SlideShare ist ein Scribd-Unternehmen logo

Secure adn Contained Access for Everybody, at Anytime

Als PPTX, PDF herunterladen
Uni Systems S.M.S.A.
Uni Systems S.M.S.A.

The document provides an overview of the challenging environment of secure access for mobile workers and privileged insiders. It discusses how traditional security solutions have limitations in balancing user needs for mobility with enterprise IT needs to meet security and compliance requirements. The Uni Systems secure access solution is presented as providing layered protection through fine-grained access control, application protection, command filtering, detailed auditing and other capabilities. The implementation approach involves assessing needs, designing customized infrastructure, and deploying in phases. Success stories from telecom and financial clients highlight how the solution provided controlled, auditable access for remote users while meeting security objectives.

1 von 29
Secure and Contained Access for Everybody, at Anytime Anastasios Moustakis, Senior Solution Architect Uni Systems Copyright 2013 1
Agenda • The Challenging Environment of Secure Access • Security Trends, User & IT Requirements • Uni Systems Secure Access Solution Overview • Implementation Approach • Success Stories
1.3 Billion Mobile workers by 2015 Mobile Worker Population – IDC, Jan 2012
C-Suite 42% The top 3 groups driving support for non-standard devices VPs & Directors 43% are in management Managers 27% Consumerization of IT Study. April 2011, IDC
“How many “How many days a different computing devices week on average do you do you use on a daily basis?” work outside the office?” Family PC | Work PC | Personal Laptop | Tablet | Smartphone 42% 0 21% 34% 1-2 52% 16% 3-4 15% 6% 2% 5 12% 1 2 3 4 5+ Global BYOD Index - Survey of Corporate Employees February 2011, Citrix Systems
How Users Feel Today
User Needs Freedom to access all their apps and data from any of their devices
For Enterprise IT, any device access, presents big challenges
IT Needs to meet security and compliance requirements
But the needs of users and IT must be balanced
“Privileged Insiders” are granted more trust
Who are “Privileged Insiders” Well Controlled Not So Much? Mobile/Any device Highly Trusted Business Highly Trusted IT Users: Users Systems, Database, Network Administrators
The Changing Security Landscape • Redefining the Perimeter • New Trust Model Needed • Spearfishing Attacks Targeting Privileged Users • Increasingly Stringent Compliance and Audit Requirements “The biggest issue facing information security professionals is that our traditional trust model is broken.” Forrester Research
Frequency & Cost of Insider Breaches 30 % of large enterprise customers experienced a malicious insider breach Average days to resolve Source: Second Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies (Ponemon Institute, 2011) 14
Challenges for Secure Access • Increasing Compliance, Audit Requirements and Security Mandates • Changing Trust Model • 3rd Party and Employees - No differentiation • Remote or Internal and Mobility- Disappearing perimeter – “Remote” an obsolete term • User and Asset / System Policy - Policy does not intersect • Movement to Centralized Computing • Operational Efficiency and Reduced Cost • Virtualized Servers/Desktops, Cloud - Landscape Change
Traditional Solutions have Limitations Issues NW focus, not user/app level access Firewalls control VPNs + Jump Box Hard to audit, difficult to manage Complicated ACLs, NW Layer Only Routers End-user focused Active Directory No inside access control, containment NAC Risks are amplified Virtual Desktop SIEM/Log Mgmt Reactive, lacks data for privileged “insider”
Uni Systems answer: “Zero Trust” via Layered Protection Attributed Use of Shared Privileged Account Leapfrog Prevention Session Monitoring/Recording Command Filtering Whitelist/Blacklist White List/ Least Privilege Access Positively ID The User Vault Server A: Tamper-proof ID: abc123 Log PW: xyz$21 Server B: Complete Activity Logging ID: cde234 Policy Violation Logging with DVR-Like Playback and Skip PW:eie10$
Solution Scope • Provision of a System that will offer: • Configurable, • Secure, • Recordable, and • Fully Controllable • Secure Local & Remote or Mobile Access for: • Privileged Users, (internal or 3rd party) • Employees and • Business Partners 18
Solution Essential Capabilities (1/2) • Enforce fine-grained Access Control on different type of users • Configurable multi-level authentication with time-based access rights • Protect applications and expose only the presentation layer • Contain privileged users to authorized resources and prevent leapfrogging 19
Solution Essential Capabilities (2/2) • Protect data and prevent leakage • Generate a detailed Audit Trail for proof of compliance and investigations • Record access sessions – video & CLI recording • Protect privileged user and application passwords • Eliminate the use of shared passwords for administrative accounts 20
Solution Architecture User Zone Secure Access Component Zone Trusted and Protected Zone Internal/External/Mobile SSO, Password and 7 Internal Protected User Device 10 Shared Account Password Systems 1 Management Vault Any Device 8 Gateway Application / 3 Access Session and ICA Client User, Session- Control Desktop 2 based access USB Boot Desktop (SSL, Proxy Access control & DLP USB Secure Web (ICA)) 4 Browser Portal Web Video-like and CLI 5 Leapfrog prevention Interface Logging and Sandboxed Apps Sessions Recording Certificate Token Endpoint Token User Report & 11 Management Infrastructure Repository Workflow Desktop, Thin (MDM, USB (Hard, SMS) (A.D.) 6 db Server, Storage, Network, S Boot, Isolated client, Laptop, Mobile Browser) Workflow & Report Engine 9 ecurity Devices, Device, Smartphone 21
Vendors Internal/External/Mobile SSO, Password and Internal Protected User Device Shared Account Password Systems Management Vault Any Device Gateway Application / Access Session and ICA Client User, Session- Control (SSL, Desktop based access USB Boot Desktop Proxy (ICA)) Access control & DLP Token Portal Web Video-like and CLI Leapfrog USB Secure Web Interface Logging and prevention Browser Sessions Recording Certificate Sandboxed Apps Endpoint Token User Report & Management Infrastructure Repository Workflow (MDM, USB (Hard, SMS) (A.D.) db Desktop, Thin Boot, Isolated Server, Storage, Network, client, Laptop, Mobile Browser) Workflow & Report Engine Security Devices, Device, Smartphone 22
Implementation Approach (1/2) • Systems Integration Project • Modular Architecture • Based on: • Type of users – 3rd party privileged users, Business partners, Internal Administrators • Type and Number of internal protected systems • Type and Number of Services required (Applications, Desktops, Resources) • Type and Number of Endpoint Device usage • Integration points with existing systems (Workflow, Helpdesk, etc)
Implementation Approach (2/2) • Specific Methodology: • Analysis Phase: • Infrastructure Assessment and Readiness Evaluation • Proof of Concept • User Requirements – Application, Services, Resources, Policies • Design Phase: Infrastructure Design, Policies • Build & Test Phase • Roll-out Phase
Secure Access Solution with Uni Systems The proven expertise and practical guidance needed for success Assess Design Deploy Devices Documented solution design Training Apps - Services Hardware and infrastructure Independent analysis/ verification Mobility - BYOD Operations and support Pilot Security Test and QA
Success Stories : TOP Telecom Provider Problem: Answer: • Consolidate & grant secure access to • Centralize access control across critical 3rd Party Administrators users with distinct missions • Different method of access • Ensure contained and auditable access • Points of Vulnerability • Meet federal compliance requirements • Absence of uniform management • Workflow driven operation Results: • Control over privileged users and critical infrastructure and assets • Tight control over who gets access to what, when and for how long • Contain users to authorized systems only • Audit quality logging for compliance “With the Uni Systems Secure Remote Access Solution we have an all-in-one solution for these higher risk users which gives us the peace of mind that we are meeting our objectives to safeguard our network and the sensitive information it contains.” Security Expert at Telecom Provider 26
Success Stories : Top Financial Institute Problem: Provide secure access to hundreds of remote developers, administrators and auditors – no containment of users to authorized resources – IT resource intensive, cumbersome and ineffective access controls – no audit trail or ability to match controls to specific users Results: A unified, easy to manage solution – hundreds of business critical 3rd parties now granted secure, controlled access – increased operational efficiency with a single solution – provided an audit trail for internal security requirements and external compliance mandates “What is so special about you --- ‘containment, containment, containment.’” VP Security officer, Top Financial Institution
Uni Systems empowering Secure Access of the future With the mobility and agility users need today
Thank you! www.unisystems.com

