I NTER D YN Innovative Solutions, Proven Results Digital Outsourcing Presented by: Robert J. Bagnall, CEO Maverick-Securit...
About InterDyn AKA <ul><li>We are a sales and professional services firm focused on: </li></ul>Dynamics GP, Dynamics CRM, ...
About InterDyn AKA <ul><li>2006 MS Dynamics GP Global Partner of the Year (#1 of the 2,100 partners) </li></ul><ul><li>200...
About Maverick Maverick provides customized, personal and corporate security and brand defense services to High-Profile In...
Topics <ul><li>The Current Global Digital Threat Climate </li></ul><ul><li>Cyber-Trends Against The U.S. Financial Service...
The Current Global Digital Threat Climate
3 Most Common Exploitation Types <ul><li>People [most common] </li></ul><ul><li>Processes </li></ul><ul><li>Technologies <...
Primary Motivators <ul><li>Economic </li></ul><ul><li>Ideological </li></ul><ul><li>Nationalistic </li></ul><ul><li>Crimin...
Threats By Region Region-1: North & Central America> Although the most regulated, the United States is also still the coun...
Threats By Region Region-4: Russia & Eurasia> Organized crime is by far the biggest threat in Region 4.  The Russian and e...
Threats By Region Region-7: Central & Southeast Asia> China is a formidable digital threat.  Regardless of the fact that A...
Exploitation Categories <ul><li>Fraud  </li></ul><ul><ul><li>Credit Cards </li></ul></ul><ul><ul><li>Phishing/Pharming </l...
Cyber-Trends Against The U.S. Financial Service Sector <ul><li>The outsourcing of financial services and support to countr...
Considerations Prior To Outsourcing <ul><li>No matter what kind of outsourcing solution you are considering, you must exam...
Common Pitfalls in Outsourcing <ul><li>A Lack of Due Diligence </li></ul><ul><ul><li>Poorly written contracts </li></ul></...
Communications,   Connections, and Security Considerations Between Locations <ul><li>Examine your foreign outsource provid...
Dealing With Data Exposures <ul><li>There is no way you will ever prevent everything.  This is why you work to prevent mor...
5 Things You Can Do To Protect Your Existing Outsourcing Right Now   <ul><li>Restrict Access to Data [based on need] </li>...
The Last Word Outsourcing is a viable, necessary, and soon-to-be integral part of American business – particularly in crit...
Quick Questions
<ul><li>Overview of Technologies </li></ul><ul><ul><li>Microsoft Office SharePoint Server 2007 </li></ul></ul><ul><ul><li>...
Servers Slide 18: On the upper pie, change Office 12 to the updated logo.  You can even put the Windows Sharepoint Service...
Definition of a portal Microsoft Confidential The Presentation Layer of information to lines of business Internal Apps Ext...
The Microsoft Office 2007
Out-Of-Box Workflow
InfoPath Forms In Browser
SharePoint Portal Server 2007 <ul><li>What pain points does it solve? </li></ul><ul><ul><li>Reduces email by 50-60% </li><...
Project  Server 2007 <ul><li>What is the product? </li></ul><ul><ul><li>Enterprise project management for a project team a...
Project  Server 2007 <ul><li>What pain points does it solve? </li></ul><ul><ul><li>Enables higher workload capacity-helpin...
Portfolio Server 2007 <ul><li>What is the product? </li></ul><ul><ul><li>Ideal for strategic planning  </li></ul></ul><ul>...
Portfolio Server 2007 <ul><li>What pain points does it solve? </li></ul><ul><ul><li>Stops projects starting which can neve...
Office Groove Server 2007   A peer to peer network.  No server required A ‘Napster’ on steroids The true virtual office Mo...
Liquid Machines Document Control <ul><li>Controls & protects data at all times,  no matter where it goes </li></ul><ul><li...
Liquid Machines Policy Droplet™  <ul><li>Native support for over 65 application file formats </li></ul>
Liquid Machines File share Gateway <ul><li>Enables wide-scale rapid deployment of information protection by applying polic...
Role-based Enterprise Policies Seamless integration with Active Directory to quickly add or remove users or groups to poli...
Activity Reporting On End User Actions Activity reports deliver results based on user-selected queries  Results detail acc...
Liquid Machines Document Control Overview Liquid Machines Agent Policy Administration Auditing & Reporting Liquid Machines...
Glossary of terms <ul><li>Digital signature:  An  electronic scheme used to simulate the security properties of a signatur...
Applying this technology to outsourcing
SharePoint Portal Server 2007 <ul><li>What is the product? </li></ul><ul><ul><li>Internet, extra net, corporate internet <...
Scenario  <ul><li>Organization: 500 + employees, located globally, customer service activities have been outsourced to a a...
Scenario  <ul><li>Organization: 15 employees, located in NYC, have 3 rd  party brokers selling their products.  They are o...
Summarize the presentation  <ul><li>Obviously this is an important subject </li></ul><ul><li>What’s important:  Process an...
Questions
Upcoming SlideShare
Loading in …5
×

