Data Protection & Security for SME Challenges & Praxis Powered by: Dipl.-Ing. Jacek Slowik GmbH Brussels, 28 May 2015 Powering the EU Donated Programme: WND-POIG.08.01.00-30-265/13 Programme Scope: Built WEB-Based CRM System for Micro- & Small Enterprizes Global Ideas for CRM + Competitive Intelligence + Mobility
Agenda Introduction Goals for this presentation Data protection and data security understanding of differences IT solutions for SMEs market segment - importance & challenges - Personal data over-usage protection - Data loss prevention - Data access viotation and protection tools Modern data protection challenges in the IT solution design - Business Case - SaaS CRM applications in the cloud - Importance of IT security for Small Business & SMEs - Potential topics to be discussed Conclusions Questions & Discussion Closing remarks Global Ideas for CRM + Competitive Intelligence + Mobility 2
What we want to achieve! Goals: To show the modern challenges in Data Usage and Protection To show that not all SMEs can get sufficiently protected To show that not all SMEs can have sufficient resources To start discussion on: UNIFIED SENSITIVE DATA INTEROPERABILITY Also: & DATA EXCHANGE SECURITY STANDARDS To show huge potential market depth of Data Protection & Security Solutions which might be offered to Small Enterprises To build CEE Competence Centre for Data Protection (T.B.D.?) Global Ideas for CRM + Competitive Intelligence + Mobility 3
About the Speaker â Enchange Since 1992 expert in expert involved in deployment of innovative, modern technologies and modern management methods including ERP/IT systems Since August 1996 leads own consultancy registered in North Bavaria (Oberpfalz, Bayern, DE) Co-owner of several small companies in PL Areas of Expert Knowledge: Integration and optimizing of supply chain planning processes & ERP systems after Merger & Acquisitions Consulting focused on ERP systems (SAP, JDA, Oracle, Movex, etc.), mainly for lobal MNCs Design and deployment of regional operational planning systems S&OP supported by IT systems (e.g. SAP APO, JDA/Manugistics, etc.) Designing and deployment of Competitive/Business Intelligence solutions for stacjonary and mobile business Designing and deployment of mobile solutions for sales forces Training in modern management methods and technologies Evaluation of innovative potential for enterprises and dedicated projects Global Ideas for CRM + Competitive Intelligence + Mobility 4
Po co się spotykamy i co chcemy osiągnąć INCREASING ROLE OF DATA PROTECTION Global Ideas for CRM + Competitive Intelligence + Mobility 5
Gartner Hype Cycle Curve for Emerging Technologies - 2014 http://www.gartner.com/newsroom/id/281991 Global Ideas for CRM + Competitive Intelligence + Mobility 6
Data Protection & Security for SME - Challenges Personal Data Over-Usage Protection - Sensitive Personal Data Access - Data Anonymisation - Cross Country Pers. Data Sharing Data Loss Prevention - Data Redundancy - Cloud Storage Solutions -- Data Centres Data Access Violation - Usage of SSL Certificates - BYOD Protection - SME as threat for LE Global Ideas for CRM + Competitive Intelligence + Mobility 7
Personal Data Over-Usage Protection - Challenges Sensitive Personal Data Access: E.g. Medical Data Regulations different per country European e-sens interoperability Data anonymisation: Right to be forgotten Loss of marketing and social media related data Over-usage of e.g. Facebook data sharing Big Data extracting algotithms Personal Data Over-Usage Protection - Sensitive Personal Data Access - Data Anonymisation - Cross Country Pers. Data Sharing Cross-Country Personal Data Sharing: Customer Data for commercial usage (Ebay, Amazon) EU-Regulations v.s. Country Regulation Shared Services and data ownership Global Ideas for CRM + Competitive Intelligence + Mobility 8
Data Loss Prevention modern expectations Methods used for data protection: Data redundancy own intranet servers Cloud double-storage offered as standard by cloud service providers Dedicated Data Storage redundant mass storage PLUS data recovery backup Data Loss Prevention - Data Redundancy - Cloud Storage Solutions -- Data Centres Conclusion: We need the easy and cheep standard for SME data handling (e.g. HDIM by Hitachi) Source Hitachi: http://www.hds.com/assets/pdf/hitachi-white-paper-smes-need-unified-data-protection.pdf Global Ideas for CRM + Competitive Intelligence + Mobility 9
Data Access Violation What can help us? Usage of SSL Certificates: Domain Certificates (standard + EV) Document Sign-Off certificates European e-sens cross-certificates Security Software: Network, Application & Security Optimizers (e.g. CITRIX) Virus & Host Intrusion Protection Vulnerability Scanners Authentication Improvement for Applications and Infrastructure Mobile Device Management including BYOD devices Firewalls: Hardware Firewalls for single & multiple servers & VLAN Centerprise Class Firewalls Data Access Violation - Usage of SSL Certificates - BYOD Protection - SME as threat for LE Software Defined Firewalls gateways for router & VPNS Global Ideas for CRM + Competitive Intelligence + Mobility 10