Empfohlen

IDC it security dc_transformation_roadshow2012
IDC it security dc_transformation_roadshow2012IDC it security dc_transformation_roadshow2012
IDC it security dc_transformation_roadshow2012Uni Systems S.M.S.A.
 
Workspaces for Tomorrow: Turning Vision to Strategy
Workspaces for Tomorrow: Turning Vision to Strategy Workspaces for Tomorrow: Turning Vision to Strategy
Workspaces for Tomorrow: Turning Vision to Strategy Uni Systems S.M.S.A.
 
IT__forum_11
IT__forum_11IT__forum_11
IT__forum_11Uni Systems S.M.S.A.
 
Cloud computing 2012
Cloud computing 2012Cloud computing 2012
Cloud computing 2012Uni Systems S.M.S.A.
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
How to ensure Business Continuity in the Cloud
How to ensure Business Continuity in the CloudHow to ensure Business Continuity in the Cloud
How to ensure Business Continuity in the CloudUni Systems S.M.S.A.
 
End-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftEnd-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftUni Systems S.M.S.A.
 
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...Uni Systems S.M.S.A.
 

Empfohlen

IDC it security dc_transformation_roadshow2012
IDC it security dc_transformation_roadshow2012IDC it security dc_transformation_roadshow2012
IDC it security dc_transformation_roadshow2012Uni Systems S.M.S.A.
 
Workspaces for Tomorrow: Turning Vision to Strategy
Workspaces for Tomorrow: Turning Vision to Strategy Workspaces for Tomorrow: Turning Vision to Strategy
Workspaces for Tomorrow: Turning Vision to Strategy Uni Systems S.M.S.A.
 
IT__forum_11
IT__forum_11IT__forum_11
IT__forum_11Uni Systems S.M.S.A.
 
Cloud computing 2012
Cloud computing 2012Cloud computing 2012
Cloud computing 2012Uni Systems S.M.S.A.
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
How to ensure Business Continuity in the Cloud
How to ensure Business Continuity in the CloudHow to ensure Business Continuity in the Cloud
How to ensure Business Continuity in the CloudUni Systems S.M.S.A.
 
End-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftEnd-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftUni Systems S.M.S.A.
 
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...Uni Systems S.M.S.A.
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2contrastcbt
 
Blue Central and the world of End User Computing
Blue Central and the world of End User ComputingBlue Central and the world of End User Computing
Blue Central and the world of End User ComputingBlue Central
 
Microsoft India - System Center Desktop Virtualization Strategy Whitepaper
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft India - System Center Desktop Virtualization Strategy Whitepaper
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft Private Cloud
 
Cloud computing simplified
Cloud computing simplifiedCloud computing simplified
Cloud computing simplifiedjohndorian555
 
Virtual Desktops: How Secure Can They Be?
Virtual Desktops: How Secure Can They Be?Virtual Desktops: How Secure Can They Be?
Virtual Desktops: How Secure Can They Be?Desktone
 
Whitepaper: Connected Office Enterprise
Whitepaper: Connected Office EnterpriseWhitepaper: Connected Office Enterprise
Whitepaper: Connected Office Enterpriseframeworksem
 
ITC Capabilities Brief 2014
ITC Capabilities Brief 2014ITC Capabilities Brief 2014
ITC Capabilities Brief 2014Jeffrey Strobach
 
