SlideShare a Scribd company logo
Making  Security  Work—Implementing  a  
Transformational  Security  Program
Brent  Comstock
SCT06S
SECURITY
Group  Vice  President  – Identity,  Access  and  Data  Protection  Strategy
SunTrust  Banks
2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies.
The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type  
of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.  
For  Informational  Purposes  Only  
Terms  of  this  Presentation
3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Abstract
Recent  newsworthy  data  breaches  have  business  and  IT  leaders  asking,  “Are  we  
learning  from  the  mistakes  of  others?”    In  an  ever-­increasing  threat  environment,  
security  leaders  face  mounting  pressures  to  deliver  effective  security  capabilities  that  
protect  business  assets  while  balancing  budgets,  security  risks  and  regulatory  issues.
SunTrust  has  started  the  journey  of  transforming  security  capabilities.  This  session  will  
explore  the  driving  factors  that  resulted  in  SunTrust  re-­evaluating  its  identity,  access  and  
information  security  program.  Furthermore,  it  will  explore  the  key  inputs  and  building  
blocks  of  what  it  is  looking  to  establish  in  its  program  and  people,  processes  and  
technologies  that  will  be  required  to  achieve  this  vision.
Brent  
Comstock
SunTrust  Banks
Group  VP  -­
Identity,  Access  and  
Data  Protection  
Strategy
The  thoughts,  views  and  opinions  I  express  are  my  own.  None  of  these  statements  should  be  considered  to  represent  my  employer,  
SunTrust  Banks,  Inc.  in  any  way.
4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Why  I’m  Here  Today
THE  WEATHER  OUTSIDE  IS  FRIGHTFUL…
WE’RE  NOT  IN  KANSAS  ANYMORE
BREAK  THE  MOLD
THE  FORK  IN  THE  ROAD
FROM  THE  INSIDE  OUT
1
2
3
4
5
5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Weather  Outside  is  Frightful…
6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
*2017  Verizon  Data  Breach  Investigations  Report
Exploited  privileged  user  
accounts  are  the  common  
thread  of  most  data  breaches*
“Looking  back  at  the  breaches  that  have  happened  in  the  recent  past  and  looking  
ahead  to  GDPR,  ….  it’s  clear  that  security  continues  to  be  critically  important.”  
Mike  Gregoire,  Q2  2018  Earnings  Conference  Call,  October  25,  2017  
7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Problem:
There  are  large  numbers  of  users,  
environments  and  end  points  to  
patch,  secure  &  manage,  all  with  
changing  security  profiles  over  
time.  
The  work  load  is  overwhelming.
10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
After  CA  World,  You  Return  Home…
Enlightened…
Energized…
Enthused…
And  pretty  freaked  out!
11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
We’re  Not  in  Kansas  Anymore
12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
So  Where  Are  We?
13 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Break  The  Mold
14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
We  protect  what’s  
important  to  us.
How  we  provide  that  
protection  has  to  
change.
15 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
BREAK  THE  MOLD
16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Fork  in  the  Road
17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Level  of  effort?
Budget?
Time?
• Align  with  Significant  
Company  Initiatives
• Establish  Security  
capabilities  quickly
• “Fix”  existing  platforms
• Upgrade  
• Address  Process  gaps
Can  current  technology  and  processes  
be  adequately  improved?
18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
From  the  Inside  Out
19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
FORMULA
FOR  CHANGE
Discover	
  &	
  unlock	
  
WHY
Impact	
  Leadership
Execute	
  with	
  
Advocates
Organizational	
  Culture	
  
Change
20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
IAM  – Focus  &  Objectives
Creation  of  Identity  credentials,  knowledge  of  high  risks  assets  and  associated  Access  grants  &  controls  are  essential  to  
effective  Security  in  this  time  of  unprecedented  threats.  IAM  and  Data  Protection  capabilities  are  highly  interdependent.
Mitigate  enterprise  cyber  risks  and  transition  to  proactive  detection  of  control  failures  by  implementing  effective  capabilities &  
controls  for  access  to  company  assets:
Focus
Objectives
The  top  areas  of  IAM  focus  include:  a)  acquire  modern  identity  management  capabilities,  b)  gain  visibility  
into  movement  of  data  and  usage  of  cloud  services    c)  gain  insights  into  users'  
behavior  d)  define  roles  and  responsibilities  and  e)  adhere  to  regulatory  requirements
Ø Simplify,  standardize  and  automate  IAM  functions  across  the  enterprise  
Ø Utilize  asset  risk  scoring  to  focus  on  securing  highest  risk  assets  first
Ø Invest  in  people,  processes,  and  technologies  to  better  monitor  and  detect  malicious  activity
Ø Define  and  implement  roles  and  responsibilities  for  IAM  framework  execution  including  increased  
Business  engagement  and  accountability
Ø Secure  privileged  accounts:  servers,  databases,  applications,  domains,  devices,  service  accts  
Ø Integrate  user  behaviors  associated  with  access  and  data  movement  with  all  our  environments  to  detect  
threats  and  suspicious  behaviors
Ø Enhance  capabilities  to  secure  connections  &  data  movement  to  the  cloud  and  3rd parties
Discover	
  &	
  Unlock	
  