Po co się spotykamy i co chcemy osiągnąć TOOLS FOR SECURITY PROTECTION Global Ideas for CRM + Competitive Intelligence + Mobility 11
Elements of Data Protection & Security Security Software (examples): Citrix NetScaler Application, Network, and Security Optimization McAfee VirusScan Enterprise Anti-virus, Anti-spyware, Firewall, and Intrusion Prevention McAfee Host Intrusion Protection with Reporting Pro-active Security Against Known and New Threats Nessus Vulnerability Scanner Vulnerability, Configuration, and Compliance Assessment Two-factor Authentication for SoftLayer Portal Higher Security for Logging in to Your Infrastructure and Accounts Mobile Device Management Purpose-built platform for enterprises to secure and manage mobile devices Global Ideas for CRM + Competitive Intelligence + Mobility 12
Elements of Data Protection & Security Firewalls (examples): Hardware Firewall e.g. 10Mbps to 10Gbps protection for single servers. Hardware Firewall (Dedicated) e.g. 1Gbps protection for single, multiple, or all servers on same VLAN. Hardware Firewall (High Availability) e.g. redundant 1Gbps protection for single, multiple, or all servers on same VLAN Fortigate Security Appliance. e.g. high-performance, enterprise-class firewall protection. Gateway Appliances e.g. Software defined firewall, router, VPN, and more Global Ideas for CRM + Competitive Intelligence + Mobility 13
Elements of Data Protection & Security SSL Certificates (Secure Sockets Layer): GeoTrust SSL Certificates - GeoTrust QuickSSL Premium Certificates - GeoTrust True BusinessID Server Certificates Symantec Website Security Solutions - Symantec Secure Site - Symantec Secure Site with EV Other Certificates Issuer Global Ideas for CRM + Competitive Intelligence + Mobility 14
Elements of Data Protection & Security Compliance Security Standards: SOC Reports ISO 27001 ISO 27001 Cloud Security Alliance STAR Registrant PCI Compliance HIPAA Compliance EU Model Clauses Global Ideas for CRM + Competitive Intelligence + Mobility 15
SaaS CRYSTAL CRM Business Case for Small & Smaller Medium Size Enterprises METODOLOGIA SCRUM Global Ideas for CRM + Competitive Intelligence + Mobility 16
CRYSTAL CRM SaaS Solution for Small & Smaller Medium Size Enterprises Why Small & Smaller Medium Size Enterprises? Small companies have no funds for Mid Size Solutions (like MS Dynamics) Small companies have no own IT-staff 90% of IT services are external Small E-Commerce (e-shops) and field operating service companies (brokers, sales forces, equipment repair, etc.) have no idea what CRM system is Estimated IT market depth for Small Enterprises in Poland may be as high as 2 3 billion EUR (8 12 billion PLN) Estimated IT market depth for Small Enterprises in Germany may be as high as 10 20 billion EUR Security Challenges: Prepared for hundreds of personalized users expected Domain certification deployed Cloud data storage under deployment... Not easy Mobile devices security not yet under control Global Ideas for CRM + Competitive Intelligence + Mobility 17
RTM - Collaboration with Distributors (example from Mobile CRM praxis) Brewary Field Force Data Collection Early Warning system Data collector At Distributor Distributor Performance Dashboard at Brewary Data collector Data Handling at Distributor Distributors Data flow between outlets and host brewary Global Ideas for CRM + Competitive Intelligence + Mobility 18
Data Protection & Security in CRM Praxis Data Protection and handling: Secure storage and handling of personal and commercially sensitive data Must support Data Protection Act in Poland Must ensure data anonymisation Must ensure safe and effective data backup and data recovery Data Security: Secure profile creation and handling (using domain certificate) Must minimize risk originated in usage of mobile devices Must incorporate certified documents sign-off Must minimize risk coming from cloud data traffic Global Ideas for CRM + Competitive Intelligence + Mobility 19
TOGETHER we CAN ACHIEVE MIRACLES! Global Ideas for CRM + Competitive Intelligence + Mobility 20
Conclusions Presentation has tried to show: Different aspects of Data Protection & Security Complicity of technologies to be integrated Small & Medium Size Enterprises DO NEED a cheep and unified standard of Data Interoperability and Security Worthwhile to start discussion on: UNIFIED SENSITIVE DATA INTEROPERABILITY & DATA EXCHANGE SECURITY STANDARDS Especially SMEs may profit from cheaper future solutions New challenges nock to the doors: BIG DATA & INTERNET of THINGS!!! Global Ideas for CRM + Competitive Intelligence + Mobility 21
Questions??? Please send to the Author...... even after this presentation... Global Ideas for CRM + Competitive Intelligence + Mobility 22
Po co się spotykamy i co chcemy osiągnąć THANKS FOR YOUR ATTENTION! See you soon! Global Ideas for CRM + Competitive Intelligence + Mobility 23