SlideShare ist ein Scribd-Unternehmen logo

Sw keynote

G
gueste69f645

Oracle Security Inside Out Cost-Effective Security and Compliance Steve Wainwright Senior Director Information Security UK, Ireland & Israel

Technologie
1 von 30
<Insert Picture Here> Security Inside Out Cost-Effective Security and Compliance Steve Wainwright Senior Director Information Security UK, Ireland & Israel
More data than ever… Growth Doubles Yearly 1,800 Exabytes 2006 2011 Source: IDC, 2008 Oracle Confidential 3
More breaches than ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 400 300 630% Increase 200 100 Total Personally Identifying Information Records Exposed 0 (Millions) 2005 2006 2007 2008 Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach Source: DataLossDB, Ponemon Institute, 2009 Oracle Confidential 4
More threats than ever… 70% attacks originate inside the firewall 90% attacks perpetrated by employees with privileged access Oracle Confidential 5
More regulations than ever… • Federal, state, local, industry…adding more mandates every year! • Need to meet AND demonstrate compliance • Compliance costs are unsustainable ? Report and audit 90% Companies behind in compliance Source: IT Policy Compliance Group, 2007.
Higher Costs Than Ever… • User Management Costs • User Productivity Costs • Compliance & Remediation Costs • Security Breach Remediation Costs $ It Adds Up
Market Overview: IT Security In 2009 Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations. 8
Information Landscape Big Picture The “Wild” Perimeter Internal Resource 9
The Information World Has Changed Organised crime Identity Theft Online Fraud Terrorism Insider Threats Economic Climate Regulatory Pressures Phone, internet and mail order fraud is up 37% on 2006 to £290m in the UK
Business Drivers Reasons for Investment in Security • Cost reduction • Compliance to regulations • Improved customer experience • Protect organisation for reputation damage • Increase agility and enter new markets • Increase competitive advantage • Improved efficiencies • Make security transparent • Improved collaborative working Source: Security Café Workshop at InfoSec 2009 11
How does security align? i 12
Security Framework Domain Approach Physical Security Control Client Perimeter and Security Security Management Access Management Infrastructure Security Employee Resources Documents/Data Applications/Processes Customers Resource Security Partners Security Standards and Policies Process Audit and Report 13
Security - Layered Defence The need for a joined up approach • Identity Administration Access • Access Enforcement • Application/Process Security Application • Data Security • Infrastructure Security Data • Physical Security 14
The Reality of Cloud Computing © 2009 Oracle – Proprietary and Confidential 15
Key Barriers to Cloud Computing 74% 74% rate cloud security issues as “very significant” Source: IDC • Security • Compliance • Control © 2009 Oracle – Proprietary and Confidential 16
Cloud Security Challenges Private Hybrid Public Cloud Cloud Cloud • IT agility • Interoperability • Data breaches • B2B • User • Multi-tenancy collaboration experience • Data location • Access control • Workload complexity • Compliance portability • Privileged user access © 2009 Oracle – Proprietary and Confidential 17
Security with Oracle Cloud Platform Application 1 Application 2 Application 3 Platform as a Service Cloud Management Oracle Enterprise Manager Shared Services Configuration Mgmt: Integration: Process Mgmt: Security: User Interaction: Assembly Builder, SOA Suite BPM Suite Identity Mgmt WebCenter Capacity & Consolidation Planning Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Automation: Self-Service Provisioning, Database Grid: Oracle Database, RAC, ASM, Partitioning, Policy-Based Resource IMDB Cache, Active Data Guard, Database Security Scheduling, Metering Application Performance Infrastructure as a Service Management: RUEI, SLA Management, Operating Systems: Oracle Enterprise Linux Monitoring, Diagnostics Virtualization: Oracle VM Application Quality Servers Management: Testing, Storage Patch Management © 2009 Oracle – Proprietary and Confidential 18
Service-Oriented Security Identity Services for the Cloud Oracle Identity Management Identity Directory Role Management Authentication Authorization Federation Administration Services Web Services Web Services Web Services Oracle Apps 3rd Party/Custom Apps Cloud Service Providers • Discrete, easily consumable security services • Rapid application security, improved IT agility • Security seamlessly woven into applications © 2009 Oracle – Proprietary and Confidential 19
Identity Management Considerations in the Public Cloud IAM Service Provider Business Service Provider Identity Identity Identity Identity Admin Assurance Assurance Admin Business Service Consumer Identity Identity Federation Assurance • User lifecycle management • Federated authentication • Fraud prevention and risk mitigation © 2009 Oracle – Proprietary and Confidential 20