Digital Outsourcing: Risks, Pitfalls, and Security Considerations

2,748 views

Published on

-The Current Global Digital Threat Climate

-Cyber-Trends Against The U.S. Financial Service Sector

-Considerations Prior To Outsourcing

-Pitfalls In International Partnerships

-Communications, Connections, And Security Considerations Between Locations

-Dealing With Data Exposures

-5 Things You Can Do To Protect Your Existing Outsourcing Right Now



Session 2 10:30am-11:30am

-Technology Outsourcing Trends

-Secure Outsourcing Technologies

-Collaboration Methods With Remote Teams

-How To Connect People With The Right Information At The Right Time And The Right Place

-How To Connect People With Fellow Employees, Vendors, Partners Or Other External Contacts Outside Of the Organization

-Project Management Technology Of Remote Resources

Published in: Economy & Finance, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,748
On SlideShare
0
From Embeds
0
Number of Embeds
67
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Digital Outsourcing: Risks, Pitfalls, and Security Considerations

    1. 1. I NTER D YN Innovative Solutions, Proven Results Digital Outsourcing Presented by: Robert J. Bagnall, CEO Maverick-Security, LLC Peter Ward, Business Collaboration Manager InterDyn AKA Risks, Pitfalls, and Security Considerations for Doing It Right
    2. 2. About InterDyn AKA <ul><li>We are a sales and professional services firm focused on: </li></ul>Dynamics GP, Dynamics CRM, and Dynamics AX Office 2007: SharePoint, Project Server, Project Portfolio Server, InfoPath, Forms Server Custom Application Development
    3. 3. About InterDyn AKA <ul><li>2006 MS Dynamics GP Global Partner of the Year (#1 of the 2,100 partners) </li></ul><ul><li>2006 MBS Pinnacle Customer Award – Evangelist (Young Broadcasting) </li></ul><ul><li>2006 MS Excellence in Quality </li></ul><ul><li>2006 Customer Satisfaction and Experience Award </li></ul><ul><li>2006 Excellence in Sales and Marketing (Global Finalist) </li></ul><ul><li>2006 Technology Innovation Partner of the Year (Global Finalist) </li></ul><ul><li>2006 Inner Circle Member – Top .5% of MS Dynamics Partners </li></ul><ul><li>2005/ 2002 Eagle Award </li></ul><ul><li>2005 MBS Pinnacle Customer Award – Overall Excellence (American Bible Society) </li></ul><ul><li>2003 NY/NJ Medium Business Partner of the Year </li></ul><ul><li>Microsoft ERP Reseller of the Year finalist </li></ul><ul><li>Proven Methodologies </li></ul><ul><li>275 + MS Dynamics Implementations </li></ul><ul><li>MBS Gold Certified Partner </li></ul><ul><li>Exclusively Authorized Training Center </li></ul><ul><li>92% Customer Retention Rate </li></ul>
    4. 4. About Maverick Maverick provides customized, personal and corporate security and brand defense services to High-Profile Individuals, small businesses, and a few select corporate clients. Our patented methodology and processes encompass over 15 years of cyber-security and intelligence experience in the government and commercial sectors. Services include Personal Brand Defense (PBD), the SPF Assessment Program, and Global Digital Threat Intelligence.
    5. 5. Topics <ul><li>The Current Global Digital Threat Climate </li></ul><ul><li>Cyber-Trends Against The U.S. Financial Service Sector </li></ul><ul><li>Common Threat Motivations & Exploitations </li></ul><ul><li>Considerations Prior To Outsourcing </li></ul><ul><li>Pitfalls In International Partnerships </li></ul><ul><li>Communications, Connections, and Security Considerations Between Locations </li></ul><ul><li>Dealing With Data Exposures </li></ul><ul><li>5 Things You Can Do To Protect Your Existing Outsourcing Right Now </li></ul><ul><li>… plus a few “optional extras” </li></ul>
    6. 6. The Current Global Digital Threat Climate
    7. 7. 3 Most Common Exploitation Types <ul><li>People [most common] </li></ul><ul><li>Processes </li></ul><ul><li>Technologies </li></ul>
    8. 8. Primary Motivators <ul><li>Economic </li></ul><ul><li>Ideological </li></ul><ul><li>Nationalistic </li></ul><ul><li>Criminal </li></ul><ul><li>Opportunistic </li></ul>
