Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sw keynote

602 views

Published on

Oracle Security Inside Out
Cost-Effective Security and Compliance

Steve Wainwright
Senior Director Information Security
UK, Ireland & Israel

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sw keynote

  1. 1. <Insert Picture Here> Security Inside Out Cost-Effective Security and Compliance Steve Wainwright Senior Director Information Security UK, Ireland & Israel
  2. 2. More data than ever… Growth Doubles Yearly 1,800 Exabytes 2006 2011 Source: IDC, 2008 Oracle Confidential 3
  3. 3. More breaches than ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 400 300 630% Increase 200 100 Total Personally Identifying Information Records Exposed 0 (Millions) 2005 2006 2007 2008 Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach Source: DataLossDB, Ponemon Institute, 2009 Oracle Confidential 4
  4. 4. More threats than ever… 70% attacks originate inside the firewall 90% attacks perpetrated by employees with privileged access Oracle Confidential 5
  5. 5. More regulations than ever… • Federal, state, local, industry…adding more mandates every year! • Need to meet AND demonstrate compliance • Compliance costs are unsustainable ? Report and audit 90% Companies behind in compliance Source: IT Policy Compliance Group, 2007.
  6. 6. Higher Costs Than Ever… • User Management Costs • User Productivity Costs • Compliance & Remediation Costs • Security Breach Remediation Costs $ It Adds Up
  7. 7. Market Overview: IT Security In 2009 Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations. 8
  8. 8. Information Landscape Big Picture The “Wild” Perimeter Internal Resource 9
  9. 9. The Information World Has Changed Organised crime Identity Theft Online Fraud Terrorism Insider Threats Economic Climate Regulatory Pressures Phone, internet and mail order fraud is up 37% on 2006 to £290m in the UK
  10. 10. Business Drivers Reasons for Investment in Security • Cost reduction • Compliance to regulations • Improved customer experience • Protect organisation for reputation damage • Increase agility and enter new markets • Increase competitive advantage • Improved efficiencies • Make security transparent • Improved collaborative working Source: Security Café Workshop at InfoSec 2009 11
  11. 11. How does security align? i 12
  12. 12. Security Framework Domain Approach Physical Security Control Client Perimeter and Security Security Management Access Management Infrastructure Security Employee Resources Documents/Data Applications/Processes Customers Resource Security Partners Security Standards and Policies Process Audit and Report 13
  13. 13. Security - Layered Defence The need for a joined up approach • Identity Administration Access • Access Enforcement • Application/Process Security Application • Data Security • Infrastructure Security Data • Physical Security 14
  14. 14. The Reality of Cloud Computing © 2009 Oracle – Proprietary and Confidential 15
  15. 15. Key Barriers to Cloud Computing 74% 74% rate cloud security issues as “very significant” Source: IDC • Security • Compliance • Control © 2009 Oracle – Proprietary and Confidential 16
  16. 16. Cloud Security Challenges Private Hybrid Public Cloud Cloud Cloud • IT agility • Interoperability • Data breaches • B2B • User • Multi-tenancy collaboration experience • Data location • Access control • Workload complexity • Compliance portability • Privileged user access © 2009 Oracle – Proprietary and Confidential 17
  17. 17. Security with Oracle Cloud Platform Application 1 Application 2 Application 3 Platform as a Service Cloud Management Oracle Enterprise Manager Shared Services Configuration Mgmt: Integration: Process Mgmt: Security: User Interaction: Assembly Builder, SOA Suite BPM Suite Identity Mgmt WebCenter Capacity & Consolidation Planning Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Automation: Self-Service Provisioning, Database Grid: Oracle Database, RAC, ASM, Partitioning, Policy-Based Resource IMDB Cache, Active Data Guard, Database Security Scheduling, Metering Application Performance Infrastructure as a Service Management: RUEI, SLA Management, Operating Systems: Oracle Enterprise Linux Monitoring, Diagnostics Virtualization: Oracle VM Application Quality Servers Management: Testing, Storage Patch Management © 2009 Oracle – Proprietary and Confidential 18
  18. 18. Service-Oriented Security Identity Services for the Cloud Oracle Identity Management Identity Directory Role Management Authentication Authorization Federation Administration Services Web Services Web Services Web Services Oracle Apps 3rd Party/Custom Apps Cloud Service Providers • Discrete, easily consumable security services • Rapid application security, improved IT agility • Security seamlessly woven into applications © 2009 Oracle – Proprietary and Confidential 19
  19. 19. Identity Management Considerations in the Public Cloud IAM Service Provider Business Service Provider Identity Identity Identity Identity Admin Assurance Assurance Admin Business Service Consumer Identity Identity Federation Assurance • User lifecycle management • Federated authentication • Fraud prevention and risk mitigation © 2009 Oracle – Proprietary and Confidential 20