Security Framework The value of this approach Principles Benefits • Ensure Principle of “Security First” • Creates agility to meet changing threat • Built-in not Bolt-on Security landscapes and create new models • Enforce controls • Leads to re-useable patterns • Improved management • Provides joined up protection against • Holistic not silo solutions data loss, fraud and theft • Platform for agility and flexibility • Achieves greater compliance for lower cost • Creates better customer experience • Builds “trusted” brand 21
Oracle Security Inside Out Database Security • Encryption and Masking • Privileged User Controls • Multi-Factor Authorization • Activity Monitoring and Audit • Secure Configuration Identity Management • User Provisioning • Role Management • Entitlements Management Information • Risk-Based Access Control Infrastructure • Virtual Directories Databases Information Rights Applications Management Content • Centralized document access control • Digital shredding • Document Activity Monitoring and Audit Oracle Confidential 22
Complete, Open, Integrated Systems • Engineered to work together • Tested together • Certified together • Packaged together • Deployed together • Upgraded together • Managed together • Supported together
Together, We Will Spend $4.3 Billion In R&D In Our First Full Fiscal Year $4.3 R&D Spending USD $Bs $2.7 $2.8 $2.2 $1.9 $1.5 FY05 FY06 FY07 FY08 FY09 … FY11
Industry specific cover image Telco X Identity Management Assessment Oracle Insight Report - Issue 1.0 January 28th 2009 Rob McManus Insight Programme Director, Technology Solutions & Channels Jason Rees Insight Programme Director, Technology Solutions & Channels
Oracle Recommendations – Flight Path Governance User Management Access Management & Architecture Data Increase OpCo adoption Management Implement new Web Access Mgt Increase number of integrated applications IdM Service Management Virtual directory Authorisation & technologies Authentication Management Automation of Enterprise SSO Standards for Rules and application Workflows integration Role Management Principles and Standards Strong Implement Authentication New IdM Replacement of Audit & hardware tokens Institute Reporting Governanc e Board Automate re-certification and Attestation Timescale 1-6 months 6-12 months Year 2 26
Prioritisation of IdM Capability Areas “SECONDARY “TARGETS” TARGETS”   User Management  Audit & Reporting High   Governance  Access Management Primary Focus  Architecture PRIORITY LEVEL Medium Secondary Focus  Authorisation Management   Authentication Management “LONGER TERM” Future Phases Low Performed Planned and Well Mature Industry Locally Tracked Defined Leading OPERATING PERFORMANCE 27
Investment in IdM Should Produce Strong Value for Telco X Oracle Estimates an ROI of 410% based on Conservative Case, Payback in 16 months 5 Year Net Present Value: £12 million £14,000,000 £12,329,802 £12,000,000 £10,000,000 Benefits Achieved £8,654,465 £8,000,000 Total Costs £6,000,000 £4,391,073 £4,000,000 Accumulated discounted cash flow (NPV) £2,000,000 £1,174,242 £0 Year -£639,858 1 Year 2 Year 3 Year 4 Year 5 -£2,000,000 -£4,000,000 Source: Discovery workshops; data provided; Oracle analysis Note: Implementation costs are very approximate at this early stage; discount rate used is 16%; costs do not include all relevant non- Oracle items, e.g. internal Telco Ximplementation costs, hardware costs and training costs; benefits do not include productivity gains 28 28
Benefits of Oracle’s Recommendation Benefit Area/Driver Type FINANCIAL IMPACT Conservative Pragmatic Aggressive 1a. Increase productivity of new hires Productivity £1,239,854 £1,859,781 £2,479,708 1b. Reduce Joiner Administrative effort for Line Managers Productivity £929,891 £1,859,781 £2,789,672 1c. Employee searches Productivity £290,591 £348,709 £406,827 1d. Fewer systems to update Productivity £1,210,795 £2,421,590 £3,632,385 2a. Reduction in Help Desk administration costs for account requests Headcount £1,832,727 £2,618,182 £3,403,636 2b. Incremental Productivity - reduced password reset calls to helpdesk Productivity £6,974,179 £11,623,632 £16,273,085 2c. Reduction in Help Desk Administration costs - Password Resets Headcount £1,846,154 £3,000,000 £3,692,308 3a. Reduction in Administrative Labour Costs for Certification Headcount £660,000 £1,100,000 £1,540,000 3b. Reduction in Attestation Review Effort Headcount £651,375 £1,085,625 £1,519,875 3c. Reduction in Audit Remediation Costs Headcount £250,000 £250,000 £250,000 3e. Replace Hardware Tokens Saving £120,000 £120,000 £120,000 4a. Cost of assisting staff present and past following loss of personal data Saving £337,500 £675,000 £1,012,500 4b. Fraud Avoidance and Reduction Saving £500,000 £500,000 £500,000 4c. Application development savings Saving £1,250,000 £3,000,000 £4,000,000 Total £18,093,066 £30,462,301 £41,619,997 Note 1: Potential annual benefits Note 2: Based on Oracle experiences, analyst reports and information gained through interviews with Telco X Note 3: Includes Productivity savings which have been removed from ROI calculation overleaf 29 29
Complete Open Integrated AND Secure!