    9. 9. Threats By Region Region-1: North & Central America> Although the most regulated, the United States is also still the country with the largest quantity of SPAM site hosts. Mexico and Central America hold regional ideological movements that transcend to the cyber environment. THREATS: Economic, Ideological, Opportunistic, Criminal Region-2: South America & Caribbean> South America is a growing digital threat, with Brazil leading the way. In five short years, Brazil has gone from script kiddie web site defacements to a formidable hacker-for-hire. THREATS: Criminal, Opportunistic, Ideological Region-3: Europe> Although ideological threats persist within this region, the majority of the threat comes from the open practice of cyber-espionage and business intelligence against competitors. THREATS: Economic, Opportunistic, Ideological
    10. 10. Threats By Region Region-4: Russia & Eurasia> Organized crime is by far the biggest threat in Region 4. The Russian and eastern European mafias, tacitly and sometimes openly supported by government, operate fraud, SPAM, hacker-for-hire, and digital extortion with near impunity. THREATS: Criminal, Economic, Ideological, Opportunistic Region-5: MidEast & Southwest Asia> Rising rapidly since 2003, the Middle East threat is almost entirely ideological. Southwest Asia sees economic and criminal activity as well due to ethnic and religious differences within the region. THREATS: Ideological, Economic, Criminal Region-6: Africa> Africa remains the slowest region to rise in terms of global digital threat. Much of the activity within the region is more associated with the infusion of outside influence (religious and criminal) than internal capability. The largest threat here remains scams and other criminal activity, though a spike in ideological hacking activity is being seen today. THREATS: Criminal, Ideological
    11. 11. Threats By Region Region-7: Central & Southeast Asia> China is a formidable digital threat. Regardless of the fact that America and China share extensive economic relationships, Chinese military doctrine states that they plan and execute for cyber war to emerge as the global power. THREATS: Nationalism, Economic, Opportunistic Region-8: Australia> While Australia shares a close personal relationship with the United States, economic and opportunistic threats still exist. THREATS: Economic, Opportunism
    12. 12. Exploitation Categories <ul><li>Fraud </li></ul><ul><ul><li>Credit Cards </li></ul></ul><ul><ul><li>Phishing/Pharming </li></ul></ul><ul><ul><li>Carding </li></ul></ul><ul><ul><li>SPAM </li></ul></ul><ul><ul><li>Spyware </li></ul></ul><ul><li>Accesses </li></ul><ul><ul><li>Boutique Hacking </li></ul></ul><ul><ul><li>Specific locations or levels of access </li></ul></ul><ul><li>Identity Theft </li></ul><ul><ul><li>Personal </li></ul></ul><ul><ul><li>Technological </li></ul></ul><ul><ul><li>Purchasing Power </li></ul></ul><ul><li>Information </li></ul><ul><ul><li>Intellectual Property </li></ul></ul><ul><ul><li>Access Escalation </li></ul></ul><ul><ul><li>Targeted Attack </li></ul></ul>
    13. 13. Cyber-Trends Against The U.S. Financial Service Sector <ul><li>The outsourcing of financial services and support to countries like India make those foreign partner companies an attractive target. As a result, groups like the Pakistani Hackers Club target Indian companies who support U.S. firms because they can have a double impact with a successful attack. : </li></ul><ul><li>Fraud versus the “cost-of-doing-business” mentality </li></ul><ul><li>Targeted identity theft and access against FS companies </li></ul><ul><li>Targeted attacks against data companies servicing FS companies </li></ul>
