Big Data: trends and governance



Similar documents
Metrics that Matter Security Risk Analytics

Cybersecurity The role of Internal Audit

Defending Against Data Beaches: Internal Controls for Cybersecurity

Elevate Customer Experience and Engagement in the New Digital World

TURKEY BUSINESS ANALYSIS REPORT Thinking Like the Business

How To Manage Log Management

Information Technology Policy

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Security Information & Event Management (SIEM)

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

QRadar SIEM 6.3 Datasheet

Big Data and Analytics: Challenges and Opportunities

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

COMP9321 Web Application Engineering

BIG DATA STRATEGY. Rama Kattunga Chair at American institute of Big Data Professionals. Building Big Data Strategy For Your Organization

Security Controls What Works. Southside Virginia Community College: Security Awareness

What your SIEM vendor will not tell you

Cybersecurity: What CFO s Need to Know

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net

Information & Asset Protection with SIEM and DLP

THE 7 STEPS TO A SUCCESSFUL CRM IMPLEMENTATION DEPLOYING CRM IN THE NEW ERA OF CONNECTED CUSTOMERS

HEC Security & Compliance

API Management: Powered by SOA Software Dedicated Cloud

Information Blue Valley Schools FEBRUARY 2015

Threat Intelligence is Like Three Day Potty Training

Building Reference Security Architecture

Evaluating, choosing and implementing a SIEM solution. Dan Han, Virginia Commonwealth University

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

Standard. Enterprise Architecture Dispensation. 1. Statement. 2. Scope. 3. Dispensation Requests QH-IMP : Approach

Vendor Risk Management Financial Organizations

Beyond Web Application Log Analysis using Apache TM Hadoop. A Whitepaper by Orzota, Inc.

Now, Next and the Future: IT, Big Data and other Implications for RIM. Presented by Michael S. Smith /

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Italy. EY s Global Information Security Survey 2013

MARKETING AUTOMATION SEMINAR BERTRAND MAUGAIN. ez Systems

Certified Information Systems Auditor (CISA)

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

Big Data, Big Risk, Big Rewards. Hussein Syed

Hosting and cloud services both provide incremental and complementary benefits to the organization

The Future of the Advanced SOC

No Data Governance, No Actionable Insights

Italian Enterprises Adopt Big Data Solutions. Forrester Consulting

Securing your IT infrastructure with SOC/NOC collaboration

The Production Cloud

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Adopting the DMBOK. Mike Beauchamp Member of the TELUS team Enterprise Data World 16 March 2010

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The webinar will begin shortly

Cloud Security Fails & How the SDLC could (not?) have prevented them

AGENDA. What is BIG DATA? What is Hadoop? Why Microsoft? The Microsoft BIG DATA story. Our BIG DATA Roadmap. Hadoop PDW

The Analytics Value Chain Key to Delivering Value in IoT

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Become a hunter: fi nding the true value of SIEM.

Data Management: Foundational Technologies for Health Insurance Exchange Success

Personal Security Practices of the CAO

Cyber Security Metrics Dashboards & Analytics

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Big Data and Security: At the Edge of Prediction

Evolution to Revolution: Big Data 2.0

Big Data a threat or a chance?

State of Oregon. State of Oregon 1

Getting Started Practical Input For Your Roadmap

Social Media Boot Camp

FutureWorks Nokia technology vision 2020: personalize the network experience. Executive Summary. Nokia Networks

Leveraging the Cloud for Your Business

Big Data Analytics in Space Exploration and Entrepreneurship

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Data Quality in Retail

The IT Strategic Plan

GPG13 Protective Monitoring. Service Definition

Big Data Are You Ready? Jorge Plascencia Solution Architect Manager

The Emergence of Security Business Intelligence: Risk

Enterprise Security Solutions

How To Transform It Risk Management

Extreme Networks Security Analytics G2 Vulnerability Manager

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

WHITE PAPER Business Process Management: The Super Glue for Social Media, Mobile, Analytics and Cloud (SMAC) enabled enterprises?

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

How RSA has helped EMC to secure its Virtual Infrastructure

David Sandars Sales Director EMEA

Find the needle in the security haystack

Extreme Networks: A SOLUTION WHITE PAPER

Transcription:

Big Data: trends and governance Carlos Gil Director TELUS Security Architecture Presented at: 15 th Annual Privacy & Security Conference Victoria, BC February 6, 2014

Agenda TELUS internal corporate context Big data? What s the big deal? Use and governance a phased approach Lessons learned what you can take away from our experience 2 TELUS Public

TELUS Security Context Corporate demographics: National telco service provider: $10B revenue (2012) 7.5 M Wireless Customers 1.3 M HSIA Customers Significant service provider to both SMB and large complex organizations *Critical infrastructure and service provider Mandate of the CSO: protect TELUS systems and networks, drive and embed security into all areas of the Business to ensure world class security capabilities 3 TELUS Public

Evolving threat landscape Timeframe: 2005 ~ 2011: Embedding Security: Partnership approaches over traditional policing regimes; integration into SDLC Technology Trends: Fundamental shifts of disruptive technologies transforming how and where data is used and controlled Threats: Changing actors and advanced intrusion methods that enterprise must adapt to offshore contractors remote employees mobile devices Solutions: 4 Approaches and tools to embedding security as well as managing technology trends and advanced threats TELUS Public

