How to create Revenue and Value with IT Security. It can be done. Andre Bertrand

Transcription

1 How to create Revenue and Value with IT Security. It can be done. Andre Bertrand

2 A bit about me Head of IT Risk and Security at SEEK I live in Melbourne Background in financial, MSSP and media companies in Australia and the UK I also worked for McLaren F1 team while in the UK. For a car nut that was pretty high up there! I support Variety Children's Charity Disclaimer: These views are my own

3 Introduction Sometimes IT Security can be seen as a cost centre, managing risks that may or may not occur. This can lead to security being optimised for cost efficiencies making requests for further investments or resources harder. What ways can you go about to lessen the cost centre focus and begin to be seen as revenue and value adding for your company?

4 How to go from. To

5 Agenda Three ways that IT Security can add value and generate revenue Integrate and sell enhanced security/fraud protection/privacy features Adding value through repurposing your current capability Adding value through protecting digital channels and initiatives

6 A note before we get started Today we are talking about security activities or opportunities in addition to the main mission of protecting the organisation, customers and shareholders

7 Some examples of security/fraud protection/privacy features to core products

8 Integrate and sell enhanced security/fraud/privacy features Carsales Privacy Protect

9 Integrate and sell enhanced security/fraud/privacy features Akamai - Security products complimentary to main products

10 Integrate and sell enhanced security/fraud/privacy features Telstra - Security products complimentary to main products Network/Cloud Domain Hosting Phone Services

11 Integrate and sell enhanced security/fraud/privacy features GoDaddy - Domain Registrars Privacy settings option. Modern version of PO Box. Digital Physical

12 Integrate and sell enhanced security/fraud/privacy features How not to do it. Ashley Madison Secure Delete - Fields not removed for $19 GPS coordinates, city, state, country, weight, height, date of birth, smoke and/or like a drink, gender, ethnicity, what turns you on etc

13 Integrate and sell enhanced security/fraud/privacy features 5. Operate and improve over time to maintain relevance to the market 1. Look at what your company does or sells 2. Understand where there are opportunities for additional protection or enhanced services Security, fraud protection or privacy product or service add-ons seem to work where; You have scale, cost advantage and capability that your customer does not have 4. Build, buy or license new capabilities 3. Size the opportunity and costs to complete or run You serve a need such as anonymity that not all customers want or demand

14 Repurposing your current capability We gather huge amounts of information to find the threats and manage risks Are parts of that data useful to someone else?

15 Repurposing your current capability Security activity/process Beneficiary 1 Monitoring of internet proxies Knowledge of platforms use and sprawl in use useful to operations and finance in relation to Shadow IT 2 Managing third party risk Supply chain risk knowledge being of use to procurement or legal 3 Monitoring of domains and websites Knowledge of web domains useful to marketing (brand) and legal

16 Repurposing your current capability 4 Security activity/process Monitoring server configuration Beneficiary IT Operations looking to understand an outage and who changed what and when 5 Vulnerability Scanning IT Operations looking to understand installed applications or operating systems 6 Network monitoring Understanding of unusual traffic flows affecting network performance This will require some creative thinking around what activities and data you already have and who they could also be used by

17 Protect Digital Channels and Initiatives How to add real value by working with business and product owners to solve digital business and competitive opportunities

18 Protect Digital Channels and Initiatives What is the business measuring? Cost of customer acquisition (Sales) Customer churn rates Defects per 1000 products Revenue per customer segment Customer complaint rates Speed to market Understanding what the key business metrics are ensures that you can align your outcomes to supporting these

19 Protect Digital Channels and Initiatives Business problem or opportunity Our web analytics are being skewed by bot activity. How can I stop this from happening? Better Security Understanding of bot patterns and behaviour on digital assets Enables.. More accurate analytics figures leading to more accurate KPI s and product decisions

20 Protect Digital Channels and Initiatives Business problem or opportunity We are launching a customer support product that allows us to instant message customers and provide support. How can we ensure client confidentiality? Better Security Application of authentication, fraud detection and encryption controls Enables.. Lower support costs from customer adoption of IM support

21 Protect Digital Channels and Initiatives Business problem or opportunity We are having great success with our social media presence. How can I ensure that our account is secure and can t be taken over? Better Security Use of MFA, strong credentials, account recovery Enables.. Retained customer trust Strong social media sentiment

22 Protect Digital Channels and Initiatives Business problem or opportunity I am concerned that our platform is being used to defraud us or other customers. How can I put in place controls that balance effectiveness vs customer friction and drop off rates? Better Security Stronger authentication, fraud capabilities, user education, monitoring Enables.. Repeat customer visits and revenue Low Net Promotor Detractors scores

23 Protect Digital Channels and Initiatives Business problem or opportunity My website visits to sales conversion rate is being pushed down by fake enquiries. This not only affects our metrics but also creates costs and inefficiencies. What can I do to lower our false leads rate? Better Security Sales leads verification capabilities Website visit patterns Enables.. Better sales conversion rates Lower sales leads response times

24 Protect Digital Channels and Initiatives Business problem or opportunity We are looking to buy another company. How do we know if the Intellectual Property we are buying the company for has been compromised? Better Security Understand breaches and current capability of target company Enables.. Better market intelligence More competitive M&A deal sizing

25 Protect Digital Channels and Initiatives Business problem or opportunity I am concerned that competitors are scraping my platform for sales leads and price information. How can I stop or at least manage this? Better Security Bot defences, traffic patterns, app defences Enables.. More competitive position in marketplace

26 Protect Digital Channels and Initiatives Business problem or opportunity I send out weekly offers to my customers. How can I be sure that it will get into inboxes and not be seen as SPAM by ISP s? Better Security Adoption of SPF, DKIM and DMARC. Vetting of templates against SPAM filters Enables.. Higher inbox delivery rates Higher customer conversion rates Lower cost of sales

27 Protect Digital Channels and Initiatives Business problem or opportunity I want to ensure that rogue code is not being put into my products eg. VW Diesel scandal Better Security Unit Tests Enables.. Regulatory compliance Lower customer complaints Less legal exposure

28 Summary Recognise that information security has core skills and capabilities that are useful for a wide range of business and customer needs Understand what success is for your business and focus on providing value or deriving value from your current products or services Have a solid understanding of what your business Key Performance and Key Risk indicators are and use that language to measure your controls, revenue and improvements

29 Thanks for your time today Are there any Questions? We are Hiring. I know a website where you can find the jobs. Andre Bertrand