Empfohlen

Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Cana Ko
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnualfinance40
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 

Empfohlen

Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Cana Ko
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnualfinance40
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...IBM Sverige
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTARJeroen Mengerink
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture FrameworkMohamed Ridha CHEBBI, CISSP
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise CloudIndu Kodukula
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Appsec Introduction
Appsec IntroductionAppsec Introduction
Appsec IntroductionMohamed Ridha CHEBBI, CISSP
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Managed Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsManaged Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsTony Zirnoon, CISSP
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSmart Grid Interoperability Panel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...IBM Sverige
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTARJeroen Mengerink
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise CloudIndu Kodukula
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 

Was ist angesagt? (20)

Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTAR
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del Datacenter
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise Cloud
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Appsec Introduction
Appsec IntroductionAppsec Introduction
Appsec Introduction
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 

Andere mochten auch

Managed Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsManaged Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsTony Zirnoon, CISSP
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderCSI Solutions
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Global Business Events
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationScott Gombar
 
Normas y códigos éticos informáticos
Normas y códigos éticos informáticosNormas y códigos éticos informáticos
Normas y códigos éticos informáticosSonia
 

Andere mochten auch (12)

Managed Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsManaged Security Service and Cloud Solutions
Managed Security Service and Cloud Solutions
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from Symantec
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services Presentation
 
Normas y códigos éticos informáticos
Normas y códigos éticos informáticosNormas y códigos éticos informáticos
Normas y códigos éticos informáticos
 
Vogue
VogueVogue
Vogue
 
5 kesalahan
5 kesalahan5 kesalahan
5 kesalahan
 

Ähnlich wie Sw keynote

Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Avirot Mitamura
 
Data security in a big data environment sweden
Data security in a big data environment swedenData security in a big data environment sweden
Data security in a big data environment swedenIBM Sverige
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 

Ähnlich wie Sw keynote (20)

On Demand Cloud Services Coury
On Demand Cloud Services CouryOn Demand Cloud Services Coury
On Demand Cloud Services Coury
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
 
Data security in a big data environment sweden
Data security in a big data environment swedenData security in a big data environment sweden
Data security in a big data environment sweden
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
 
Agama Profile
Agama ProfileAgama Profile
Agama Profile
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 

Kürzlich hochgeladen

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Kürzlich hochgeladen (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Sw keynote

