Go
Complexity
Reduce need for
specialist knowledge
Scalability
Grow as you need
Simplicity
Easy to deploy
Manageability
Everything from one
central point
TCO
Minimize overheads
and resource
utilization
£
€ $
Challenge: Changing Our Approach to Achieve These Goals
15. Example: Key Broker ….
5 Steps to Securing Cloud Data - A Heretic’s Dream
CUSTOMERS
Trusted 3rd Party
BYOK
Cloud Providers with
native encryption:-
SAP HANA
GOOGLE
AWS
WORKDAY
1 Subscribe
2
Authenticate
3
Enter Parameters
4
Access Protected Data
Generate and Provision Keys
Key Management & Audit5
Manage Key Lifecycles
16. In Summary……..
No one wakes up in the morning wanting encryption – New compliance regulations and
increasing number of data breaches are driving need
Traditional security approaches no longer map to the market needs – Instant and on
demand service (not product) and “pay per Use” is the new norm
A refreshed approach to security that provides CIAA for a new set of data and
applications owners – users want a “Click to Encrypt” model
Active data protection is on horizon – encryption becomes a natural part of the distributed
neural network that will be the IT landscape of the future. Efficient, easy-to-use, transparent
Need to trust someone– Staggering shift to higher order services is putting trust in service
providers and 3rd party software based applications
17. Similar Gemalto Discussions
How Cryptocurrencies are Changing the Face of Financial Services
451 Research & Gemalto Present "Alphabet Soup: Deciphering Multi-Cloud
Security”
The Blockchain Bubble: Identifying viable opportunities for blockchain
06.12.17Title17