  20. 20. Security Framework The value of this approach Principles Benefits • Ensure Principle of “Security First” • Creates agility to meet changing threat • Built-in not Bolt-on Security landscapes and create new models • Enforce controls • Leads to re-useable patterns • Improved management • Provides joined up protection against • Holistic not silo solutions data loss, fraud and theft • Platform for agility and flexibility • Achieves greater compliance for lower cost • Creates better customer experience • Builds “trusted” brand 21
  21. 21. Oracle Security Inside Out Database Security • Encryption and Masking • Privileged User Controls • Multi-Factor Authorization • Activity Monitoring and Audit • Secure Configuration Identity Management • User Provisioning • Role Management • Entitlements Management Information • Risk-Based Access Control Infrastructure • Virtual Directories Databases Information Rights Applications Management Content • Centralized document access control • Digital shredding • Document Activity Monitoring and Audit Oracle Confidential 22
  22. 22. Complete, Open, Integrated Systems • Engineered to work together • Tested together • Certified together • Packaged together • Deployed together • Upgraded together • Managed together • Supported together
  23. 23. Together, We Will Spend $4.3 Billion In R&D In Our First Full Fiscal Year $4.3 R&D Spending USD $Bs $2.7 $2.8 $2.2 $1.9 $1.5 FY05 FY06 FY07 FY08 FY09 … FY11
  24. 24. Industry specific cover image Telco X Identity Management Assessment Oracle Insight Report - Issue 1.0 January 28th 2009 Rob McManus Insight Programme Director, Technology Solutions & Channels Jason Rees Insight Programme Director, Technology Solutions & Channels
  25. 25. Oracle Recommendations – Flight Path Governance User Management Access Management & Architecture Data Increase OpCo adoption Management Implement new Web Access Mgt Increase number of integrated applications IdM Service Management Virtual directory Authorisation & technologies Authentication Management Automation of Enterprise SSO Standards for Rules and application Workflows integration Role Management Principles and Standards Strong Implement Authentication New IdM Replacement of Audit & hardware tokens Institute Reporting Governanc e Board Automate re-certification and Attestation Timescale 1-6 months 6-12 months Year 2 26
  26. 26. Prioritisation of IdM Capability Areas “SECONDARY “TARGETS” TARGETS”   User Management  Audit & Reporting High   Governance  Access Management Primary Focus  Architecture PRIORITY LEVEL Medium Secondary Focus  Authorisation Management   Authentication Management “LONGER TERM” Future Phases Low Performed Planned and Well Mature Industry Locally Tracked Defined Leading OPERATING PERFORMANCE 27
  27. 27. Investment in IdM Should Produce Strong Value for Telco X Oracle Estimates an ROI of 410% based on Conservative Case, Payback in 16 months 5 Year Net Present Value: £12 million £14,000,000 £12,329,802 £12,000,000 £10,000,000 Benefits Achieved £8,654,465 £8,000,000 Total Costs £6,000,000 £4,391,073 £4,000,000 Accumulated discounted cash flow (NPV) £2,000,000 £1,174,242 £0 Year -£639,858 1 Year 2 Year 3 Year 4 Year 5 -£2,000,000 -£4,000,000 Source: Discovery workshops; data provided; Oracle analysis Note: Implementation costs are very approximate at this early stage; discount rate used is 16%; costs do not include all relevant non- Oracle items, e.g. internal Telco Ximplementation costs, hardware costs and training costs; benefits do not include productivity gains 28 28
  28. 28. Benefits of Oracle’s Recommendation Benefit Area/Driver Type FINANCIAL IMPACT Conservative Pragmatic Aggressive 1a. Increase productivity of new hires Productivity £1,239,854 £1,859,781 £2,479,708 1b. Reduce Joiner Administrative effort for Line Managers Productivity £929,891 £1,859,781 £2,789,672 1c. Employee searches Productivity £290,591 £348,709 £406,827 1d. Fewer systems to update Productivity £1,210,795 £2,421,590 £3,632,385 2a. Reduction in Help Desk administration costs for account requests Headcount £1,832,727 £2,618,182 £3,403,636 2b. Incremental Productivity - reduced password reset calls to helpdesk Productivity £6,974,179 £11,623,632 £16,273,085 2c. Reduction in Help Desk Administration costs - Password Resets Headcount £1,846,154 £3,000,000 £3,692,308 3a. Reduction in Administrative Labour Costs for Certification Headcount £660,000 £1,100,000 £1,540,000 3b. Reduction in Attestation Review Effort Headcount £651,375 £1,085,625 £1,519,875 3c. Reduction in Audit Remediation Costs Headcount £250,000 £250,000 £250,000 3e. Replace Hardware Tokens Saving £120,000 £120,000 £120,000 4a. Cost of assisting staff present and past following loss of personal data Saving £337,500 £675,000 £1,012,500 4b. Fraud Avoidance and Reduction Saving £500,000 £500,000 £500,000 4c. Application development savings Saving £1,250,000 £3,000,000 £4,000,000 Total £18,093,066 £30,462,301 £41,619,997 Note 1: Potential annual benefits Note 2: Based on Oracle experiences, analyst reports and information gained through interviews with Telco X Note 3: Includes Productivity savings which have been removed from ROI calculation overleaf 29 29
  29. 29. Complete Open Integrated AND Secure!

×