  • 1.
  • 2. <Insert Picture Here> Security Inside Out Cost-Effective Security and Compliance Steve Wainwright Senior Director Information Security UK, Ireland & Israel
  • 3. More data than ever… Growth Doubles Yearly 1,800 Exabytes 2006 2011 Source: IDC, 2008 Oracle Confidential 3
  • 4. More breaches than ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 400 300 630% Increase 200 100 Total Personally Identifying Information Records Exposed 0 (Millions) 2005 2006 2007 2008 Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach Source: DataLossDB, Ponemon Institute, 2009 Oracle Confidential 4
  • 5. More threats than ever… 70% attacks originate inside the firewall 90% attacks perpetrated by employees with privileged access Oracle Confidential 5
  • 6. More regulations than ever… • Federal, state, local, industry…adding more mandates every year! • Need to meet AND demonstrate compliance • Compliance costs are unsustainable ? Report and audit 90% Companies behind in compliance Source: IT Policy Compliance Group, 2007.
  • 7. Higher Costs Than Ever… • User Management Costs • User Productivity Costs • Compliance & Remediation Costs • Security Breach Remediation Costs $ It Adds Up
  • 8. Market Overview: IT Security In 2009 Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations. 8
  • 9. Information Landscape Big Picture The “Wild” Perimeter Internal Resource 9
  • 10. The Information World Has Changed Organised crime Identity Theft Online Fraud Terrorism Insider Threats Economic Climate Regulatory Pressures Phone, internet and mail order fraud is up 37% on 2006 to £290m in the UK
  • 11. Business Drivers Reasons for Investment in Security • Cost reduction • Compliance to regulations • Improved customer experience • Protect organisation for reputation damage • Increase agility and enter new markets • Increase competitive advantage • Improved efficiencies • Make security transparent • Improved collaborative working Source: Security Café Workshop at InfoSec 2009 11
  • 12. How does security align? i 12
  • 13. Security Framework Domain Approach Physical Security Control Client Perimeter and Security Security Management Access Management Infrastructure Security Employee Resources Documents/Data Applications/Processes Customers Resource Security Partners Security Standards and Policies Process Audit and Report 13
  • 14. Security - Layered Defence The need for a joined up approach • Identity Administration Access • Access Enforcement • Application/Process Security Application • Data Security • Infrastructure Security Data • Physical Security 14
  • 15. The Reality of Cloud Computing © 2009 Oracle – Proprietary and Confidential 15
  • 16. Key Barriers to Cloud Computing 74% 74% rate cloud security issues as “very significant” Source: IDC • Security • Compliance • Control © 2009 Oracle – Proprietary and Confidential 16
  • 17. Cloud Security Challenges Private Hybrid Public Cloud Cloud Cloud • IT agility • Interoperability • Data breaches • B2B • User • Multi-tenancy collaboration experience • Data location • Access control • Workload complexity • Compliance portability • Privileged user access © 2009 Oracle – Proprietary and Confidential 17
  • 18. Security with Oracle Cloud Platform Application 1 Application 2 Application 3 Platform as a Service Cloud Management Oracle Enterprise Manager Shared Services Configuration Mgmt: Integration: Process Mgmt: Security: User Interaction: Assembly Builder, SOA Suite BPM Suite Identity Mgmt WebCenter Capacity & Consolidation Planning Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Automation: Self-Service Provisioning, Database Grid: Oracle Database, RAC, ASM, Partitioning, Policy-Based Resource IMDB Cache, Active Data Guard, Database Security Scheduling, Metering Application Performance Infrastructure as a Service Management: RUEI, SLA Management, Operating Systems: Oracle Enterprise Linux Monitoring, Diagnostics Virtualization: Oracle VM Application Quality Servers Management: Testing, Storage Patch Management © 2009 Oracle – Proprietary and Confidential 18
  • 19. Service-Oriented Security Identity Services for the Cloud Oracle Identity Management Identity Directory Role Management Authentication Authorization Federation Administration Services Web Services Web Services Web Services Oracle Apps 3rd Party/Custom Apps Cloud Service Providers • Discrete, easily consumable security services • Rapid application security, improved IT agility • Security seamlessly woven into applications © 2009 Oracle – Proprietary and Confidential 19
  • 20. Identity Management Considerations in the Public Cloud IAM Service Provider Business Service Provider Identity Identity Identity Identity Admin Assurance Assurance Admin Business Service Consumer Identity Identity Federation Assurance • User lifecycle management • Federated authentication • Fraud prevention and risk mitigation © 2009 Oracle – Proprietary and Confidential 20
