Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Continuous Multilayer Protection: Operationalizing a Security Framework

449 views

Published on

Continuous Multilayer Protection: Operationalizing a Security Framework presented by Mats Nilsson from Ericsson.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Continuous Multilayer Protection: Operationalizing a Security Framework

  1. 1. Straw Program - Topics that highlight Ericsson’s IP expertise - Leverage Ericsson’s strengths and apply to new technology and issues to resolve. (e.g, MBH) - Focus on operator perspective and pain points - Cover emerging tech and tech we have “on the truck” - Include “friendly” partners to show not working in a vacuum - Industry thought leaders for keynotes to highlight technical business drivers - One track for non-technical business related content* - Possible Friday customer meetings • 2-3 distinct parallel tracks. • Could have side room for “Meet the Engineer” private sessions. Continuous Multilayer Protection: - Operationalizing a Security Framework Mats Nilsson
  2. 2. 2015-05-25 | Page 2 Connectivitymoreand more part ofour life 1875 20001975 10 30 50 15 years 50 billion connected devices 25 years 5 billion connected people 100 years 1 billion connected places 20 40 Connections(billion) 2020
  3. 3. 2015-05-25 | Page 3 Connectivityintegrated into our way oflife Collaboration Innovation Privacy Competence Trust Socializing Learning Everything PEOPLE do Media Commerce Security Government Education Transport Healthcare Utilities In all parts of SOCIETY & BUSINESS Will be done over a NETWORK
  4. 4. 2015-05-25 | Page 4 NEW OPPORTUNITIES – NEW CHALLENGES Increased network capacity More commerce & financial transactions More cloud storage & services Open and capable devices An IP based unified global network New things get connected More services get networked More decisions based on real-time data
  5. 5. Policyand regulation › Status and drivers – On top of political agendas – The (global) Economic and Social impact of the ICT enabled society – How to ensure core values and security in Cyberspace › Activities and consequences – Definition and scope of Critical Information Infrastructures (e.g. Communications, Healthcare Energy, Transport – Operational security requirements and audits › Voluntary but required to avoid liabilities – US › Law - EU – Mitigation through recommended Standards, Best practices, implementation incentives or law/liabilities › Examples of policy measures – US Executive Order 13636 and “Cyber security Framework” – EU › Cyber security strategy › EU proposed NIS directive › EU NIS platform – India › Security requirements and audits on operators. › Mandatory local testing of equipment (from 1 April 2015) however alignment with global standards – Many others….
  6. 6. 2015-05-25 | Page 6 our perspective onSecurity in the networked society • services should always be available • security should require minimum effort from users • communications should be protected • all access to information and data should be authorized • manipulation of data in the networks should be possible to detect • the right to privacy should be protected
  7. 7. SECURITYIN THE NETWORKED SOCIETY Operator Policies & Directives Secure Operations Secure Network Secure Products Laws & Regulation Standards: ISO 27001… 3GPP, ITU-T, IETF… 3GPP SECAM, ISO 15408…
  8. 8. 2015-05-25 | Page 8 System scale Users Thousands Millions Billions Enterprise Telecom Networks Multiple Networks Moderate Large Very large Our Focus: Large scalesecurity
  9. 9. 2015-05-25 | Page 9 Point security • Firewalls • Malware detection • Intrusion detection • Content scrubbing Network & Operational Security • Software and data integrity verification • Tamper protection • Identity management • Fraud prevention mechanisms • ISO 27 000 certified operations • Secure storage IntegratedSecurity CreatingLarge-scale system Security • Integrity • Robustness • Scalability • Efficiency • Confidentiality • Privacy • Coordinated defense • Fast response Integrated security Threat Threat Threat
  10. 10. 2015-05-25 | Page 10 People & Processes HW & SW Data TransactionsConfigurationsIdentities Devices …and much more What needs to betrusted
  11. 11. 2015-05-25 | Page 11 NEEDSTHE ERICSSONTRUST STACK TRUSTED BUSINESS TRUSTED OPERATIONS TRUSTED NETWORKS TRUSTED PRODUCTS ENABLES
  12. 12. 2015-05-25 | Page 12 NISTCS FW mappedto RESPONSIBILITIES Identify Protect Detect Respond Recover NIST CS FW
  13. 13. 2015-05-25 | Page 13 integrated process for Product andservice development PRODUCT SECURITY FUNCTIONS PRODUCT SECURITY ASSURANCE PRODUCT SECURITY DOCUMENTATION PRODUCT NEAR SECURITY SERVICES Developing the right security functions for a product or service Assuring that the security functionality works as expected Documenting security functionality to enable secure operations Provide services to ensure that security functionality is properly used Securityreliability model:
  14. 14. 2015-05-25 | Page 14 FROM: PROTECT ONLY 100% protection is possible Re-Inventionof CloudSecurity TheShift to Cloud Requires a New Focus Hardened end points, users not devices Illusion of liability protection: third party audits, certifications Data is locked down Perimeter-centric: access control, encryption Authenticate end points: trusted identity of users AND devices Data is portable, in compliance with local regulations Data - centric: every data asset is tagged, tracked, located, verified Onus for proof: independently verifiable, mathematical forensics
  15. 15. 2015-05-25 | Page 15 Ericsson WalletPlatformoverviewof securitycontrols Approval of sensitive operations Traceability & accountability Security configuration validation Eavesdropping and modification protection Two factor authentication Configurable access control System and API hardening Financial crime controls
  16. 16. 2015-05-25 | Page 16

×