ENABLING A SECURE ENTERPRISE - A RATIONALE APPROACH  Ramesh Shanmuganathan Executive Vice President / CIO John Keells Grou...
BUSINESS CONTEXT IS CHANGING Source: Forrester Research, Inc. Access is granted to employees only Applications and data ar...
IT IS BECOMING A BUSINESS ENABLER Basic Uncoordinated, manual infrastructure   Objective Ability to Change Resource  Utili...
BUSINESS & IT PRIORITIES ARE GETTING ALIGNED <ul><li>Security </li></ul><ul><li>Application integration </li></ul><ul><li>...
ENABLING A SECURE ENTERPRISE  THE BUSINESS CASE <ul><li>Benefits – What is the tangible benefits of Securing your enterpri...
Authentication, Directory, Federation Development tools  for secure code Policy, Code (Identity, Updates) Isolation (Firew...
ENABLING A SECURE ENTERPRISE  THE COMPETING FACTORS
ENABLING A SECURE ENTERPRISE  THE APPROACH Information Security Policy Asset evaluation, Classifications and Control Infor...
<ul><li>3 “D”s  </li></ul><ul><ul><li>Defense </li></ul></ul><ul><ul><li>Deterrence </li></ul></ul><ul><ul><li>Detection <...
ENABLING A SECURE ENTERPRISE  CONTINUOUS REVIEW  Blueprints Blueprints Customer Need Blueprints Blueprints Integrated IT F...
<ul><li>The pertinent question is not  </li></ul><ul><li>how to do things right but, how to find the right things to do , ...
<ul><li>Thank you! </li></ul><ul><li>My touch points: </li></ul><ul><li>Skype:  ramesh24inc  , Gtalk:  ramesh.shanmuganath...
Upcoming SlideShare
Loading in …5
×

20th March Session Five by Ramesh Shanmughanathan

440 views

Published on

Enabling A Secure Enterprise - Ramesh Shanmughanathan, Group CIO John Keells Holdings Plc Sri Lanka

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
440
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

20th March Session Five by Ramesh Shanmughanathan

  1. 1. ENABLING A SECURE ENTERPRISE - A RATIONALE APPROACH Ramesh Shanmuganathan Executive Vice President / CIO John Keells Group 20 th March 2010
  2. 2. BUSINESS CONTEXT IS CHANGING Source: Forrester Research, Inc. Access is granted to employees only Applications and data are centralized in fortified IT bunkers Security manager decides who gets access Internal Focus Centralized Assets The goal of security is to protect against confidentiality breaches Prevent Losses IT Control Yesterday Suppliers, customers, and prospects all need some form of access Applications and data are distributed across servers, locations, and business units The goal of security is to enable eCommerce Business units want the authority to grant access External Focus Distributed Assets Generate Revenue Business Control Today
  3. 3. IT IS BECOMING A BUSINESS ENABLER Basic Uncoordinated, manual infrastructure Objective Ability to Change Resource Utilization Processes & Automation Business Alignment React Organized Centrally Managed IT Infrastructure with some automation Optimized Managed and consolidated IT Infrastructure Dynamic Fully automated IT management dynamic resource usage and business linked SLA's Slow, weeks to months Unknown Ad hoc No SLAs Manage Weeks Known, poor Defined Arbitrary SLAs Reduce complexity Days Optimized Mature Class of Service SLAs Agility Minutes High, As needed Policy-based BusinessSLAs Role of IT Cost Center Efficient Cost Center Business Enabler Strategic Asset
  4. 4. BUSINESS & IT PRIORITIES ARE GETTING ALIGNED <ul><li>Security </li></ul><ul><li>Application integration </li></ul><ul><li>Compliance/ risk management </li></ul><ul><li>Disaster recovery/ business continuity </li></ul><ul><li>Enterprise Applications </li></ul><ul><li>Managing risk </li></ul><ul><li>Achieving growth and profitability </li></ul><ul><li>Acquiring new customers </li></ul><ul><li>Using IT to reduce costs and create value </li></ul><ul><li>Changing organizational culture </li></ul>Sources: Goldman Sachs, Accenture Top Business Priorities Top IT Spending Priorities
  5. 5. ENABLING A SECURE ENTERPRISE THE BUSINESS CASE <ul><li>Benefits – What is the tangible benefits of Securing your enterprise? </li></ul><ul><ul><li>Increased Business Agility </li></ul></ul><ul><ul><li>IT enabled delivery channels </li></ul></ul><ul><ul><li>Better time to market </li></ul></ul><ul><ul><li>Effective roll-out of corporate/business strategies </li></ul></ul><ul><ul><li>360 view of customers - knowledge is power! </li></ul></ul><ul><li>Investments - What is the true cost of Securing your enterprise? </li></ul><ul><ul><li>Confidentiality-Integrity-Availability(CIA) vs Disclosure-Alteration-Distruction (DAD) </li></ul></ul><ul><ul><li>Insurance analogy – security is a necessary evil? </li></ul></ul><ul><ul><li>Risk Management =F (Fear, Uncertainty, Doubt)? </li></ul></ul>
  6. 6. Authentication, Directory, Federation Development tools for secure code Policy, Code (Identity, Updates) Isolation (Firewall, Quarantine) ENABLING A SECURE ENTERPRISE THE PERTINENT ISSUES
  7. 7. ENABLING A SECURE ENTERPRISE THE COMPETING FACTORS
  8. 8. ENABLING A SECURE ENTERPRISE THE APPROACH Information Security Policy Asset evaluation, Classifications and Control Information Security Organization Business Continuity & Compliance Access Control & incident management Security deployment , enforcement & risk mitigation Business drivers Blue printing, Control measures and Management Security systems acquisition, Implementation & Monitoring
  9. 9. <ul><li>3 “D”s </li></ul><ul><ul><li>Defense </li></ul></ul><ul><ul><li>Deterrence </li></ul></ul><ul><ul><li>Detection </li></ul></ul><ul><li>5 steps </li></ul><ul><ul><li>Assets – What is to be protected? </li></ul></ul><ul><ul><li>Risks – What are the threats, vulnerabilities? </li></ul></ul><ul><ul><li>Protections – How will the assets be protected? </li></ul></ul><ul><ul><li>Tools – What will be done to protect them? </li></ul></ul><ul><ul><li>Priorities – In what order will the protective steps be implemented ( multi-layered methodology) ? </li></ul></ul>ENABLING A SECURE ENTERPRISE THE 3D-5 STEP METHOD
  10. 10. ENABLING A SECURE ENTERPRISE CONTINUOUS REVIEW Blueprints Blueprints Customer Need Blueprints Blueprints Integrated IT Flows Integrated IT Flows
  11. 11. <ul><li>The pertinent question is not </li></ul><ul><li>how to do things right but, how to find the right things to do , and concentrate resources and efforts on them. </li></ul><ul><li>- Peter F Drucker ( 1964) </li></ul>A parting thought……….
  12. 12. <ul><li>Thank you! </li></ul><ul><li>My touch points: </li></ul><ul><li>Skype:  ramesh24inc  , Gtalk:  ramesh.shanmuganathan   </li></ul><ul><li>Email: [email_address] , [email_address] </li></ul><ul><li>Internet : www.keells.com , www.ramesh24.com </li></ul>

×