WHY
21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
IAM  &  Data  Protection  Scope  
Given  the  growth  of  cyber  threats,  the  value  of  the  data  and  transactions  that  we  protect  continues  to  increase.  We  must  evolve  
our  IAM  practices  to  include  deeper  partnership  and  a  “One  Team”  approach  for  “Modern  IAM”  that  is  much  more  intelligent,  
agile  and  transparent.  
Cloud  &  Emerging  Technologies  ‘Modern  IAM’  is  a  foundational  tenet  to  enable  the  
business  to  benefit  from  emerging  technologies  such  as  the  Cloud  and  Internet  of  Things  (IOT).  
Modern  IAM  capabilities  are  faster,  more  secure  and  more  efficient  in  transitioning  applications  
and  infrastructure  to  the  cloud.    
Asset  Type
Applications enable  business  functions  and  meet  access  risk  objectives  through  roles,  
entitlements,  and  permissions.  They  are  managed  by  traditional  IAM  solutions  and  are  the  
company  asset  type  that  have  the  most  mature  access  controls.
End  Users  and  Devices  are  at  the  center  of  business  functions.  Ease  of  use  must  be    
balanced  by  the  necessity  to  protect  company  assets.  The  increased  scale  from  the  growing  use  
of  mobile  devices  stretches  traditional  IAM  practices  and  capabilities.
Data is  stored  in  a  variety  of  formats  and  locations,  and  is  growing  rapidly.  This  growth  is  
compounded  by  End  User  compute  environments  (e.g.,  file  shares,  SharePoint)  which  are  not  
currently  managed  and  protected  using  traditional  IAM  practices  and  capabilities.
Big  Data  (i.e.  Atlas  Data  Lake)  environments  combine  data  from  numerous  sources.  The  
complexity  of  defining  access  permissions  to  voluminous,  diverse,  and  sensitive  information  
environments  is  not  scalable  using  currently  available  IAM  access  models  and  technology.
IAM  Scope
Impact	
  Leadership
22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Why  Are  Advocates  Essential?
§ With  limited  resources  and  reach,  
you  can  tap  into  the  energy  of  passionate  
employees.  They  have  knowledge  and  
insight
§ These  employees  become  the  eyes  and  
ears  on  the  ground  and  help  to  drive  
change  from  within  their  teams
§ This  feeling  of  ownership,  responsibility  
and  influence  creates  engagement  
across  the  organization
§ By  building  direct  relationships  with  different  
parts  of  the  business,  you  can  find  out  so  much  
more  through  two  way  communications
§ By  keeping  our  advocates  informed  of  the  
latest  news  and  views  around  security  –
you  make  them  smarter  and  also  by  proxy  –
their  teams  too!
Security  is  a  team  sport…engage  the  
rest  of  the  team
Execute	
  With	
  
Advocates
23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Analytics  Enablement
• Facilitate  Onboarding  &  Data  Access
• Document  &  Maintain  Role  Definition  
• Request  Data  Group  Setup
Provisioning  
Facilitator
Data  Lake  Domain  
Work  Area  (Zone  2)
Domain  
Role  
Security    
Group
Data  
Asset
Data  
Asset
Data  
Asset
Domain  
Users
Domain  Team  
Manager
• “Owns”  Domain
• Requests  New  Domain  Roles
• Designate  Role  Champion
• Develop  Data  Source  Access  Requirements  *
Domain  
Owner
Domain  Role  Owner
• Approve  User  Access  to  Role
• Attest  to  Role  and  User  Access  Annually
• Validation  of  Role  Data  Source  Access  Annually
Role  
Champion
Source  Data  Owner(s)
• Approve  Role  Creation
• Approve  Data  (not  user)  Access  for  Role
Data  Access  
Owner
Data  Management  
Manager  or  Analyst
• Identify  &  Validate  Sensitive  Data  for  Data  SourcesData  SME
Data  Lake  Operations
• Configure  user  on  Data  Lake
• Configure  data  access
Data  Lake
Setup
Security  
Team  Tasks
Organizational	
  Culture	
  
