SlideShare ist ein Scribd-Unternehmen logo

Security in the Digital Age

Hewlett Packard Enterprise Business Value Exchange
Hewlett Packard Enterprise Business Value Exchange

Staying safe in a rapidly converging physical and virtual world

Business
1 von 8
Downloaden Sie, um offline zu lesen
Business white paper Security in the digital age Staying safe in a rapidly converging physical and virtual world
Table of contents 2 Introduction 2 Classic security 2 Modern security 3 Weak points 5 Recommendations 8 Conclusion 8 About the authors Introduction The proliferation of intelligent devices is providing ever-increasing entry points for those looking to exploit the assets of both citizens and government organizations. Increasingly the physical and virtual worlds are converging, so an integrated response, compliant with local privacy laws, is required. This paper highlights how the security battlefield is changing and identifies how the challenge in remaining secure has grown exponentially. Most importantly, it provides recommendations as to the actions you can take as a leader to ensure your organization is prepared both pre and, increasingly, post attack. Classic security It wasn’t so long ago that security was a matter for the security specialists, e.g., military, emergency services, and private sector security players. The threats could be easily identified by the fact that they looked different to the “good guys,” and they typically had to pass through physical perimeter to conduct their malicious activity. Thus, vulnerabilities tended to be located on the physical periphery of the building under attack. This was relatively easy to monitor, and attacks were usually obvious. In the bygone era, security tended to have a castle feel to it. Moats, high walls, strong doors, and boundary patrols were key elements. Modern security But the world has moved on. Increased mobility, coupled with the proliferation of smart devices and sensors, has had the effect of blurring the boundary. Today every device, from a printer to a phone to a car, is an access point. Attacks are typically concealed. The enemy may enter your organization via your supply chain, via a socially off-guard employee, or through poor policy. What is more, increasingly the threat can operate unhindered for months, if not years, before the breach is identified. The arrival of the Internet of Things (IoT) adds a whole new dimension to the challenge, as does the unregulated usage of recording devices, including those mounted on drones. Unfortunately, the hacker community is highly collaborative and organized. Those that compromise your organization’s infrastructure may have no interest in their plunder. However, they know exactly who has and will monetize their efforts via “internal” markets accordingly. Business white paper Page 2
We are also witnessing the emergence of a generation of people who have no problem sharing their most intimate of details. They do not always make the connection between being burgled whilst on holiday, and the fact that they promoted their forthcoming holiday on their social networks with the vigor of a new entrant marketer. Fortunately, to varying extents, those in charge recognize the importance of privacy. However, privacy’s gain is often security’s loss. The recent FBI and Apple iPhone® saga highlights this. It is clear that your organization cannot rely on a castle-based model, given the threats can emerge from a bewildering array of entry points. Thus, a model more akin to a hotel has to be considered. One has to operate knowing that people, with good and bad intent, are passing through your environment on a continual basis. Given the porousness of your infrastructure, it is perhaps better to start from a position that you have already been compromised. In the digital economy, threat detection trumps threat prevention. Weak points As we have seen, building and maintaining a robust security framework is challenging in the digital age. Other challenges include: Weak authentication policy: A poor security culture invariably leads to a lackadaisical approach to good practice. Passwords of the form “password123” or passwords that could be retrieved by knowing just a couple of personal facts, e.g., names of children, pets, or favorite football team, and make life very easy for attackers. As do “passwords for life” and devices with no “timeout” enforcement. Lack of leadership in both war and peacetime: Some organizations fail to understand that security is not a departmental issue, but one that concerns everybody, including the leadership. During “peacetime,” nobody in the leadership team is governing the security model (usually “abdicated to the IT function”). During times of war, there needs to be a command system to ensure that the threat is dealt with as a priority, with no delays in the allocation of the necessary resources. Business white paper Page 3