IBM Smart Business Desktop on the IBM Cloud
IBM Smart Business Desktop on the IBM CloudIBM Smart Business Desktop on the IBM Cloud
IBM Smart Business Desktop on the IBM CloudChris Pepin
 
Communicating Virtualization to Non-IT Audiences
Communicating Virtualization to Non-IT AudiencesCommunicating Virtualization to Non-IT Audiences
Communicating Virtualization to Non-IT AudiencesAkweli Parker
 
The Virtual Desktop Revolution
The Virtual Desktop RevolutionThe Virtual Desktop Revolution
The Virtual Desktop RevolutionYankee Group
 
Does Every Cloud Have Silver Lining?
Does Every Cloud Have Silver Lining?Does Every Cloud Have Silver Lining?
Does Every Cloud Have Silver Lining?Lori Mankin
 
Frontier business systems corporate presentation
Frontier business systems corporate presentationFrontier business systems corporate presentation
Frontier business systems corporate presentationSanthosh Basavarajappa
 
Polysynthetic Data Center Vision v1.2
Polysynthetic Data Center Vision v1.2Polysynthetic Data Center Vision v1.2
Polysynthetic Data Center Vision v1.2Christopher Williams
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet yonifine
 
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...webhostingguy
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Hosted Virtual Desktops and Streamed Applications
Hosted Virtual Desktops and Streamed ApplicationsHosted Virtual Desktops and Streamed Applications
Hosted Virtual Desktops and Streamed ApplicationsPete Valentine
 
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...HKISPA
 
power point Superteamp
power point Superteamppower point Superteamp
power point Superteampvictorferrer98
 
Supertramp school
Supertramp schoolSupertramp school
Supertramp schoolBoulie
 

Weitere ähnliche Inhalte

Was ist angesagt?

Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2contrastcbt
 
Blue Central and the world of End User Computing
Blue Central and the world of End User ComputingBlue Central and the world of End User Computing
Blue Central and the world of End User ComputingBlue Central
 
Microsoft India - System Center Desktop Virtualization Strategy Whitepaper
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft India - System Center Desktop Virtualization Strategy Whitepaper
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft Private Cloud
 
Cloud computing simplified
Cloud computing simplifiedCloud computing simplified
Cloud computing simplifiedjohndorian555
 
Virtual Desktops: How Secure Can They Be?
Virtual Desktops: How Secure Can They Be?Virtual Desktops: How Secure Can They Be?
Virtual Desktops: How Secure Can They Be?Desktone
 
Whitepaper: Connected Office Enterprise
Whitepaper: Connected Office EnterpriseWhitepaper: Connected Office Enterprise
Whitepaper: Connected Office Enterpriseframeworksem
 
ITC Capabilities Brief 2014
ITC Capabilities Brief 2014ITC Capabilities Brief 2014
ITC Capabilities Brief 2014Jeffrey Strobach
 
IBM Smart Business Desktop on the IBM Cloud
IBM Smart Business Desktop on the IBM CloudIBM Smart Business Desktop on the IBM Cloud
IBM Smart Business Desktop on the IBM CloudChris Pepin
 
Communicating Virtualization to Non-IT Audiences
Communicating Virtualization to Non-IT AudiencesCommunicating Virtualization to Non-IT Audiences
Communicating Virtualization to Non-IT AudiencesAkweli Parker
 
The Virtual Desktop Revolution
The Virtual Desktop RevolutionThe Virtual Desktop Revolution
The Virtual Desktop RevolutionYankee Group
 
Does Every Cloud Have Silver Lining?
Does Every Cloud Have Silver Lining?Does Every Cloud Have Silver Lining?
Does Every Cloud Have Silver Lining?Lori Mankin
 
Frontier business systems corporate presentation
Frontier business systems corporate presentationFrontier business systems corporate presentation
Frontier business systems corporate presentationSanthosh Basavarajappa
 
Polysynthetic Data Center Vision v1.2
Polysynthetic Data Center Vision v1.2Polysynthetic Data Center Vision v1.2
Polysynthetic Data Center Vision v1.2Christopher Williams
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet yonifine
 
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...webhostingguy
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Hosted Virtual Desktops and Streamed Applications
Hosted Virtual Desktops and Streamed ApplicationsHosted Virtual Desktops and Streamed Applications
Hosted Virtual Desktops and Streamed ApplicationsPete Valentine
 
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...HKISPA
 

Was ist angesagt? (20)

Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2
 
Blue Central and the world of End User Computing
Blue Central and the world of End User ComputingBlue Central and the world of End User Computing
Blue Central and the world of End User Computing
 
Microsoft India - System Center Desktop Virtualization Strategy Whitepaper
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft India - System Center Desktop Virtualization Strategy Whitepaper
Microsoft India - System Center Desktop Virtualization Strategy Whitepaper
 
Cloud computing simplified
Cloud computing simplifiedCloud computing simplified
Cloud computing simplified
 
Virtual Desktops: How Secure Can They Be?
Virtual Desktops: How Secure Can They Be?Virtual Desktops: How Secure Can They Be?
Virtual Desktops: How Secure Can They Be?
 
Whitepaper: Connected Office Enterprise
Whitepaper: Connected Office EnterpriseWhitepaper: Connected Office Enterprise
Whitepaper: Connected Office Enterprise
 
ITC Capabilities Brief 2014
ITC Capabilities Brief 2014ITC Capabilities Brief 2014
ITC Capabilities Brief 2014
 
IBM Smart Business Desktop on the IBM Cloud
IBM Smart Business Desktop on the IBM CloudIBM Smart Business Desktop on the IBM Cloud
IBM Smart Business Desktop on the IBM Cloud
 
Communicating Virtualization to Non-IT Audiences
Communicating Virtualization to Non-IT AudiencesCommunicating Virtualization to Non-IT Audiences
Communicating Virtualization to Non-IT Audiences
 
The Virtual Desktop Revolution
The Virtual Desktop RevolutionThe Virtual Desktop Revolution
The Virtual Desktop Revolution
 
Does Every Cloud Have Silver Lining?
Does Every Cloud Have Silver Lining?Does Every Cloud Have Silver Lining?
Does Every Cloud Have Silver Lining?
 