Change
Engage  the  Team  (Example)
24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
None  of  us  
is  as  smart  
as  all  of  us.
People  cannot  
help  but  resist  
change.  
It’s  in  our  DNA  to  want  to  
remain  with  known  
approaches.
Those  who  resist  improved  
security  aren’t  crazy,  they’re  
human.
Landing  the  Plane
“People  don’t  
buy  what  you  
do,  they  buy  
why  you  do  it.”
SIMON  SINEK
No  one  can  tell  us  what  
“right”  looks  like,  because  of  
experience  &  perspectives.
Your  Advocates  will  help  fuel  
the  cultural  change.  
Empower  them.
25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Questions?
26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Stay  connected  at  communities.ca.com
Thank  you.
27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Security
For  more  information  on  Security,
please  visit:  http://cainc.to/CAW17-­Security

More Related Content

What's hot

Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
CA Technologies
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
Zscaler
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why
Flexera
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
Cristian Garcia G.
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
Darryl Santa
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
Zscaler
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
Cloudflare
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security:  Can you afford not to switch?Cloud vs. On-Premises Security:  Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
CA Technologies
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020
Dan Hollinger
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureGoing Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Cloudflare
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
Zscaler
 

What's hot (20)

Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security:  Can you afford not to switch?Cloud vs. On-Premises Security:  Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureGoing Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking Infrastructure
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 

Similar to Making Security Work—Implementing a Transformational Security Program

NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
CloudMask inc.
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix Pitch
Ashok Dandu
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Enterprise Management Associates
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用
Amazon Web Services
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
EMC
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
Veritas Technologies LLC
 
Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019
Andreas M. Oswald
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
Microsoft UK
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
nsheel
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
nsheel
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
DevOps Indonesia
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
Fujitsu Middle East
 
Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
How to Enhance Your Application Security Strategy with F5 on AWS
 How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS
Amazon Web Services
 

Similar to Making Security Work—Implementing a Transformational Security Program (20)

NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix Pitch
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
 
Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
 
Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732
 
How to Enhance Your Application Security Strategy with F5 on AWS
 How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS
 

More from CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
CA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
CA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
CA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
CA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
CA Technologies
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
CA Technologies
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
CA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
CA Technologies
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
CA Technologies
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
CA Technologies
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
CA Technologies
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
CA Technologies
 

More from CA Technologies (17)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
 

Recently uploaded

Accelerating Migrations = Recommendations
Accelerating Migrations = RecommendationsAccelerating Migrations = Recommendations
Accelerating Migrations = Recommendations
isBullShit
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024
Michael Price
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
Stephanie Beckett
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 

Recently uploaded (20)

Accelerating Migrations = Recommendations
Accelerating Migrations = RecommendationsAccelerating Migrations = Recommendations
Accelerating Migrations = Recommendations
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 