The enemy has a sophisticated collaborative ecosystem: This has already been mentioned. The openness of the “dark side” has cultivated an ecosystem that enables the acquisition of a small piece of intelligence by an adolescent hacker to be used as the spearhead of a state sponsored assault. Humans are too social and trusting: It is in our nature to be trusting, particularly where the threat has been kind to us (creating the pressure of reciprocity), or simply charms us into revealing more than is wise. Poor software release and patch management: The vendor community has no interest in their offerings being perceived as insecure; however, some will be faster than others in responding to new threats. But this is of little value if your organization does not install the associated updates and patches. Just because the users perceive no functional benefit in the latest upgrades, it is not reason enough to take no action. Compromised software: Some hackers cleverly find their way into the organization via the development tools used to build the software used by your people. Thus, the vendor has inadvertently played an active role in compromising your organization. Such zero-day attacks are a serious concern because the attacker is likely to have already exploited the vulnerability before it is discovered. A shortage of battle-hardened infosecurity experts: The exponential growth in the demand for security experts is not being met with a similar growth in expertise. Even if the education system were retuned accordingly, it would still take a number of years before the graduates gained the real-world experience to be effective security professionals. This is a problem that is set to become more acute. IoT: Every device from heart pacemaker to car is a potential entry point or target for hackers. The thought that your driverless car can be commandeered by anyone from bored kids to foreign security agencies is unsettling. The growth in wearable devices, for example fitness wristbands, also adds a new dimension to the security challenge. Privacy: As mentioned, in addressing increasingly cunning attacks, it would make life easier for authorities to waive the right to privacy. A balance has to be achieved to avoid the consequences of a post-privacy society. The extent to which each government adheres to this will depend on local legislation. Business white paper Page 4
Your supply chain: As mentioned, your supply chain, or even your users or citizens, is potential entry point for attackers. But the increasing volatility of the market means that supplier relationships and partnerships will form and dissolve at a greater rate. Your increasingly tactical relationships have the potential to be the source of great financial or reputational loss. Your staff: Your staff, through a casual approach to security, might well be the source of vulnerability. Weak passwords, not closing secure cabinets, and revealing sensitive information in an unsecure environment, are all ways of inadvertently causing damage. Some staff may have been planted to exploit your organization from the inside, and are happy to do so. Others may be under pressure to exploit your organization, despite their otherwise good character, because they are being pressured by a malevolent third party. Other governments: Such a third party might well be another government. If it is cheaper to acquire intellectual property through theft than through costly research and development efforts, then it makes economic sense to proceed in that fashion. This is only if the state concerned has a set of values that support such behavior. State sponsored acts are a concern, not least because of the resources they can draw upon to achieve their goals. Recommendations There is a lot to consider when planning and implementing a secure environment. Here are some steps you can take to strengthen your defenses: • Appoint a chief security officer (CSO) who in the event of an attack has permission to take control of the organization until the threat is eliminated. Keep in mind that whilst many aspects of modern day security are IT related, the responsibility of the CSO needs to extend across all aspects of your organization’s defenses. • Run scenario exercises to ensure everyone in the organization understands their role in the event of a detection. Well-rehearsed procedures will dampen the impact of a breach. Business white paper Page 5
• Audit all actors and assets in your organization and supply chain in respect of their trustworthiness and “infosecurity robustness,” and engage with them accordingly. In fact, it would be wise to make these primary criteria in choosing suppliers, staff, and even customers. • Utilize real-time sensors to discourage threats. Their visibility can serve as a deterrent. Their functionality provides context and evidence for the purposes of prosecution. • Develop a security policy and architecture that has a compartmentalizing impact on the degree to which a threat can propagate around the organization. Again, think hotel rather than castle model. Even though anybody can enter the lobby, only certain people can enter the rooms or cupboards. • Understand the intentions of your HR function, and agree how you address the associated threat possibilities. The emergence of personally owned devices, including wearables, need to be factored in to your security policy. Some of these wearables may be driven by your HR function, in respect of talent engagement. • Ensure all staff understand their role in respect of maintaining a secure