Frontier business systems corporate presentation
Frontier business systems corporate presentationFrontier business systems corporate presentation
Frontier business systems corporate presentation
 
Polysynthetic Data Center Vision v1.2
Polysynthetic Data Center Vision v1.2Polysynthetic Data Center Vision v1.2
Polysynthetic Data Center Vision v1.2
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet
 
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
Hosted Virtual Desktops and Streamed Applications
Hosted Virtual Desktops and Streamed ApplicationsHosted Virtual Desktops and Streamed Applications
Hosted Virtual Desktops and Streamed Applications
 
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
Data center 2.0: Cloud computing - opportunities or threats to HK IT by Mr. ...
 

Andere mochten auch

power point Superteamp
power point Superteamppower point Superteamp
power point Superteampvictorferrer98
 
Supertramp school
Supertramp schoolSupertramp school
Supertramp schoolBoulie
 
Thesis Project : BPM for Generali Hellas
Thesis Project : BPM for Generali Hellas Thesis Project : BPM for Generali Hellas
Thesis Project : BPM for Generali Hellas Uni Systems S.M.S.A.
 
Open Day 30 June 2012 - Student Finance
Open Day 30 June 2012 - Student FinanceOpen Day 30 June 2012 - Student Finance
Open Day 30 June 2012 - Student Financegemfromgsy
 
How to Ensure Business Continuity in the Cloud
How to Ensure Business Continuity in the Cloud How to Ensure Business Continuity in the Cloud
How to Ensure Business Continuity in the Cloud Uni Systems S.M.S.A.
 
Agility in Retail Banking: No longer an option
Agility in Retail Banking: No longer an optionAgility in Retail Banking: No longer an option
Agility in Retail Banking: No longer an optionUni Systems S.M.S.A.
 
Mary Curnock Cook
Mary Curnock CookMary Curnock Cook
Mary Curnock Cookgemfromgsy
 
Motor insurance: services telematics based
Motor insurance: services telematics basedMotor insurance: services telematics based
Motor insurance: services telematics basedMatteo Carbone
 
Iconic album covers
Iconic album coversIconic album covers
Iconic album coversTarjauBowen
 
Iconic Rock Album Covers
Iconic Rock Album CoversIconic Rock Album Covers
Iconic Rock Album Coverssmittal
 
The Connected Insurance Observatory
The Connected Insurance ObservatoryThe Connected Insurance Observatory
The Connected Insurance ObservatoryMatteo Carbone
 

Andere mochten auch (12)

power point Superteamp
power point Superteamppower point Superteamp
power point Superteamp
 
Supertramp school
Supertramp schoolSupertramp school
Supertramp school
 
Thesis Project : BPM for Generali Hellas
Thesis Project : BPM for Generali Hellas Thesis Project : BPM for Generali Hellas
Thesis Project : BPM for Generali Hellas
 
Open Day 30 June 2012 - Student Finance
Open Day 30 June 2012 - Student FinanceOpen Day 30 June 2012 - Student Finance
Open Day 30 June 2012 - Student Finance
 
How to Ensure Business Continuity in the Cloud
How to Ensure Business Continuity in the Cloud How to Ensure Business Continuity in the Cloud
How to Ensure Business Continuity in the Cloud
 
Agility in Retail Banking: No longer an option
Agility in Retail Banking: No longer an optionAgility in Retail Banking: No longer an option
Agility in Retail Banking: No longer an option
 
Mary Curnock Cook
Mary Curnock CookMary Curnock Cook
Mary Curnock Cook
 
Motor insurance: services telematics based
Motor insurance: services telematics basedMotor insurance: services telematics based
Motor insurance: services telematics based
 
Iconic album covers
Iconic album coversIconic album covers
Iconic album covers
 
CV_Q3_2016
CV_Q3_2016CV_Q3_2016
CV_Q3_2016
 
Iconic Rock Album Covers
Iconic Rock Album CoversIconic Rock Album Covers
Iconic Rock Album Covers
 
The Connected Insurance Observatory
The Connected Insurance ObservatoryThe Connected Insurance Observatory
The Connected Insurance Observatory
 

Ähnlich wie Secure adn Contained Access for Everybody, at Anytime

DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...Andris Soroka
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copyOracleIDM
 
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Systems, Inc.
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Systems, Inc.
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Systems, Inc.
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santossantosomar
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Securing access inabyod-world-final-ext
Securing access inabyod-world-final-extSecuring access inabyod-world-final-ext
Securing access inabyod-world-final-extOracleIDM
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Stealth solution for healthcare
Stealth solution for healthcareStealth solution for healthcare
Stealth solution for healthcarePeter de Bruijn
 

Ähnlich wie Secure adn Contained Access for Everybody, at Anytime (20)

DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
 
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB Compliance
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA Compliance
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX Compliance
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC Presentation
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity Management
 
Co p
Co pCo p
Co p
 
Securing access inabyod-world-final-ext
Securing access inabyod-world-final-extSecuring access inabyod-world-final-ext
Securing access inabyod-world-final-ext
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Co p
Co pCo p
Co p
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Stealth solution for healthcare
Stealth solution for healthcareStealth solution for healthcare
Stealth solution for healthcare
 

Mehr von Uni Systems S.M.S.A.

Uni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptxUni Systems S.M.S.A.
 
Microsoft Fabric Intro D Koutsanastasis
Microsoft Fabric Intro D KoutsanastasisMicrosoft Fabric Intro D Koutsanastasis
Microsoft Fabric Intro D KoutsanastasisUni Systems S.M.S.A.
 