  • 21. Security Framework The value of this approach Principles Benefits • Ensure Principle of “Security First” • Creates agility to meet changing threat • Built-in not Bolt-on Security landscapes and create new models • Enforce controls • Leads to re-useable patterns • Improved management • Provides joined up protection against • Holistic not silo solutions data loss, fraud and theft • Platform for agility and flexibility • Achieves greater compliance for lower cost • Creates better customer experience • Builds “trusted” brand 21
  • 22. Oracle Security Inside Out Database Security • Encryption and Masking • Privileged User Controls • Multi-Factor Authorization • Activity Monitoring and Audit • Secure Configuration Identity Management • User Provisioning • Role Management • Entitlements Management Information • Risk-Based Access Control Infrastructure • Virtual Directories Databases Information Rights Applications Management Content • Centralized document access control • Digital shredding • Document Activity Monitoring and Audit Oracle Confidential 22
  • 23. Complete, Open, Integrated Systems • Engineered to work together • Tested together • Certified together • Packaged together • Deployed together • Upgraded together • Managed together • Supported together
  • 24. Together, We Will Spend $4.3 Billion In R&D In Our First Full Fiscal Year $4.3 R&D Spending USD $Bs $2.7 $2.8 $2.2 $1.9 $1.5 FY05 FY06 FY07 FY08 FY09 … FY11
  • 25. Industry specific cover image Telco X Identity Management Assessment Oracle Insight Report - Issue 1.0 January 28th 2009 Rob McManus Insight Programme Director, Technology Solutions & Channels Jason Rees Insight Programme Director, Technology Solutions & Channels
  • 26. Oracle Recommendations – Flight Path Governance User Management Access Management & Architecture Data Increase OpCo adoption Management Implement new Web Access Mgt Increase number of integrated applications IdM Service Management Virtual directory Authorisation & technologies Authentication Management Automation of Enterprise SSO Standards for Rules and application Workflows integration Role Management Principles and Standards Strong Implement Authentication New IdM Replacement of Audit & hardware tokens Institute Reporting Governanc e Board Automate re-certification and Attestation Timescale 1-6 months 6-12 months Year 2 26
  • 27. Prioritisation of IdM Capability Areas “SECONDARY “TARGETS” TARGETS”   User Management  Audit & Reporting High   Governance  Access Management Primary Focus  Architecture PRIORITY LEVEL Medium Secondary Focus  Authorisation Management   Authentication Management “LONGER TERM” Future Phases Low Performed Planned and Well Mature Industry Locally Tracked Defined Leading OPERATING PERFORMANCE 27
  • 28. Investment in IdM Should Produce Strong Value for Telco X Oracle Estimates an ROI of 410% based on Conservative Case, Payback in 16 months 5 Year Net Present Value: £12 million £14,000,000 £12,329,802 £12,000,000 £10,000,000 Benefits Achieved £8,654,465 £8,000,000 Total Costs £6,000,000 £4,391,073 £4,000,000 Accumulated discounted cash flow (NPV) £2,000,000 £1,174,242 £0 Year -£639,858 1 Year 2 Year 3 Year 4 Year 5 -£2,000,000 -£4,000,000 Source: Discovery workshops; data provided; Oracle analysis Note: Implementation costs are very approximate at this early stage; discount rate used is 16%; costs do not include all relevant non- Oracle items, e.g. internal Telco Ximplementation costs, hardware costs and training costs; benefits do not include productivity gains 28 28
  • 29. Benefits of Oracle’s Recommendation Benefit Area/Driver Type FINANCIAL IMPACT Conservative Pragmatic Aggressive 1a. Increase productivity of new hires Productivity £1,239,854 £1,859,781 £2,479,708 1b. Reduce Joiner Administrative effort for Line Managers Productivity £929,891 £1,859,781 £2,789,672 1c. Employee searches Productivity £290,591 £348,709 £406,827 1d. Fewer systems to update Productivity £1,210,795 £2,421,590 £3,632,385 2a. Reduction in Help Desk administration costs for account requests Headcount £1,832,727 £2,618,182 £3,403,636 2b. Incremental Productivity - reduced password reset calls to helpdesk Productivity £6,974,179 £11,623,632 £16,273,085 2c. Reduction in Help Desk Administration costs - Password Resets Headcount £1,846,154 £3,000,000 £3,692,308 3a. Reduction in Administrative Labour Costs for Certification Headcount £660,000 £1,100,000 £1,540,000 3b. Reduction in Attestation Review Effort Headcount £651,375 £1,085,625 £1,519,875 3c. Reduction in Audit Remediation Costs Headcount £250,000 £250,000 £250,000 3e. Replace Hardware Tokens Saving £120,000 £120,000 £120,000 4a. Cost of assisting staff present and past following loss of personal data Saving £337,500 £675,000 £1,012,500 4b. Fraud Avoidance and Reduction Saving £500,000 £500,000 £500,000 4c. Application development savings Saving £1,250,000 £3,000,000 £4,000,000 Total £18,093,066 £30,462,301 £41,619,997 Note 1: Potential annual benefits Note 2: Based on Oracle experiences, analyst reports and information gained through interviews with Telco X Note 3: Includes Productivity savings which have been removed from ROI calculation overleaf 29 29