environment. Create a culture where your people are both careful and vigilant. • Ensure your public relation function is briefed on how and when they disclose breaches. Timing is everything. Too early and you might cause the attackers to bring their plans forward. Too late and you may be accused of negligent behavior. • Build your security team with genuinely experienced staff, who understand technology, policy, the mindset of the attackers and human nature. Experienced security specialists can make a lot more money in the private sector. You might consider keeping a small highly capable in-house team whose primary role is to coordinate the activities and relationships with specialist providers. Certain activities, such as setting up secure processes, monitoring your environment, and being first on the scene when a threat is detected, might best be done by those who have the appropriate economies of scale. Such organizations regard security management as their core business. • Automate intelligence gathering by using the public or open source intelligence. Also, integrate in the relevant classified sources. This frees up our people so they can focus on higher value analysis work, rather than labor-intensive data gathering. Business white paper Page 6
• Embrace video analysis tools. Such tools can identify irregular behavior in real time and alert the appropriate authorities. They can also be used to gather evidence, particularly where lengthy video content needs to be analyzed. This speeds up evidence gathering, reduces the associated cost, and again, frees-up your people to focus on higher value activities. The associated surveillance technology can be deployed at high-risk locations such as airports, railway stations, and shopping malls. Regulated zones such as the public highway can also be monitored for both security and safety purposes. • Reduce staff and citizen inconvenience by using biometric security such as facial or voice recognition. Citizens thus enjoy an improved experience. You save on costly labor, which when overworked can be prone to potentially devastating mistakes. • Assume you have already been compromised and so maintain a threat detection posture at all times. • “Deep audit” your processes by engaging specialists to penetrate your defenses and subsequently advise on how to rectify the detected vulnerabilities. • Ensure your critical security systems are integrated to provide a holistic view of your environment and the associated threats. The data needed to trigger critical alerts may well lie within your systems, but will only if all your systems act as one. • Keep on top of the latest attack developments, such as product vulnerabilities and social attacks. Only when staff are aware of, for example, spear phishing, will they be more guarded when clicking on links within personalized and seemingly harmless messages. • Enter into a public-private partnership with security specialists to keep abreast of the latest developments in counter attack technologies. Business white paper Page 7
Rate this document Sign up for updates Conclusion The vulnerability points in the organizational infrastructure are increasing rapidly with the growth of intelligent device usage in society. Users, citizens, suppliers, and partners all represent potential entry points for malevolent behavior. Security impacts everyone, and therefore should not be shoehorned or abdicated into the remit of the IT function. Ultimately, information security, from both a virtual and physical perspective, is a leadership issue. Thus, the 21st century public sector leaders need to regard it as a fiduciary duty to both understand the issues and deploy the appropriate resources to protect those that rely on your services. About the authors Pierre Mirlesse Pierre Mirlesse leads HPE Mobility business in the EMEA region. Mirlesse joined HP (now known as Hewlett Packard Enterprise) over 20 years ago, advising industries and government organizations in their digital experience transformation. He has held a number of executive positions around the globe including Middle East-Africa VP, Worldwide SMB VP based in Palo Alto, Asia-Pacific VP for HP Managed Print Services, and distribution director in Middle East, Africa, and Eastern Europe. Pierre is a recognized industry keynote speaker. He now lives in the UK with his family. Find out more about Pierre on LinkedIn: ch.linkedin.com/in/pierremirlesse Ade McCormack Ade McCormack is a near futurist, digital strategist, keynote speaker, and author. He is a columnist with CIO magazine, and a former columnist with the Financial Times, focusing on digital leadership. His experience extends over three decades and almost 30 countries across many sectors. He has written a number of books, including one on the future of work (Beyond Nine to Five—Your career guide to the digital age). He has also lectured at MIT Sloan School of Management on digital leadership. For more information on Ade, visit ademccormack.com. Learn more at hpe.com/us/en/solutions/security.html © Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. iPhone is a trademark of Apple Computer, Inc. registered in the U.S. and other countries. 4AA6-4685ENW, March 2016 Business white paper