    14. 14. Considerations Prior To Outsourcing <ul><li>No matter what kind of outsourcing solution you are considering, you must examine it carefully. Here are a few of the more important ones: </li></ul><ul><li>If my outsource provider is a foreign firm, what regional threats do I need to consider? [Religious, ethnic, social, criminal, etc.] Know the threats to your company and those within the region where you are considering an outsource relationship </li></ul><ul><li>What are the threats to my provider? Do they/could they extend to me? </li></ul><ul><li>Does my provider have any issues I need to consider? [past incidents, poor reputation, bad brand presence online] </li></ul><ul><li>How seriously does my provider take their own security? Examine the due diligence of each provider you consider prior to contracting with them [make them show proof of security policies, procedures, DR/BC plans, etc.] </li></ul><ul><li>Do my contracts reflect my requirements and security needs? Write your contracts to ensure the provider is held accountable to meet certain minimum security standards and practices. </li></ul><ul><li>What are the access requirements my provider will need to my environment, my data, etc., in order to do their job? </li></ul>
    15. 15. Common Pitfalls in Outsourcing <ul><li>A Lack of Due Diligence </li></ul><ul><ul><li>Poorly written contracts </li></ul></ul><ul><ul><li>Partners not made to show proof of due diligence </li></ul></ul><ul><ul><li>Partners not barred from subletting your contract </li></ul></ul><ul><li>Un-assumed Risks </li></ul><ul><ul><li>Lack of training on policies & procedures </li></ul></ul><ul><ul><li>Partner business actions </li></ul></ul><ul><ul><li>Foreign adversary targeting ripple effect </li></ul></ul><ul><li>Poor Implementation [Operations] </li></ul><ul><ul><li>Lack of encryption </li></ul></ul><ul><ul><li>Regular data backups still not being performed </li></ul></ul><ul><ul><li>Training & preparedness drills lacking </li></ul></ul><ul><ul><li>Lack of/poor definitions (boundaries, levels of effort, etc.) </li></ul></ul><ul><ul><li>Excessive access granted to partners </li></ul></ul>
    16. 16. Communications, Connections, and Security Considerations Between Locations <ul><li>Examine your foreign outsource provider through zones of trust. They should never be viewed at a level better than “Trusted Outsider”. In fact, your own sister companies (those absorbed through acquisition or merger) who perform security outside of the practice of the parent company should not be viewed as trusted insiders until they follow the same standards. </li></ul>Trusted Insiders Trusted Outsiders Untrusted Insiders Untrusted Outsiders
    17. 17. Dealing With Data Exposures <ul><li>There is no way you will ever prevent everything. This is why you work to prevent more problems is exposures occur and expect that they will. Here are some things you need to do when an exposure does occur: </li></ul><ul><li>Admit it. Have a plan to deal with it. Execute that plan. Move on. </li></ul><ul><li>Examine how it occurred. Was it preventable? Was it a people, process, or technology issue? See what you can do to prevent it next time. </li></ul><ul><li>Evolve what you do to prevent it from happening again. </li></ul><ul><li>Examine the way you do everything at least annually [hopefully you can find a potential issue and prevent it in the future - instead of falling victim to it] </li></ul>
    18. 18. 5 Things You Can Do To Protect Your Existing Outsourcing Right Now <ul><li>Restrict Access to Data [based on need] </li></ul><ul><li>Examine Host Country Threats and Options Prior to Outsourcing </li></ul><ul><li>Write/Reexamine Contracts From A Security Perspective </li></ul><ul><li>Plan for Attacks and Breaches That Result From Your Outsourcing Efforts </li></ul><ul><li>Monitor Your Egress Traffic As Well As Your Ingress Traffic </li></ul>
    19. 19. The Last Word Outsourcing is a viable, necessary, and soon-to-be integral part of American business – particularly in critical infrastructures like financial and medical services. But the risks can be untenable if you are not properly prepared. If you take your organization into it with eyes wide open then you stand a good chance of having a strong, positive experience with minimal disruption. When the day is done, no matter how big your organization or what type, we are all on the same team. It does not pay to create fiefdoms or hold information close. Together we are better. This security stuff is not rocket science. It takes sound practices and the right technology implemented and executed with tireless vigilance. You will never stop cyber-attacks completely, so get used to this being an on-going process. But that does not mean that you cannot prevent most of the pain you face today.
