More Related Content
Similar to Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Similar to Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist (20)
More from Ministerio TIC Colombia
More from Ministerio TIC Colombia (20)
Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
- 1. © Copyright 2012 EMC Corporation. All rights reserved.
Carlos Galeano
EMC2 Regional Storage Specialist
Carlos.galeanocantillo@emc.com
Seguridad en
información digital
- 2. © Copyright 2012 EMC Corporation. All rights reserved.
La transformación es continua
MovilidadConsumo masivo Sociabilidad
- 3. © Copyright 2012 EMC Corporation. All rights reserved.
La información como fuente de
transformación
• Es siginificativa para el usuario.
• Es el activo mas valioso de una
organización.
• Representa nuevas oportunidades o
ventajas competitivas
- 4. © Copyright 2012 EMC Corporation. All rights reserved.
La información como fuente de
transgresión
Puede usarse con fines cuestionables o poco éticos.
Puede divulgarse sin la debida autorización de su
propietario o autor.
Eventualmente puede robarse, sabotearse o
emplearse con fines fraudulentos.
- 5. © Copyright 2012 EMC Corporation. All rights reserved.
Principios básicos de seguridad
• Confidencialidad
• Integridad
• Disponibilidad
- 6. © Copyright 2012 EMC Corporation. All rights reserved.
Adaptarse a la dinámica actual de la tecnología
Gestion de Acceso a los datos
Application Platform TransportUser App / Data
- 7. © Copyright 2012 EMC Corporation. All rights reserved.
Regresando a lo básico
Clasificar los Datos
- 8. © Copyright 2012 EMC Corporation. All rights reserved.
Ejemplos de Clasificación y Control
Classification
Preventive
Controls
Auth Monitoring
Sensitive Restricted
DLP, Encryption,
Registered Asset
Data / App / User / Machine
Activity & Access Logs /
Search / posting / content
Confidential
DLP, Encryption,
Registered Asset
App Access Control/ Role
based
Access log / search / posting
/ content
Internal Use Only Host intrusion
App Access Control/ Role
based
Search / posting / content
Registered Public Registered account
App Access Control/ Role
based
Search / posting / content
Public
Uploading executable
content blocked
Anonymous access Search / content
- 9. © Copyright 2012 EMC Corporation. All rights reserved.
Regresando a lo básico
Definir Puntos de Control
Clasificar los Datos
- 10. © Copyright 2012 EMC Corporation. All rights reserved.
Evolucionar en los puntos de control
Controles a través de todos los niveles
Client
App
App
Container
OS /
Platform Network
Server
App
Authentication
Posture
Anti-malware
Data leakage
Transport encryption
At rest encryption —
Tradicional
Futuro
- 11. © Copyright 2012 EMC Corporation. All rights reserved.
Back To Basics
Definir Puntos de Control
Clasificar los Datos
Implementar Controles
- 12. © Copyright 2012 EMC Corporation. All rights reserved.
No importa donde se aplican los controles…..
Gestion de Acceso a los datos
Application Platform TransportUser App / Data
- 13. © Copyright 2012 EMC Corporation. All rights reserved.
No todo es bueno para todos:
Acceso con base en el riesgo.
Quién es usted?
Qué esta usando?
De donde viene usted?
Cómo llegó hasta aquí?
Hacia dónde va usted?
Cuál es su historia?
- 14. © Copyright 2012 EMC Corporation. All rights reserved.
Risk History
Click happy?
Intel
Easy target?
Education &
Awareness
Test performance?
Threat
Score
Modelamiento con base en el riesgo
Who are you?
User Identity
What you have
Device and controls
Where are you
Location
Who are you
Application role
What do you want
Data classification
Where is the data
Data location
Trusted Access
Published Access
Blocked Access
Source
Score
Destination
Score
Level
of Access
- 15. © Copyright 2012 EMC Corporation. All rights reserved.
Application
Integration
Cloud
App
Server
Data
Fabric
Monitoring &
Management
Integration,
Batch,
Web Services
Common
Data Model
EMC
PRIVATE CLOUD
Device Security
Enterprise App Store
Authentication
Access Control
Encryption
Anti-Malware
Management
Logging
Monitoring
Cloud Security
Authentication
Access Control
Posture
Data Leakage
Encryption
Device Mgmt
Logging
Monitoring
Legacy
Apps
New
Apps
E N T E R P R I S E A P P L I C A T I O N S
Data
Warehouse
CRMERP
Mobile Experience
- 17. © Copyright 2012 EMC Corporation. All rights reserved.
Network Access Tiers
Functiona
l Apps
Eng
Apps
Corp
Apps
Smart
Device
Windows
Laptop
Windows
Desktop
Apple
Deskto
p
Apple
Laptop
Linux
Laptop
Linux
Deskto
p
Thin
Client
User Role Ownership
Trust Assessment
Roaming Controls
Trusted Access Published Access
Operational
and Security
Intelligence
EnVision
NetWitness
Archer
eGRC
Published Services
Modelo de Acceso con base en niveles
de confianza
- 18. © Copyright 2012 EMC Corporation. All rights reserved.
Puntos clave a tomar en cuenta
Pensar diferente e innovar
La seguridad es un camino constante
Impulsar el cambio
La Seguridad es responsabilidad de todos