Making Security Work—Implementing a Transformational Security Program

  • 1. Making  Security  Work—Implementing  a   Transformational  Security  Program Brent  Comstock SCT06S SECURITY Group  Vice  President  – Identity,  Access  and  Data  Protection  Strategy SunTrust  Banks
  • 2. 2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies. The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type   of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.   For  Informational  Purposes  Only   Terms  of  this  Presentation
  • 3. 3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Abstract Recent  newsworthy  data  breaches  have  business  and  IT  leaders  asking,  “Are  we   learning  from  the  mistakes  of  others?”    In  an  ever-­increasing  threat  environment,   security  leaders  face  mounting  pressures  to  deliver  effective  security  capabilities  that   protect  business  assets  while  balancing  budgets,  security  risks  and  regulatory  issues. SunTrust  has  started  the  journey  of  transforming  security  capabilities.  This  session  will   explore  the  driving  factors  that  resulted  in  SunTrust  re-­evaluating  its  identity,  access  and   information  security  program.  Furthermore,  it  will  explore  the  key  inputs  and  building   blocks  of  what  it  is  looking  to  establish  in  its  program  and  people,  processes  and   technologies  that  will  be  required  to  achieve  this  vision. Brent   Comstock SunTrust  Banks Group  VP  -­ Identity,  Access  and   Data  Protection   Strategy The  thoughts,  views  and  opinions  I  express  are  my  own.  None  of  these  statements  should  be  considered  to  represent  my  employer,   SunTrust  Banks,  Inc.  in  any  way.
  • 4. 4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Why  I’m  Here  Today THE  WEATHER  OUTSIDE  IS  FRIGHTFUL… WE’RE  NOT  IN  KANSAS  ANYMORE BREAK  THE  MOLD THE  FORK  IN  THE  ROAD FROM  THE  INSIDE  OUT 1 2 3 4 5
  • 5. 5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Weather  Outside  is  Frightful…
  • 6. 6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS *2017  Verizon  Data  Breach  Investigations  Report Exploited  privileged  user   accounts  are  the  common   thread  of  most  data  breaches* “Looking  back  at  the  breaches  that  have  happened  in  the  recent  past  and  looking   ahead  to  GDPR,  ….  it’s  clear  that  security  continues  to  be  critically  important.”   Mike  Gregoire,  Q2  2018  Earnings  Conference  Call,  October  25,  2017  
  • 7. 7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
  • 8. 8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
  • 9. 9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Problem: There  are  large  numbers  of  users,   environments  and  end  points  to   patch,  secure  &  manage,  all  with   changing  security  profiles  over   time.   The  work  load  is  overwhelming.
  • 10. 10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS After  CA  World,  You  Return  Home… Enlightened… Energized… Enthused… And  pretty  freaked  out!
  • 11. 11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS We’re  Not  in  Kansas  Anymore
  • 12. 12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS So  Where  Are  We?
  • 13. 13 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Break  The  Mold
  • 14. 14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS We  protect  what’s   important  to  us. How  we  provide  that   protection  has  to   change.
  • 15. 15 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BREAK  THE  MOLD
  • 16. 16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Fork  in  the  Road
  • 17. 17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Level  of  effort? Budget? Time? • Align  with  Significant   Company  Initiatives • Establish  Security   capabilities  quickly • “Fix”  existing  platforms • Upgrade   • Address  Process  gaps Can  current  technology  and  processes   be  adequately  improved?
  • 18. 18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS From  the  Inside  Out
  • 19. 19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS FORMULA FOR  CHANGE Discover  &  unlock   WHY Impact  Leadership Execute  with   Advocates Organizational  Culture   Change
  • 20. 20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS IAM  – Focus  &  Objectives Creation  of  Identity  credentials,  knowledge  of  high  risks  assets  and  associated  Access  grants  &  controls  are  essential  to   effective  Security  in  this  time  of  unprecedented  threats.  IAM  and  Data  Protection  capabilities  are  highly  interdependent. Mitigate  enterprise  cyber  risks  and  transition  to  proactive  detection  of  control  failures  by  implementing  effective  capabilities &   controls  for  access  to  company  assets: Focus Objectives The  top  areas  of  IAM  focus  include:  a)  acquire  modern  identity  management  capabilities,  b)  gain  visibility   into  movement  of  data  and  usage  of  cloud  services    c)  gain  insights  into  users'   behavior  d)  define  roles  and  responsibilities  and  e)  adhere  to  regulatory  requirements Ø Simplify,  standardize  and  automate  IAM  functions  across  the  enterprise   Ø Utilize  asset  risk  scoring  to  focus  on  securing  highest  risk  assets  first Ø Invest  in  people,  processes,  and  technologies  to  better  monitor  and  detect  malicious  activity Ø Define  and  implement  roles  and  responsibilities  for  IAM  framework  execution  including  increased   Business  engagement  and  accountability Ø Secure  privileged  accounts:  servers,  databases,  applications,  domains,  devices,  service  accts   Ø Integrate  user  behaviors  associated  with  access  and  data  movement  with  all  our  environments  to  detect   threats  and  suspicious  behaviors Ø Enhance  capabilities  to  secure  connections  &  data  movement  to  the  cloud  and  3rd parties Discover  &  Unlock   WHY