Hinweis der Redaktion

  1. We completed a number of interactive session at InfoSec this year, at Oracle Security Café Workshops. We found that the top 4 business drivers were:Cost reduction – providing in controls to reduce cost, example being secure consolidation of IT services and the ability to outsource in a controlled and trusted wayCompliance to regulations - Still a popular topic – we have had SOX, HIPPA and PCI DSS – what is next?Improved customer experience – allowing user to interact with the enterprise in a secure way, and build brand trustProtect organisation for reputation damage – How much is reputation worth to an organisation? Should orgnaisations be worried? – Well a study of US workers found that 59% of people made redundant would steal data, so in this economic climate….Improved efficienciesCollaborative workingIncrease agility and enter new marketsIncrease competitive advantage2 mins
  2. Information is at the heart of anything we do.Security is part of all business, process, tecnology and information viewpoints . Risk Appetite and Assessments allows the organisation make decision how they want to approach security.But are also cultural and educational needs, and business governance help to bridge the gaps between business and security. Again remembering that technology is just part of the overall ability of an organisation to deliver the right security controls.2 min
  3. Security Frameworks (or Architecture) provide a common chassis for the organisation. This is not a one size fits all approach, the framework can provide multiple baselines and solutions patterns. These patterns can be captured for re-use against the changing threat landscape and different business models i.e.: Managed Fraud ServicesResources Resources are all types of information, data, structured or unstructured – the data is the crown jewels. Ultimately everything that goes in front, process and application, access management is just a way to mediate access to resources.BUILD SLIDESAsk the question: What is the value of resource to the business? What is the associated risk appetite of the your organisation?Summarise:Oracle has been working in the security space pretty much since day 1. The very first Oracle customers were in the government space back in 19778 mins
  4. Only as strong as the weakness linkWe must take a joined up and layered approach to our end to end security solutions and patterns.No point in having strong access enforcement if your identity administration (i.e.: recruitment and vetting) is weak. No point in having great application security, if a user or system can access the data directlyNo point in having strong access security if someone can enter a data centre and steal an un-encrypted disk from the server2 mins
  5. Look at some of the examples where security has been a positive benefit;The government pensions department used to require 4 forms to be completed for pension enquiries, secure collaboration of information now allows enquiries to be resolved with a single phone call.Amazon have built such a strong brand that they could release Cloud services. Security is a huge part of that, stories in the press about lost credit cards etc would have damaged the brand to an extent where Cloud services might not be trusted. Taking this further Amazon have to be sure about the security of the Cloud itself so as not to damage existing customer perception from their traditional channels.Talk about the principles of security, then the benefits4 mins