Create Unique Experiences through a CRM Approach St Kontos
Create Unique Experiences through a CRM Approach St Kontos Create Unique Experiences through a CRM Approach St Kontos
Create Unique Experiences through a CRM Approach St Kontos Uni Systems S.M.S.A.
 
Bring your data to the era of AI D. Agagiotis.pdf
Bring your data to the era of AI D. Agagiotis.pdfBring your data to the era of AI D. Agagiotis.pdf
Bring your data to the era of AI D. Agagiotis.pdfUni Systems S.M.S.A.
 
Innovative approaches with AI, Data Analytics & CRM
Innovative approaches with AI, Data Analytics & CRMInnovative approaches with AI, Data Analytics & CRM
Innovative approaches with AI, Data Analytics & CRMUni Systems S.M.S.A.
 
Change the Business Landscape with Voice of Customer.pdf
Change the Business Landscape with Voice of Customer.pdfChange the Business Landscape with Voice of Customer.pdf
Change the Business Landscape with Voice of Customer.pdfUni Systems S.M.S.A.
 
Change the Business Landscape with Voice of Customer
Change the Business Landscape with Voice of CustomerChange the Business Landscape with Voice of Customer
Change the Business Landscape with Voice of CustomerUni Systems S.M.S.A.
 
The Evolution in Customer Experience: Migration to Cloud for Contact Center
The Evolution in Customer Experience: Migration to Cloud for Contact CenterThe Evolution in Customer Experience: Migration to Cloud for Contact Center
The Evolution in Customer Experience: Migration to Cloud for Contact CenterUni Systems S.M.S.A.
 
The Evolution of Customer Experience
The Evolution of Customer Experience The Evolution of Customer Experience
The Evolution of Customer Experience Uni Systems S.M.S.A.
 
Using cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformationUsing cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformationUni Systems S.M.S.A.
 

Mehr von Uni Systems S.M.S.A. (20)

Microsoft Power Platform.pptx
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
 
Uni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
 
D365 Demonstration CRM G Aspiotis
D365 Demonstration CRM G AspiotisD365 Demonstration CRM G Aspiotis
D365 Demonstration CRM G Aspiotis
 
AI pitch SSideri
AI pitch SSideri AI pitch SSideri
AI pitch SSideri
 
Microsoft Fabric Intro D Koutsanastasis
Microsoft Fabric Intro D KoutsanastasisMicrosoft Fabric Intro D Koutsanastasis
Microsoft Fabric Intro D Koutsanastasis
 
Create Unique Experiences through a CRM Approach St Kontos
Create Unique Experiences through a CRM Approach St Kontos Create Unique Experiences through a CRM Approach St Kontos
Create Unique Experiences through a CRM Approach St Kontos
 
Bridging The Gap D Karystinos
Bridging The Gap D Karystinos Bridging The Gap D Karystinos
Bridging The Gap D Karystinos
 
Bring your data to the era of AI D. Agagiotis.pdf
Bring your data to the era of AI D. Agagiotis.pdfBring your data to the era of AI D. Agagiotis.pdf
Bring your data to the era of AI D. Agagiotis.pdf
 
How AI Transforms Businesses
How AI Transforms BusinessesHow AI Transforms Businesses
How AI Transforms Businesses
 
Innovative approaches with AI, Data Analytics & CRM
Innovative approaches with AI, Data Analytics & CRMInnovative approaches with AI, Data Analytics & CRM
Innovative approaches with AI, Data Analytics & CRM
 
Medallia VoC in action .pdf
Medallia VoC in action .pdfMedallia VoC in action .pdf
Medallia VoC in action .pdf
 
CX Powered by Uni Systems.pdf
CX Powered by Uni Systems.pdfCX Powered by Uni Systems.pdf
CX Powered by Uni Systems.pdf
 
Change the Business Landscape with Voice of Customer.pdf
Change the Business Landscape with Voice of Customer.pdfChange the Business Landscape with Voice of Customer.pdf
Change the Business Landscape with Voice of Customer.pdf
 
CX Powered by Uni Systems
CX Powered by Uni SystemsCX Powered by Uni Systems
CX Powered by Uni Systems
 
Change the Business Landscape with Voice of Customer
Change the Business Landscape with Voice of CustomerChange the Business Landscape with Voice of Customer
Change the Business Landscape with Voice of Customer
 
Medallia VoC in action
Medallia VoC in actionMedallia VoC in action
Medallia VoC in action
 
The Evolution in Customer Experience: Migration to Cloud for Contact Center
The Evolution in Customer Experience: Migration to Cloud for Contact CenterThe Evolution in Customer Experience: Migration to Cloud for Contact Center
The Evolution in Customer Experience: Migration to Cloud for Contact Center
 
The Evolution of Customer Experience
The Evolution of Customer Experience The Evolution of Customer Experience
The Evolution of Customer Experience
 
Using cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformationUsing cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformation
 
Microsoft: Invent with Purpose
Microsoft: Invent with PurposeMicrosoft: Invent with Purpose
Microsoft: Invent with Purpose
 

