Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
I spent this week in Tokyo Japanmeeting with a few dozen financialservices organizations. The primarypurpose of my visit w...
Financial institutions are diverse with multiple businessmodels such as: private banks, investment servicesincluding asset...
   Within security, total cost of ownership reduction has    historically been associated with risk avoidance and    stop...
   At the heart of every financial institution is sensitive    data. This data has value and that value transcends    leg...
   Employees and customers alike are demanding    access to anything, anytime, anywhere, from any    device – they want a...
Simply put, financial institutions aren’t being asked to beagile enough to embrace new trends; they are beingtold by busin...
   From a technical perspective getting compliant often    starts with discovering where the assets, which are    subject...
The McAfee security connected frameworkstreamlines the compliance process. Centrallyaggregating      management       and ...
   As part of the McAfee Security Connected framework, there    are a few key technologies that stood out among the rest ...
Tokyo japan – security for financial services
Upcoming SlideShare
Loading in …5
×

Tokyo japan – security for financial services

175 views

Published on

I spent this week in Tokyo Japan meeting with a few dozen financial services organizations. The primary purpose of my visit was to work with a few folks from the local McAfee team, pictured here, to discuss threats and trends within the financial services industry.
Financial institutions are diverse with multiple business models such as: private banks, investment services including asset and hedge fund management, stock brokerages, insurance, and conglomerates. These organizations are highly competitive because differentiators between financial services organizations are often opaque. They are extremely dependent on their IT assets operating as designed and even small issues over a limited amount of time can cost millions. And in a business where keeping sensitive, private data safe is paramount, the volume, velocity and variety of data passing through their mission-critical assets can be staggering and can require substantial capital and operational expenditures to protect. As such, there are four key areas they are focusing: cost reduction, data protection, agility, and compliance.

  • Be the first to comment

  • Be the first to like this

Tokyo japan – security for financial services

  1. 1. I spent this week in Tokyo Japanmeeting with a few dozen financialservices organizations. The primarypurpose of my visit was to work with afew folks from the local McAfee team,pictured here, to discuss threats andtrends within the financial servicesindustry.
  2. 2. Financial institutions are diverse with multiple businessmodels such as: private banks, investment servicesincluding asset and hedge fund management, stockbrokerages, insurance, and conglomerates. Theseorganizations are highly competitive becausedifferentiators between financial services organizationsare often opaque. They are extremely dependent ontheir IT assets operating as designed and even small issuesover a limited amount of time can cost millions. And in abusiness where keeping sensitive, private data safe isparamount, the volume, velocity and variety of datapassing through their mission-critical assets can bestaggering and can require substantial capital andoperational expenditures to protect. As such, there arefour key areas they are focusing: cost reduction, dataprotection, agility, and compliance.
  3. 3.  Within security, total cost of ownership reduction has historically been associated with risk avoidance and stopping “bad things” from happening. However, with an optimized security model the cost savings are no longer in the realm of subjective guesswork. It used to be that every issue had a dedicated technical solution. Each solution required an agent. That agent needed a console, and that console needed a server. There was probably also a database, the need to have support staff, rack space, power, connectivity, etc. All of a sudden, a point security solution becomes much more expensive than the cost of the product. By reducing the footprint, minimizing agents, consoles, servers, maintenance, licenses, IT support, contract negotiations, and the like, real cost is reduced, security is improved, and operational efficiencies are gained.
  4. 4.  At the heart of every financial institution is sensitive data. This data has value and that value transcends legitimate and illegal uses. As such prudence dictates that at the heart of every financial institution’s security strategy resides controls for protecting sensitive data. A connected security framework includes multiple data-centric controls such as DLP, encryption, and DAM, but it also leverages other controls around networks and endpoints to enrich those solutions. Regardless of external attacks, internal attacks, or careless activity that puts sensitive information as risk, having a connected framework will enhance data security situational awareness while providing greater control and resulting in a reduced risk posture.
  5. 5.  Employees and customers alike are demanding access to anything, anytime, anywhere, from any device – they want agility. As we move from IPv4 to IPv6 the level of connectedness is going to increase exponentially. These trends are already driving change within financial institutions in areas like mobility. Another change that requires an agile security framework with a holistic approach is next generation datacenter security that has become vastly important in the face of trends like consolidation, virtualization, and cloud services. And if this wasn’t enough, IT is stilling being called upon to address threats like APTs and insiders. Having separate solutions in silos with no connectivity lacks the underlying framework and thus the agility to scale in today’s business place.
  6. 6. Simply put, financial institutions aren’t being asked to beagile enough to embrace new trends; they are beingtold by business leaders and customers alike. Becausethe trends they are being asked to address will oftenchange, it’s important to have an agile framework that’snot dependent on point solutions in silos. McAfee offersa better way to minimize risk and say “yes” to newrequirements. And as additional devices get broughtinto the mix, the situational awareness is enrichedbecause now there are more data points such as detailsfrom that server, that user, that piece of data, thatmobile device – so more informed decisions can bemade more quickly. With a deep understanding thatcomplexity is the number one enemy of security,McAfee has designed it’s solutions around the securityconnected framework to be easy to use withoutsacrificing the scalability financial institutions require, andalways remembering that security is the imperative.
  7. 7.  From a technical perspective getting compliant often starts with discovering where the assets, which are subject to regulations, are located. Because systems, data, and users are always moving around, this is a continuous process. Once the data is discovered it becomes necessary manage the information so that’s is available and usable when needed, and in the case of financial institutions more likely than not, there will be multiple regulations to address. This is why many IT organizations cite that generating reports to demonstrate regulatory compliance is one of the most time consuming and costly initiatives they have. Further, many IT organizations still have separate solutions responsible for security and compliance thus ensuring that there will be wasted resources and disjointed processes.
  8. 8. The McAfee security connected frameworkstreamlines the compliance process. Centrallyaggregating management and reportingaccomplish this. The interface is the sameregardless of the McAfee products and partnerproducts that are integrated, so it’s fast and easyto get the information needed, create the reports,and move on. Because the information can beanalyzed in real-time, compliance can be treatedas a continuous process just like security, insteadof snapshots in time. Finally, because thetechnical controls are aligned across security andcompliance, the operational controls andprocesses can be aligned too, thus furthercreating synergies between security andcompliance efforts.
  9. 9.  As part of the McAfee Security Connected framework, there are a few key technologies that stood out among the rest in terms of the interest level from the financial services customers we met with. Application whitelisting Hardware-assisted security (secure silicon) Context-aware SIEM Reputation threat feeds Security for virtual environments Security for cloud environments (especially identity management and data security) Data security in the form of encryption, DAM, and DLP As a stand-alone product all of these provide value. But as part of an integrated McAfee Security Connected framework the overall security posture is improved, risk is more effectively mitigated, and operational efficiencies are gained that reduce cost and yield a more agile and effective IT infrastructure.

×