    20. 20. Quick Questions
    21. 21. <ul><li>Overview of Technologies </li></ul><ul><ul><li>Microsoft Office SharePoint Server 2007 </li></ul></ul><ul><ul><li>Groove </li></ul></ul><ul><ul><li>Project Server 2007 </li></ul></ul><ul><ul><li>Liquid Machines (Encryption Software) </li></ul></ul><ul><li>Glossary of terms </li></ul><ul><li>Applying this technology to Outsourcing </li></ul>Agenda
    22. 22. Servers Slide 18: On the upper pie, change Office 12 to the updated logo. You can even put the Windows Sharepoint Services Logo in the center of the pie to get the point across. I do want to use this slide because this is how Bill has been talking about all the server capabilities. It’s not very different from 32, especially when you consider the story that Bill normally tells here. The 2007 Microsoft Office System Evolution Collaboration Content management Streamlined processes Portals Business intelligence Search Word processing Business modeling Presentations Business data management Information Management
    23. 23. Definition of a portal Microsoft Confidential The Presentation Layer of information to lines of business Internal Apps External Apps Accounting Sales HR PMO Office
    24. 24. The Microsoft Office 2007
    25. 25. Out-Of-Box Workflow
    26. 26. InfoPath Forms In Browser
    27. 27. SharePoint Portal Server 2007 <ul><li>What pain points does it solve? </li></ul><ul><ul><li>Reduces email by 50-60% </li></ul></ul><ul><ul><li>Less relevance on the ‘some version on the network drive’ culture </li></ul></ul><ul><ul><li>Increase in user and team productive </li></ul></ul><ul><ul><li>A single point of contact for information </li></ul></ul><ul><ul><li>Control of information </li></ul></ul><ul><ul><li>Integrates multiple technologies- Oracle, IBM Microsoft </li></ul></ul>
    28. 28. Project Server 2007 <ul><li>What is the product? </li></ul><ul><ul><li>Enterprise project management for a project team and beyond </li></ul></ul><ul><ul><li>Scheduling engine –Gantt charts </li></ul></ul><ul><ul><li>Schedule, cost, Process and Resource management </li></ul></ul><ul><ul><li>Integration to SharePoint, GP, AX </li></ul></ul><ul><ul><li>Currently uses existing technologies- Win 2003, SQL, Office </li></ul></ul>
    29. 29. Project Server 2007 <ul><li>What pain points does it solve? </li></ul><ul><ul><li>Enables higher workload capacity-helping people do more with less </li></ul></ul><ul><ul><li>Reduces time and improve process quality </li></ul></ul><ul><ul><li>Eliminates elapsed time between project tasks </li></ul></ul><ul><ul><li>Monitors the current state of workflow and it’s project against the project plan </li></ul></ul><ul><ul><li>Ensures timely delivery of information </li></ul></ul><ul><ul><li>Enables tighter control over the distribution of work </li></ul></ul><ul><ul><li>Eliminates duplication of tasks </li></ul></ul><ul><ul><li>Alerts to warn tasks that are slipping </li></ul></ul>What gets measured get done
    30. 30. Portfolio Server 2007 <ul><li>What is the product? </li></ul><ul><ul><li>Ideal for strategic planning </li></ul></ul><ul><ul><li>Visibility of next years project </li></ul></ul><ul><ul><li>Scorecard management </li></ul></ul><ul><ul><li>monitor progress in terms of actuals and forecasted cost, schedules, benefits and risk and communicate status to all stakeholders. </li></ul></ul><ul><ul><li>Prioritization </li></ul></ul><ul><ul><li>Workload and Resource Capacity Planning </li></ul></ul><ul><ul><li>Portfolio Analysis and Reporting </li></ul></ul>
    31. 31. Portfolio Server 2007 <ul><li>What pain points does it solve? </li></ul><ul><ul><li>Stops projects starting which can never be finished. </li></ul></ul><ul><ul><li>Ideal for strategic visibility of projects </li></ul></ul><ul><ul><li>Forecasting resources </li></ul></ul><ul><ul><li>Allows senior management to view projects at a very high level. </li></ul></ul><ul><li>The PMO’s dream product </li></ul>