Secure adn Contained Access for Everybody, at Anytime

  • 1. Secure and Contained Access for Everybody, at Anytime Anastasios Moustakis, Senior Solution Architect Uni Systems Copyright 2013 1
  • 2. Agenda • The Challenging Environment of Secure Access • Security Trends, User & IT Requirements • Uni Systems Secure Access Solution Overview • Implementation Approach • Success Stories
  • 3. 1.3 Billion Mobile workers by 2015 Mobile Worker Population – IDC, Jan 2012
  • 4. C-Suite 42% The top 3 groups driving support for non-standard devices VPs & Directors 43% are in management Managers 27% Consumerization of IT Study. April 2011, IDC
  • 5. “How many “How many days a different computing devices week on average do you do you use on a daily basis?” work outside the office?” Family PC | Work PC | Personal Laptop | Tablet | Smartphone 42% 0 21% 34% 1-2 52% 16% 3-4 15% 6% 2% 5 12% 1 2 3 4 5+ Global BYOD Index - Survey of Corporate Employees February 2011, Citrix Systems
  • 7. User Needs Freedom to access all their apps and data from any of their devices
  • 8. For Enterprise IT, any device access, presents big challenges
  • 9. IT Needs to meet security and compliance requirements
  • 10. But the needs of users and IT must be balanced
  • 11. “Privileged Insiders” are granted more trust
  • 12. Who are “Privileged Insiders” Well Controlled Not So Much? Mobile/Any device Highly Trusted Business Highly Trusted IT Users: Users Systems, Database, Network Administrators
  • 13. The Changing Security Landscape • Redefining the Perimeter • New Trust Model Needed • Spearfishing Attacks Targeting Privileged Users • Increasingly Stringent Compliance and Audit Requirements “The biggest issue facing information security professionals is that our traditional trust model is broken.” Forrester Research
  • 14. Frequency & Cost of Insider Breaches 30 % of large enterprise customers experienced a malicious insider breach Average days to resolve Source: Second Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies (Ponemon Institute, 2011) 14
  • 15. Challenges for Secure Access • Increasing Compliance, Audit Requirements and Security Mandates • Changing Trust Model • 3rd Party and Employees - No differentiation • Remote or Internal and Mobility- Disappearing perimeter – “Remote” an obsolete term • User and Asset / System Policy - Policy does not intersect • Movement to Centralized Computing • Operational Efficiency and Reduced Cost • Virtualized Servers/Desktops, Cloud - Landscape Change
  • 16. Traditional Solutions have Limitations Issues NW focus, not user/app level access Firewalls control VPNs + Jump Box Hard to audit, difficult to manage Complicated ACLs, NW Layer Only Routers End-user focused Active Directory No inside access control, containment NAC Risks are amplified Virtual Desktop SIEM/Log Mgmt Reactive, lacks data for privileged “insider”
  • 17. Uni Systems answer: “Zero Trust” via Layered Protection Attributed Use of Shared Privileged Account Leapfrog Prevention Session Monitoring/Recording Command Filtering Whitelist/Blacklist White List/ Least Privilege Access Positively ID The User Vault Server A: Tamper-proof ID: abc123 Log PW: xyz$21 Server B: Complete Activity Logging ID: cde234 Policy Violation Logging with DVR-Like Playback and Skip PW:eie10$
  • 18. Solution Scope • Provision of a System that will offer: • Configurable, • Secure, • Recordable, and • Fully Controllable • Secure Local & Remote or Mobile Access for: • Privileged Users, (internal or 3rd party) • Employees and • Business Partners 18
  • 19. Solution Essential Capabilities (1/2) • Enforce fine-grained Access Control on different type of users • Configurable multi-level authentication with time-based access rights • Protect applications and expose only the presentation layer • Contain privileged users to authorized resources and prevent leapfrogging 19
  • 20. Solution Essential Capabilities (2/2) • Protect data and prevent leakage • Generate a detailed Audit Trail for proof of compliance and investigations • Record access sessions – video & CLI recording • Protect privileged user and application passwords • Eliminate the use of shared passwords for administrative accounts 20
  • 21. Solution Architecture User Zone Secure Access Component Zone Trusted and Protected Zone Internal/External/Mobile SSO, Password and 7 Internal Protected User Device 10 Shared Account Password Systems 1 Management Vault Any Device 8 Gateway Application / 3 Access Session and ICA Client User, Session- Control Desktop 2 based access USB Boot Desktop (SSL, Proxy Access control & DLP USB Secure Web (ICA)) 4 Browser Portal Web Video-like and CLI 5 Leapfrog prevention Interface Logging and Sandboxed Apps Sessions Recording Certificate Token Endpoint Token User Report & 11 Management Infrastructure Repository Workflow Desktop, Thin (MDM, USB (Hard, SMS) (A.D.) 6 db Server, Storage, Network, S Boot, Isolated client, Laptop, Mobile Browser) Workflow & Report Engine 9 ecurity Devices, Device, Smartphone 21
  • 22. Vendors Internal/External/Mobile SSO, Password and Internal Protected User Device Shared Account Password Systems Management Vault Any Device Gateway Application / Access Session and ICA Client User, Session- Control (SSL, Desktop based access USB Boot Desktop Proxy (ICA)) Access control & DLP Token Portal Web Video-like and CLI Leapfrog USB Secure Web Interface Logging and prevention Browser Sessions Recording Certificate Sandboxed Apps Endpoint Token User Report & Management Infrastructure Repository Workflow (MDM, USB (Hard, SMS) (A.D.) db Desktop, Thin Boot, Isolated Server, Storage, Network, client, Laptop, Mobile Browser) Workflow & Report Engine Security Devices, Device, Smartphone 22
  • 23. Implementation Approach (1/2) • Systems Integration Project • Modular Architecture • Based on: • Type of users – 3rd party privileged users, Business partners, Internal Administrators • Type and Number of internal protected systems • Type and Number of Services required (Applications, Desktops, Resources) • Type and Number of Endpoint Device usage • Integration points with existing systems (Workflow, Helpdesk, etc)
  • 24. Implementation Approach (2/2) • Specific Methodology: • Analysis Phase: • Infrastructure Assessment and Readiness Evaluation • Proof of Concept • User Requirements – Application, Services, Resources, Policies • Design Phase: Infrastructure Design, Policies • Build & Test Phase • Roll-out Phase
  • 25. Secure Access Solution with Uni Systems The proven expertise and practical guidance needed for success Assess Design Deploy Devices Documented solution design Training Apps - Services Hardware and infrastructure Independent analysis/ verification Mobility - BYOD Operations and support Pilot Security Test and QA
  • 26. Success Stories : TOP Telecom Provider Problem: Answer: • Consolidate & grant secure access to • Centralize access control across critical 3rd Party Administrators users with distinct missions • Different method of access • Ensure contained and auditable access • Points of Vulnerability • Meet federal compliance requirements • Absence of uniform management • Workflow driven operation Results: • Control over privileged users and critical infrastructure and assets • Tight control over who gets access to what, when and for how long • Contain users to authorized systems only • Audit quality logging for compliance “With the Uni Systems Secure Remote Access Solution we have an all-in-one solution for these higher risk users which gives us the peace of mind that we are meeting our objectives to safeguard our network and the sensitive information it contains.” Security Expert at Telecom Provider 26
  • 27. Success Stories : Top Financial Institute Problem: Provide secure access to hundreds of remote developers, administrators and auditors – no containment of users to authorized resources – IT resource intensive, cumbersome and ineffective access controls – no audit trail or ability to match controls to specific users Results: A unified, easy to manage solution – hundreds of business critical 3rd parties now granted secure, controlled access – increased operational efficiency with a single solution – provided an audit trail for internal security requirements and external compliance mandates “What is so special about you --- ‘containment, containment, containment.’” VP Security officer, Top Financial Institution
  • 28. Uni Systems empowering Secure Access of the future With the mobility and agility users need today
  • 29. Thank you! www.unisystems.com