So, what is Big Data anyway? Big Data describes data sets that are too large, too unrefined or too fast-changing for analysis using traditional relational or multidimensional database techniques. The extreme scale of the data requires specialized analytics applications to parse and make sense of the data *based on* the parameters set out by the Business Example Data points: Facebook 15TB of new data/day, ~120PB, ~6200 nodes Twitter 1TB of new data/day, ~12PB, ~80 nodes Yahoo! 20TB of new data/day, ~72PB, 4500 nodes 5 TELUS Public

Variety, Velocity, Volume & Veracity & Depth 6 February 6, 2014 TELUS Confidential

Evolution into Big Data TELUS CSO rolled out first instance of SIEM in 2006: Aggressive plans to ingest 100s of Firewalls, Network Element logs, and IT system logs SIEM collectors could not handle the flow adding more infrastructure was costly, and operationally complex to support Solution scaled back to critical, high value data zones and systems: SOX, PCI, PIPEDA 2011 ~ 2012: Technical evolution and maturity in high volume, high velocity data analytics was the key 14 TELUS Public

Big Data Security Architecture Maturity Fast forward to 2012 TELUS SIDC architecture security objectives: World class security event correlation / management Security Operations Excellence: Real time automated threat analysis World class security response technologies 15 TELUS Public

Big Data Security Architecture Maturity Fast forward to 2012 TELUS SIDC architecture security objectives: World class security event correlation / management Security Operations Excellence: Real time automated threat analysis World class security response technologies Problem: How do we deal with all that data? 16 TELUS Public

SIEM Big Data Analytics 17 TELUS Public

SIEM Big Data Analytics Big Data Analytics Tier Objective: filter events - funnel relevant events to SIEM for more detailed meaningful analysis and response 18 TELUS Public

Popularity of Big Data In parallel, Business Development and Network Assurance Teams are meeting with vendors. Vendor: Big Data will solve all your problems! Business: Cool! Let s run a trial! BU 1 BU 2 BU 3 BU 4 19 TELUS Public

Big Data Experimentation Opportunity: Assess the true value of Big Data to deliver better services to our clients Drive operational excellence and efficiencies Challenge: Management of data Management of meta data Control who has access to the correlated / contextual data analysis Strategic focus common business and technical alignment 20 TELUS Public

Big Data Experimentation Other challenges to consider: Where will big data analysis occur? Cloud? Vendor Many start ups in this space will they be around in 3 ~ 4 years? Trust? 21 TELUS Public

Big Data Experimentation Good news travels fast: Ongoing business analysis into the benefits of big data analysis Opportunities and assessments filter up to the executive ranks Let s do more POCs! BU 1 BU 2 BU 3 BU 4 22 TELUS Public

Big Data Governance Governance: Policy Practice Procedure Leadership TELUS Security Policy TELUS Data Classification Compliance Team Oversight Executive oversight TELUS Ethics Policy TELUS Data Retention Standards TELUS CSO Architecture TELUS Privacy & Compliance Team Executive strategic direction 23 TELUS Public

Big Data Governance Governance: Policy Practice Procedure Leadership TELUS Security Policy TELUS Data Classification Compliance Team Oversight Executive oversight TELUS Ethics Policy *Key activity is data classification. It will identify particularly sensitive data to monitor access to. TELUS Data Retention Standards TELUS CSO Architecture TELUS Privacy & Compliance Team Executive strategic direction 24 TELUS Public

Big Data Governance Governance: Policy Practice Procedure Leadership TELUS Security Policy TELUS Data Classification Compliance Team Oversight Executive oversight TELUS Ethics Policy *Key activity is data classification. It will identify particularly sensitive data to monitor access to. TELUS Data Retention Standards TELUS CSO Architecture TELUS Privacy & Compliance Team Executive strategic direction *Critically important, assess the contextualized / correlated data! 25 TELUS Public

Compliance Transparency Transparency of use cases A great idea may not necessarily be in alignment with policies, regulations, or legislation Some examples: Geo-location data enriched with Customer specifics CRM data to behaviour or trend activity 26 TELUS Public

Expect to hear But Carlos, what s the big deal? Mmm, you re paranoid! You re standing in the way of progress! Our competitors are already doing it! 27 TELUS Public

Big Data - Governance BU 1 BU 2 BU 3 BU 4 Executive Steering Committee Common view of opportunity Common view of challenges Common view of risks Transparency in governance 28 TELUS Public

Wrap Up Don t shy away from Big Data Analytics They are very useful Eyes wide open! Transparent governance & use of best compliance practices are key 29 TELUS Public

Questions? Contact information Carlos Gil Director Security Architecture TELUS Corporation Carlos.gil@telus.com References: Gartner: Frameworks for Big Data Governance http://www.gartner.com/document/2500619 Forrester: Big Data the evolution of data analysis http://www.forrester.com/big+data+in+fraud+management+variety+l eads+to+value+and+improved+customer+experience/fulltext/- /E-RES103841 32 TELUS Public

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information