Empfohlen

Can customer experience thrive in the age of the io t
Can customer experience thrive in the age of the io tCan customer experience thrive in the age of the io t
Can customer experience thrive in the age of the io tHewlett Packard Enterprise Business Value Exchange
 
Hp pultik 1000x1000_out_en
Hp pultik 1000x1000_out_enHp pultik 1000x1000_out_en
Hp pultik 1000x1000_out_enHewlett Packard Enterprise Business Value Exchange
 
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...Hewlett Packard Enterprise Business Value Exchange
 
To Accelerate IT Innovation, Think like a Rocket Scientist
To Accelerate IT Innovation, Think like a Rocket ScientistTo Accelerate IT Innovation, Think like a Rocket Scientist
To Accelerate IT Innovation, Think like a Rocket ScientistHewlett Packard Enterprise Business Value Exchange
 
EFMA & HP: Evolution of the Workplace in Financial Services
EFMA & HP: Evolution of the Workplace in Financial ServicesEFMA & HP: Evolution of the Workplace in Financial Services
EFMA & HP: Evolution of the Workplace in Financial ServicesHewlett Packard Enterprise Business Value Exchange
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Technology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesTechnology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesHewlett Packard Enterprise Business Value Exchange
 
Customer Experience in the Age of the Internet of Things
Customer Experience in the Age of the Internet of ThingsCustomer Experience in the Age of the Internet of Things
Customer Experience in the Age of the Internet of ThingsHewlett Packard Enterprise Business Value Exchange
 

Empfohlen

Can customer experience thrive in the age of the io t
Can customer experience thrive in the age of the io tCan customer experience thrive in the age of the io t
Can customer experience thrive in the age of the io tHewlett Packard Enterprise Business Value Exchange
 
Hp pultik 1000x1000_out_en
Hp pultik 1000x1000_out_enHp pultik 1000x1000_out_en
Hp pultik 1000x1000_out_enHewlett Packard Enterprise Business Value Exchange
 
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...Hewlett Packard Enterprise Business Value Exchange
 
To Accelerate IT Innovation, Think like a Rocket Scientist
To Accelerate IT Innovation, Think like a Rocket ScientistTo Accelerate IT Innovation, Think like a Rocket Scientist
To Accelerate IT Innovation, Think like a Rocket ScientistHewlett Packard Enterprise Business Value Exchange
 
EFMA & HP: Evolution of the Workplace in Financial Services
EFMA & HP: Evolution of the Workplace in Financial ServicesEFMA & HP: Evolution of the Workplace in Financial Services
EFMA & HP: Evolution of the Workplace in Financial ServicesHewlett Packard Enterprise Business Value Exchange
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Technology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesTechnology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesHewlett Packard Enterprise Business Value Exchange
 
Customer Experience in the Age of the Internet of Things
Customer Experience in the Age of the Internet of ThingsCustomer Experience in the Age of the Internet of Things
Customer Experience in the Age of the Internet of ThingsHewlett Packard Enterprise Business Value Exchange
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-DisruptionHewlett Packard Enterprise Business Value Exchange
 
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...Hewlett Packard Enterprise Business Value Exchange
 
Game-Changers: CIOs on Digital Transformation
Game-Changers: CIOs on Digital TransformationGame-Changers: CIOs on Digital Transformation
Game-Changers: CIOs on Digital TransformationHewlett Packard Enterprise Business Value Exchange
 
Realize the Full Value
Realize the Full ValueRealize the Full Value
Realize the Full ValueHewlett Packard Enterprise Business Value Exchange
 
Connecting the manufacturing industry
Connecting the manufacturing industryConnecting the manufacturing industry
Connecting the manufacturing industryHewlett Packard Enterprise Business Value Exchange
 
Manufacturing Forum 2016
Manufacturing Forum 2016Manufacturing Forum 2016
Manufacturing Forum 2016Hewlett Packard Enterprise Business Value Exchange
 
Getting to your hybrid future
Getting to your hybrid futureGetting to your hybrid future
Getting to your hybrid futureHewlett Packard Enterprise Business Value Exchange
 
Hewlett Packard Enterprise Connected Manufacturing Brochure
Hewlett Packard Enterprise Connected Manufacturing Brochure Hewlett Packard Enterprise Connected Manufacturing Brochure
Hewlett Packard Enterprise Connected Manufacturing Brochure Hewlett Packard Enterprise Business Value Exchange
 
FSI Key Propositions
FSI Key PropositionsFSI Key Propositions
FSI Key PropositionsHewlett Packard Enterprise Business Value Exchange
 
Happy Employees Lead to Happy Customers
Happy Employees Lead to Happy CustomersHappy Employees Lead to Happy Customers
Happy Employees Lead to Happy CustomersHewlett Packard Enterprise Business Value Exchange
 
How to Deliver Value "Beyond the Pill"
How to Deliver Value "Beyond the Pill"How to Deliver Value "Beyond the Pill"
How to Deliver Value "Beyond the Pill"Hewlett Packard Enterprise Business Value Exchange
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-DisruptionHewlett Packard Enterprise Business Value Exchange
 
HPE Security Report 2016
HPE Security Report 2016HPE Security Report 2016
HPE Security Report 2016Hewlett Packard Enterprise Business Value Exchange
 
Realising Potential - The Dandelion Program
Realising Potential - The Dandelion ProgramRealising Potential - The Dandelion Program
Realising Potential - The Dandelion ProgramHewlett Packard Enterprise Business Value Exchange
 