  • 21. 21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS IAM  &  Data  Protection  Scope   Given  the  growth  of  cyber  threats,  the  value  of  the  data  and  transactions  that  we  protect  continues  to  increase.  We  must  evolve   our  IAM  practices  to  include  deeper  partnership  and  a  “One  Team”  approach  for  “Modern  IAM”  that  is  much  more  intelligent,   agile  and  transparent.   Cloud  &  Emerging  Technologies  ‘Modern  IAM’  is  a  foundational  tenet  to  enable  the   business  to  benefit  from  emerging  technologies  such  as  the  Cloud  and  Internet  of  Things  (IOT).   Modern  IAM  capabilities  are  faster,  more  secure  and  more  efficient  in  transitioning  applications   and  infrastructure  to  the  cloud.     Asset  Type Applications enable  business  functions  and  meet  access  risk  objectives  through  roles,   entitlements,  and  permissions.  They  are  managed  by  traditional  IAM  solutions  and  are  the   company  asset  type  that  have  the  most  mature  access  controls. End  Users  and  Devices  are  at  the  center  of  business  functions.  Ease  of  use  must  be     balanced  by  the  necessity  to  protect  company  assets.  The  increased  scale  from  the  growing  use   of  mobile  devices  stretches  traditional  IAM  practices  and  capabilities. Data is  stored  in  a  variety  of  formats  and  locations,  and  is  growing  rapidly.  This  growth  is   compounded  by  End  User  compute  environments  (e.g.,  file  shares,  SharePoint)  which  are  not   currently  managed  and  protected  using  traditional  IAM  practices  and  capabilities. Big  Data  (i.e.  Atlas  Data  Lake)  environments  combine  data  from  numerous  sources.  The   complexity  of  defining  access  permissions  to  voluminous,  diverse,  and  sensitive  information   environments  is  not  scalable  using  currently  available  IAM  access  models  and  technology. IAM  Scope Impact  Leadership
  • 22. 22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Why  Are  Advocates  Essential? § With  limited  resources  and  reach,   you  can  tap  into  the  energy  of  passionate   employees.  They  have  knowledge  and   insight § These  employees  become  the  eyes  and   ears  on  the  ground  and  help  to  drive   change  from  within  their  teams § This  feeling  of  ownership,  responsibility   and  influence  creates  engagement   across  the  organization § By  building  direct  relationships  with  different   parts  of  the  business,  you  can  find  out  so  much   more  through  two  way  communications § By  keeping  our  advocates  informed  of  the   latest  news  and  views  around  security  – you  make  them  smarter  and  also  by  proxy  – their  teams  too! Security  is  a  team  sport…engage  the   rest  of  the  team Execute  With   Advocates
  • 23. 23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Analytics  Enablement • Facilitate  Onboarding  &  Data  Access • Document  &  Maintain  Role  Definition   • Request  Data  Group  Setup Provisioning   Facilitator Data  Lake  Domain   Work  Area  (Zone  2) Domain   Role   Security     Group Data   Asset Data   Asset Data   Asset Domain   Users Domain  Team   Manager • “Owns”  Domain • Requests  New  Domain  Roles • Designate  Role  Champion • Develop  Data  Source  Access  Requirements  * Domain   Owner Domain  Role  Owner • Approve  User  Access  to  Role • Attest  to  Role  and  User  Access  Annually • Validation  of  Role  Data  Source  Access  Annually Role   Champion Source  Data  Owner(s) • Approve  Role  Creation • Approve  Data  (not  user)  Access  for  Role Data  Access   Owner Data  Management   Manager  or  Analyst • Identify  &  Validate  Sensitive  Data  for  Data  SourcesData  SME Data  Lake  Operations • Configure  user  on  Data  Lake • Configure  data  access Data  Lake Setup Security   Team  Tasks Organizational  Culture   Change Engage  the  Team  (Example)
  • 24. 24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS None  of  us   is  as  smart   as  all  of  us. People  cannot   help  but  resist   change.   It’s  in  our  DNA  to  want  to   remain  with  known   approaches. Those  who  resist  improved   security  aren’t  crazy,  they’re   human. Landing  the  Plane “People  don’t   buy  what  you   do,  they  buy   why  you  do  it.” SIMON  SINEK No  one  can  tell  us  what   “right”  looks  like,  because  of   experience  &  perspectives. Your  Advocates  will  help  fuel   the  cultural  change.   Empower  them.
  • 25. 25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Questions?
  • 26. 26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Stay  connected  at  communities.ca.com Thank  you.
  • 27. 27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Security For  more  information  on  Security, please  visit:  http://cainc.to/CAW17-­Security