Hinweis der Redaktion

  1. Intro: They are part of what could be referred to as the mobile workforce revolution, and that revolution is occurring as we speak.. Key Points:IDC has noted expectations that we’ll see 1.3 billion mobile workers by 2015, accounting for close to 40% of the entire global workforce. (37.2% of the workforce.) (Are there data points more specific to executive adoption/use—numbers, growth rates?)Transition:So why execs? Because they are the ones driving this revolution 
  2. Intro: Research proves that executives are the force of change. Key Points:Execs and managers are the ones driving organizations to adopt non-standard devices, because they are seeing the value in their own lives now. Illustration/Anecdotes/Proof: We’ve seen this at Citrix. Our own CEO Mark Templeton has pushed for this type of mobility because he is on the go all the time and he needs to stay productive.Transition: While supporting all mobile workers is important for the business, our view is that you need to make the requirements of your highest impact employees an immediate priority. Here’s why..
  3. Intro: Here are some data points that demonstrate how quickly things are moving. Key Points:First, the sheer number of devices that employees use is exploding. Nearly two-thirds of workers use 3 or more separate devices every day, and the number keeps growing. And the device types employees are demanding are changing rapidly as well, from the old expectation of work PCs, to the demand for access from home computers, to today’s reality of more workers wanting to work more effectively using their mobile devices and tablets.Then there is the shift of work time away from the office. Increasingly, the borders of “work time” and “work place” are disappearing. Employees want and need the ability to do their work at the times and places of their choosing. Today, almost 80% of the workforce must work outside of the office at least 1 day or more per week.Illustration/Anecdotes/Proof: (Prompt a discussion of examples of different user groups that can be more productive and efficient when they have the devices they need and they can work from wherever… sales teams, executives, doctors, attorneys, etc.)Transition: But we at Citrix recognize that adapting to these fundamental shifts is truly challenging for a CIO and an IT department.
  4. First and foremost, let’s take a look at the current state of mobile from the end users perspective. I don’t care if you’re in engineering, IT, sales, or finance, I think most people can relate to this picture. Don’t get me wrong, we’ve come a long way from being dependent on a desktop or laptop for every task, but at times it feels like you need a decision tree or decoder ring to know exactly which device you’ll need to have in order to accomplish a specific tasks. The truth is that only the thrill seekers are going to take the chance of bringing just their tablet along for a business trip. Most of us are still going to haul the laptop along just in case.
  5. And so users are still on the quest for the freedom to access all their apps and data from any of their devices. They want to feel confident that they can experience work and life their way.
  6. Now, things change a bit if you’re in IT. For as much as they’d like to deliver on this promise, mobile presents some big challenges. Multiple mobile operating systems, multiple platforms along with a whole new universe of applications to understand and contend with. And that’s just part of it…
  7. IT is still beholden to the same security and compliance requirements that they had before all of these new devices and apps were introduces. The reality is that mobile just makes things harder. For starters, it’s just easier to lose or get these devices stolen. In fact, 70 million smartphones were lost or stolen in 2011 alone and only 7% of those devices were recovered*. And if just one of those devices leads to a data breach, you’re looking at an average of $7.2 million in recovery costs**. From a compliance perspective, IT now has to consider device ownership and privacy laws in different countries, not to mention the regulatory requirements that get introduced in certain vertical markets.*February 10, 2012, Tabtimes.com, Doug Drinkwater** Morgan Stanley Market Trends
  8. Now if just one of these perspectives were pertinent we wouldn’t really be having this discussion, would we? No. We must balance the needs of security and compliance along while giving users the freedom they need to experience work and life in harmony.
  9. All users are not created equal. Some of your users are granted significantly more trust.
  10. There are basically two classes of “Privileged Users” – Privileged Business Users and Privileged IT UsersHistorically, businesses have implemented a set of policy, process and application level controls to mitigate the risk posed by trusted business users. For example there are policies for background checks, and requirement for two signatures financial transactions over a certain threshold amount, etc.Unfortunately in many cases the Privileged IT users have not received the attention they deserve – especially since they often have unfettered and even anonymous access to network devices holding your critical data assets.
  11. Redefining the PerimeterThe old school M&M security model (hard on the outside and soft in the center) is dead. The classic security perimeter concept is dying as “anywhere network access” and mobile device access becomes the new norm. Enterprises are implementing a defense in depth strategy.New Trust Model NeededDefense in depth is fine but new business realities requires enterprises to revise their trust models.WikiLeaks made it abundantly clear that organizations must pay attention to the trust and associated access granted to “privileged insiders”. In addition to employees, there are many new “privileged insiders”. New business models have introduced “trusted” third parties while changes in IT support models have introduced contractors, consultants, vendors, outsourcers and managed service providers to the list of “privilege insiders”.Spearfishing Attacks Targeting Privileged UsersHackers are specifically targeting employees with privileged account access – spearfishing attacks are often aimed at uncovering administrative passwords that allow attackers to gain a significant foothold in the network, avoid detection and cover their tracksIncreasingly Stringent Compliance and Audit RequirementsAs a result of WikiLeaks and other notable insider breeches, regulators and auditors are paying attention and requiring: Proactive controls be required for privileged accounts and passwordsThat privileged user activities are connected to individuals (not shared admin account passwords)Continuous monitoring for users who access critical infrastructure and/or sensitive/regulated dataThe ability to easily prove compliance with these requirements is of paramount importance to resource strapped IT security organizations
