Scribd Logo
Upload

Welcome to Scribd!

  • IT Security in The Real World - A Value Proposition

    Uploaded by

    quocirca
    133 views29 pages
    To what extent are the following a threat to it security? Scale from 1 = "not a threat" to 5 = "a very serious threat" how well prepared is your organisation to protect against the following risks? Scale from 5 = "very well prepared" to 1 = "very poorly prepared"

    Original Description:

    Original Title

    IT security in the real world - A value proposition

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    To what extent are the following a threat to it security? Scale from 1 = "not a threat" to 5 = "a very serious threat" how well prepared is your organisation to protect against the following risks? Scale from 5 = "very well prepared" to 1 = "very poorly prepared"

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    133 views29 pages

    IT Security in The Real World - A Value Proposition

    Uploaded by

    quocirca
    To what extent are the following a threat to it security? Scale from 1 = "not a threat" to 5 = "a very serious threat" how well prepared is your organisation to protect against the following risks? Scale from 5 = "very well prepared" to 1 = "very poorly prepared"

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    IT security in the real world

    A value proposition

    Bob Tarzey,
    Service Director
    Quocirca Ltd

    Manchester
    May 19th 2010
    Total value proposition

    Drive UP

    Value

    Risk Cost
    Drive Drive
    DOWN DOWN
    What risks does IT security mitigate?
    To what extent are the following a
    threat to IT security?

    Source, Quocirca –
    You sent WHAT?
    May 2010

    Scale from 1 = “not a


    threat” to 5 = “a very
    serious threat”

    Risk mitigated – the obvious and the unmentioned?


    Causes of leaks – mostly internal

    Employee oversight

    Poor business process

    Manager approved

    Malicious

    Other

    Source, Symantec, Risk


    Assessment Findings, 2010

    Risk mitigated – business practices and employees


    are the main source of data leaks
    Total = 356 => 1 per day

    Risk mitigated – accidents – human nature


    Sources of “stolen data” – mostly external

    Source, 7 Safe, UK
    Security Breach
    Investigations Report, 2010

    Risk mitigated – external agents are the main


    source of data compromise
    How well prepared is your organisation to
    protect against the following risks?

    Scale from 5 = “very


    well prepared” to 1 =
    “very poorly prepared”

    Source, Quocirca –
    You sent WHAT?
    May 2010

    Risk mitigated – protection of PII and IP, regulatory


    compliance versus business risk
    Do employees implement back door solutions for
    IM, VoIP, web conferencing etc.

    Superhighway at the
    Crossroads –
    Quocirca, Sept 2008

    Risk mitigated – do you really know what channels


    employees use – its all about port 80 these days
    What is the value of IT security?
    Percentage saying external users are
    provided access to internal systems

    Source, Quocirca, The


    Distributed Business
    Index, March 2008

    Value – enabling communications


    Network convergence

    Value – safe use of a wide ranging communication


    channels (email, external via port 80 and internal)
    How confident are you that you can
    control users ability to do the following?

    Source, Quocirca –
    You sent WHAT?
    May 2010

    Scale from 1 = “not


    confident” to 5 =
    “very confident”

    Value – communication channels hard to secure


    on a case-by-case basis
    Percentage of employees working remotely
    at some point during a week

    Source, Quocirca, The


    Distributed Business
    Index, March 2008

    Value – responsive business processes and


    flexible working through mobility
    OK, so it is worth having IT
    security; but how do we keep
    the cost down?
    How influential are the following factors in limiting
    investment in security?

    Axis: 5 = very big


    influence to 1 =
    no influence at all

    From Quocirca report,


    “Privileged user
    management”, Oct 2009

    Cost is the main limiting factor


    Issues the drive cost up

    • Too many suppliers


    – Consolidate
    • Too many “points” of deployment
    – Reduce
    • Inefficient to maintain
    – Outsource/cloud
    • Complex to manage/resource intensive
    – Automate/simplify
    Consolidate suppliers - then

    Data leak
    prevention Identum

    Web content
    security
    Kelkea
    Email security

    Internet
    Security

    Anti-virus

    General
    security

    1985 1990 1995 2000 2005 2010


    Consolidate suppliers - now

    Data leak
    prevention

    Web content
    security

    Email security

    Internet
    Security
    Fate of small vendors:
    Anti-virus 1.Diversify
    2.Become part of the
    General infrastructure
    security
    3.Become part of a big
    1985 1990 1995 vendor’s
    2000 security
    2005suite 2010
    Deploy security where it is most effective

    Cloud
    On on-
    premise

    Software
    Cloud
    Virtual appliances update
    services
    Appliances
    Unified security deployment
    • Content filtering
    • Malware detection
    • Identity
    Email • Policy
    Cost
    •URL filtering
    •Malware detection Overlap
    Web
    •Content filtering between
    •Policy
    products
    • Identity checking
    means
    • Encryption overlapping
    Remote • Content filtering functionality
    access • Policy
    and expensive
    • Encryption
    to manage
    • Content filtering
    Content • Identity checking
    security • Policy
    Problems organisations face with
    managing compliance?

    Scale from 1 = “not


    a problem” to 5 =
    “a very serious
    problem”

    Cost – time and resources are indeed a bit problem


    – need a compliance oriented architecture
    How to build a compliance
    oriented architecture at an
    affordable cost
    First – have a policy

    Policy should:
    1. Define how data is used
    2. Aim to prevent breaches
    3. Detail how breaches are handled
    4. Be reviewed date in light off
    • New technology
    • New legislation
    • New business processes
    Link policy to people and conent

    Print Blogs

    USB SMTP
    Policy
    FTP Web 2.0

    Web Mail HTTP


    The move from network centric
    security

    Security

    People

    Content

    Servers and end points

    Network
    Time
    Deployment of security standards and
    methodologies?

    From Quocirca report, “Privileged user


    management”, Oct 2009
    Conclusion

    Risk reduction and value


    increase must out weigh cost
    Thank you

    Thanks, this presentation will be available on


    www.quocirca.com

    Thank you
    Bob Tarzey
    Quocirca
    www.quocirca.com

    You might also like