1 Day 2 DIGITAL BUSINESS TECHNOLOGIES Digital Business CeBIT Campus 2015 Unlocking & Locking Big Data: Defending the DataLake Part 1: Stephen Lloyd-Jones, MD, DataLake Solutions Part 2: Richard Brown, MD, Cogito Group
2 Day 2 DIGITAL BUSINESS TECHNOLOGIES Digital Business CeBIT Campus 2015 Part 2: Locking Data We can no longer fence this data in to protect it. We re witnessing the growth of the internet and the ever increasing connectivity of people and devices; dynamic intelligence over static intelligence and the borderless over the perimeter.
3 The Castle Defence Traditional data protection Until now strong protection of the border involved: Restricted entry based on entry points (ports) Not much else On compromise only options were: to further restrict entry points Maybe add IDS, IPS and SPI Still have a host of vulnerabilities.
4 Rapidly changing landscape Not all threats come in through the front door The trusted insider threat Bring Your Own Device Our systems are no longer just on our physical premises but in the cloud and accessible via the internet. Accessed by employees, contractors, customers and partners Accessed any time from anywhere in the world Once your in there are very few restrictions Data access is possible With the introduction of Virtualisation you can even steal and entire server or just alter it with malicious intent.
5 Rapidly changing landscape Business has evolved and needs solutions are adaptable, scalable and integrated. The security approach needs to do likewise. Security also needs to: See past one box or solution. A layered approach gives greater assurance See authentication and encryption as essential components. Adapt to internet scale rather than enterprise scale.
6 The New Look Castle Next Generation Firewalls Boundary Protection will always play an important role but has new and improved guards at the entrance including: Heuristic techniques to identify patterns and can now defend against zero-day vulnerabilities Rules based on user identification: Social networking apps can be enabled Content identification: stop threats and prevent data leaks Decryption and inspection of secure packets Filtering and checking based on daily updates (eg URL and AV) *Image courtesy of Palo Alto Networks
7 Identity is KEY You need to get it right from the start and to the end Provisioning, update and de-provisioning are key An identity is the set of attributes that uniquely identify an entity. An entity may be: a person (an employee, a contractor) a device a third party (such as a partner, an agency or a service provider) Entities include users from outside the organisation and may represent a group or role. Organisations now need to gain an understanding of the relationships it has with identities. Identity and Access Management: Outside the boundary participants *Image from Gartner
8 Authentication Know the other end, even internally Know that the communications is not only secure but that it has not been tampered with. For all devices eg Between Network devices Web services Servers PCs BYODs
9 Multi Factor Authentication MFA remains one of the most effective measures to prevent a cyber-intruder MFA is the provision of multiple pieces of information in order to perform tasks such as system authentication. Something you know (eg username and/or passwords) Something you have (eg OTP or smartcard) Something you are (eg biometrics) Edward Snowden proves why is can be so effective.
10 Encryption Assume a compromise of your boarder will occur at some point. Protect your data, not just the border using encryption Protecting the keys used for encryption from compromise and loss. Make sure you change keys regularly.
11 Protection Examples DB File Storage Unit Don t use storage managed encryption Applications Virtualised Platforms
12 Make sure the keys stay in the kingdom Keys to the kingdom must remain in control of the keepers of the castle. What environments can I do this with On-premises In the cloud Hybrid on-premises/cloud environment Keeping the keys means: On-premises administrators don t need to see the data to perform their roles In the cloud even the trusted service providers can t get to your data.
13 THANK YOU! Please contact us for more info Web Booth S51 Richard Brown CEO Cogito Group
Securing Your Data In The Cloud: an insiders perspective INTRODUCTION As the increasing use of cloud computing and other technologies is changing the world of data management, keeping your data private
Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD FORTINET Enabling Secure BYOD PAGE 2 Executive Summary Bring Your Own Device (BYOD) is another battle in the war between security
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS The Challenges and the Solutions Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
Securing Platform as a Service: A Technical Whitepaper on Security Practices at CloudBees As a consumer of cloud services, you are relying on your cloud service provider in ways that were previously limited
The Future of Information Security Is Context Aware and Adaptive Gartner RAS Core Research Note G00200385, Neil MacDonald, 14 May 2010, RA3416 01022011 Most of today s security infrastructure is static
WHITEPAPER An Adaptive Approach to Network Security Evolve your network security strategy to meet new threats and simplify IT security operations Frank Andrus CTO, Bradford Networks Executive Summary...
WHITE PAPER Protecting Your Network From the Inside-Out Internal Network Firewall (INFW) Protecting Your Network From the Inside-Out Internal Network Firewall (INFW) Table of Contents Summary 3 Advanced
1 Table of Contents Introduction... 3 What is SSL?... 4 How does SSL work?... 7 Google & SSL... 11 SSL/TLS... 13 Web Filtering SSL... 14 About Lightspeed Systems... 26 2 Introduction SSL is a challenge
Page 1 Securing Sensitive Data within Amazon Web Services EC2 and EBS Challenges and Solutions to Protecting Data within the AWS Cloud Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States:
SOLUTION BRIEF CA ADVANCED AUTHENTICATION How can I provide effective authentication for employees in a convenient and cost-effective manner? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
Best Practices for Security and Compliance with Amazon Web Services A Trend Micro White Paper I April 2013 Contents Executive Summary...2 Defining Cloud Computing...2 SERVICE MODELS...3 DEPLOYMENT MODELS...5
Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased
White Paper Getting ahead in the cloud A White Paper by Bloor Research Author : Fran Howarth Publish date : March 2013 Users are demanding access to applications and services from wherever they are, whenever