  12. Insider threat remains a clear and present danger while the ramifications of an insider breach are expensive.In a 2011 Study or large enterprises by the Ponemon Institute, 30% of the organizations experienced an attack from a “Malicious Insider”While the “Malicious Insider” breaches were not the most common attack these organizations experienced they were the most costly and time consuming breaches to resolve – bottom chart – taking on average over 45 days to remedy. This only accounts for the very direct cost of investigating/cleaning up for a breach. It does not include direct financial loss or fines associated with the breach. It also does not factor in other soft costs such as the cost of a tarnished brand and loss of reputation.
  13. There are alternatives Do It Yourself methods organizations have used to address privileged user threat. The chart lists technologies that some of our customers have tried to leverage alone or in conjunction with one another. None of provides the full set of essential capabilities required to mitigate this threat. These are all partial solutions. Even when knit together it is not a comprehensive solution and it become a very expensive method of controlling privileged user access and providing the proof to auditors that you are protecting key data from “privileged insiders” threat.We have multiple examples of this, but one large financial services customer – as noted in the quote – made a real attempt to cobble together multiple technologies to address this risk but it was expensive, unmanageable and did not cover everything they needed.
  14. This simplified use case example details the essential controls Unisystems Secure Remote Access Delivery Services provides to mitigate the threat privileged insiders pose.In this scenario an IT employee requires access to the server to perform some maintenance.Explain each control:Vault Passwords – The first step is to change and vault critical passwords (so they don’t show up in spreadsheets) and so privileged users no longer have direct and uncontrolled access to devicesPositively ID User – Employee logs onto Unisystems Secure Remote Access forcing a positive user identification – Our solution supports integration with directories, single-sign-on and two factor ID systemsWhite List/Least Privileged Access – the employee is presented a list of ONLY the servers and network devices they are explicitly authorized to accessCommand Filtering – the commands the employee is enabled to perform can be constrained as requiredSession Monitoring/Recording – all activities are logged and the policy can be set to record the full sessionLeapfrog Prevention – prevent the user from jumping from the authorized device to unauthorized devices.Attributed Use of Shared Privileged Account – even thought the user may be logged in as “root” our solution knows which user was logged in.Complete Activity Logging - all of this activity is logged in a tamper proof log database – Session recordings can be viewed liked a DVR like skip ahead to policy violations.
  15. These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
  16. These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
  17. These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
  18. These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
  19. These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
  20. Intro: Citrix has the proven expertise and best practices to help you work through these considerations.Key Points:Citrix has the proven expertise and best practices to help you work through these considerations.And we can help you assess, design and deploy an exec mobility solution that will meet the requirements of your most challenging users, helping you think through:Assess: We’ll help you as you to do an assessment thedevices,apps, mobility and security requirements of your mobile execs. With this, we can help define a technology roadmap.Design:Citrix can also help put together a well-documented design that allows you to install, configure and build a solution that leverages your organization’s infrastructure. To do this, you need to be thinking about what hardware and infrastructure is required and what can you leverage, etc, what’s the operations and support design, such as SLAs, Staff required, support agreements required, etc.. And we can design for Test & QA, making sure that Scalability,Performance,Security,Functionality,Usability and Interoperability are covered.Deploy: And lastly, we can help you build, test and rollout a solution in an effectivemanner to ensure that back-end systems and processes are there. This includes User Training / Education / How To guidance, independent analysis & verification of the design implementation, a pilot, and a phased rollout. Transition: We also built the content to help you go through your executive mobility journey…
  21. Intro: The way Citrix looks at executive mobility is this…Key Points:Mobility helps high-value professionals to put their skills and creativity to work more effectively, in more ways, to achieve the best results for the business. Citrix executive mobility solutions empower executives of the future with the mobility they need today with:Wherever, whenever productivityThe best device in any scenarioFace-to-face contact across the globe andHealthier work-life balanceWrap-Up the Presentation: Establish clear next steps and objective of the next meeting.Who is in the room and who is not in the room? Who can serve as a sponsor or be the influencers? Who is it that is most interested?Would they be interested in an assessment – come in to understand their requirements in more detail (devices, users, apps, etc)Technical presentation – other people not there who need to delve into the details of any of the products?POC?Meeting – higher-level group – maybe do a demo in the technologyBring this brochure back to them and see if we can get into another meeting to show them the technology in action.
  22. Intro: The way Citrix looks at executive mobility is this…Key Points:Mobility helps high-value professionals to put their skills and creativity to work more effectively, in more ways, to achieve the best results for the business. Citrix executive mobility solutions empower executives of the future with the mobility they need today with:Wherever, whenever productivityThe best device in any scenarioFace-to-face contact across the globe andHealthier work-life balanceWrap-Up the Presentation: Establish clear next steps and objective of the next meeting.Who is in the room and who is not in the room? Who can serve as a sponsor or be the influencers? Who is it that is most interested?Would they be interested in an assessment – come in to understand their requirements in more detail (devices, users, apps, etc)Technical presentation – other people not there who need to delve into the details of any of the products?POC?Meeting – higher-level group – maybe do a demo in the technologyBring this brochure back to them and see if we can get into another meeting to show them the technology in action.