    32. 32. Office Groove Server 2007 A peer to peer network. No server required A ‘Napster’ on steroids The true virtual office Mobile Employee External Partner Knowledge Worker What is Groove? Groove is desktop software that allows teams of people to work together securely over the network as if they were in the same physical location… Enter the age of the virtual office
    33. 33. Liquid Machines Document Control <ul><li>Controls & protects data at all times, no matter where it goes </li></ul><ul><li>Allows the collaboration of secure information while controlling access & use </li></ul><ul><li>Enables policies within native applications without affecting user productivity </li></ul><ul><li>Logs, monitors & reports on access & usage of information </li></ul><ul><li>Enforces persistent security on protected data </li></ul>
    34. 34. Liquid Machines Policy Droplet™ <ul><li>Native support for over 65 application file formats </li></ul>
    35. 35. Liquid Machines File share Gateway <ul><li>Enables wide-scale rapid deployment of information protection by applying policies to mapped network drives, folders, and existing files in one easy step. </li></ul>Policy X Policy Y and Z
    36. 36. Role-based Enterprise Policies Seamless integration with Active Directory to quickly add or remove users or groups to policies Roles can prohibit full access rights to the document author while giving full access to others in the policy Expiration date can be set by calendar date or number of days from document publication date Allows use of protected content when disconnected from the policy server, optionally for a specified number of days
    37. 37. Activity Reporting On End User Actions Activity reports deliver results based on user-selected queries Results detail access and usage based on Role-based policies Reports provide complete details on file access and usage by user Use with 3 rd party reporting tools
    38. 38. Liquid Machines Document Control Overview Liquid Machines Agent Policy Administration Auditing & Reporting Liquid Machines Policy Server CEO Full Rights Employee Edit, Print Contractor Read Only Policies Audit Logs Key Management
    39. 39. Glossary of terms <ul><li>Digital signature: An electronic scheme used to simulate the security properties of a signature in digital, rather than written, form. </li></ul><ul><li>Authentication: Confirmed the integrity of the information that is being sent and who is sending it </li></ul><ul><li>Encryption: Protects the privacy of the electronic information </li></ul><ul><li>Digital Certificates: These establish your identify in the electronic world </li></ul>
    40. 40. Applying this technology to outsourcing
    41. 41. SharePoint Portal Server 2007 <ul><li>What is the product? </li></ul><ul><ul><li>Internet, extra net, corporate internet </li></ul></ul><ul><ul><li>Document management </li></ul></ul><ul><ul><li>Knowledge management </li></ul></ul><ul><ul><li>Change Management </li></ul></ul><ul><ul><li>Issue and risk tracking </li></ul></ul><ul><ul><li>Workflow engine </li></ul></ul><ul><ul><li>Collaboration among users, teams, corporations </li></ul></ul><ul><ul><li>Currently uses existing technologies- Win 2003, SQL, Office </li></ul></ul><ul><ul><li>Corporate presentation layer of information </li></ul></ul>
    42. 42. Scenario <ul><li>Organization: 500 + employees, located globally, customer service activities have been outsourced to a a 3 rd party. </li></ul><ul><li>Activities performed: Data Look ups and data entries. </li></ul><ul><li>Preventive Measures: Rights Management, SharePoint, InfoPath </li></ul>
    43. 43. Scenario <ul><li>Organization: 15 employees, located in NYC, have 3 rd party brokers selling their products. They are on the road. </li></ul><ul><li>Activities performed: Placing orders, access to price lists. </li></ul><ul><li>Technology: Groove – Orders SharePoint – On boarding training application, Liquid Machines </li></ul>
    44. 44. Summarize the presentation <ul><li>Obviously this is an important subject </li></ul><ul><li>What’s important: Process and people, partnership relationships and roles </li></ul><ul><li>There’s overheard involved </li></ul><ul><li>Darwin: People who survive are not necessary the fittest or the strongest, but the ones who make a decisive decision to embrace change </li></ul>
    45. 45. Questions

    ×