FinTech Innovation Model 2015
FinTech Innovation Model 2015FinTech Innovation Model 2015
FinTech Innovation Model 2015Hewlett Packard Enterprise Business Value Exchange
 
Time for co-operation
Time for co-operationTime for co-operation
Time for co-operationHewlett Packard Enterprise Business Value Exchange
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first stepHewlett Packard Enterprise Business Value Exchange
 
Time for co-operation
Time for co-operationTime for co-operation
Time for co-operationHewlett Packard Enterprise Business Value Exchange
 
Personalize the Travel Experience - and Gain Insights
Personalize the Travel Experience - and Gain Insights Personalize the Travel Experience - and Gain Insights
Personalize the Travel Experience - and Gain Insights Hewlett Packard Enterprise Business Value Exchange
 
BVEx Research: Open Data Unlocked
BVEx Research: Open Data UnlockedBVEx Research: Open Data Unlocked
BVEx Research: Open Data UnlockedHewlett Packard Enterprise Business Value Exchange
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (6)

Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
 
Game-Changers: CIOs on Digital Transformation
Game-Changers: CIOs on Digital TransformationGame-Changers: CIOs on Digital Transformation
Game-Changers: CIOs on Digital Transformation
 
Realize the Full Value
Realize the Full ValueRealize the Full Value
Realize the Full Value
 
Connecting the manufacturing industry
Connecting the manufacturing industryConnecting the manufacturing industry
Connecting the manufacturing industry
 

Mehr von Hewlett Packard Enterprise Business Value Exchange

Mehr von Hewlett Packard Enterprise Business Value Exchange (20)

Manufacturing Forum 2016
Manufacturing Forum 2016Manufacturing Forum 2016
Manufacturing Forum 2016
 
Getting to your hybrid future
Getting to your hybrid futureGetting to your hybrid future
Getting to your hybrid future
 
Hewlett Packard Enterprise Connected Manufacturing Brochure
Hewlett Packard Enterprise Connected Manufacturing Brochure Hewlett Packard Enterprise Connected Manufacturing Brochure
Hewlett Packard Enterprise Connected Manufacturing Brochure
 
FSI Key Propositions
FSI Key PropositionsFSI Key Propositions
FSI Key Propositions
 
Happy Employees Lead to Happy Customers
Happy Employees Lead to Happy CustomersHappy Employees Lead to Happy Customers
Happy Employees Lead to Happy Customers
 
How to Deliver Value "Beyond the Pill"
How to Deliver Value "Beyond the Pill"How to Deliver Value "Beyond the Pill"
How to Deliver Value "Beyond the Pill"
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
HPE Security Report 2016
HPE Security Report 2016HPE Security Report 2016
HPE Security Report 2016
 
Realising Potential - The Dandelion Program
Realising Potential - The Dandelion ProgramRealising Potential - The Dandelion Program
Realising Potential - The Dandelion Program
 
FinTech Innovation Model 2015
FinTech Innovation Model 2015FinTech Innovation Model 2015
FinTech Innovation Model 2015
 
Time for co-operation
Time for co-operationTime for co-operation
Time for co-operation
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first step
 
Time for co-operation
Time for co-operationTime for co-operation
Time for co-operation
 
Personalize the Travel Experience - and Gain Insights
Personalize the Travel Experience - and Gain Insights Personalize the Travel Experience - and Gain Insights
Personalize the Travel Experience - and Gain Insights
 
BVEx Research: Open Data Unlocked
BVEx Research: Open Data UnlockedBVEx Research: Open Data Unlocked
BVEx Research: Open Data Unlocked
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.
Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.
Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.
 
HP Event Recap: Successful IT Governance
HP Event Recap: Successful IT GovernanceHP Event Recap: Successful IT Governance
HP Event Recap: Successful IT Governance
 
HP Event Recap: Transformation Time for Telcos
HP Event Recap: Transformation Time for TelcosHP Event Recap: Transformation Time for Telcos
HP Event Recap: Transformation Time for Telcos
 
Partner for Innovation and Growth!
Partner for Innovation and Growth!Partner for Innovation and Growth!
Partner for Innovation and Growth!
 

Kürzlich hochgeladen

Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 

Kürzlich hochgeladen (20)

Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 

Security in the Digital Age

  • 1. Business white paper Security in the digital age Staying safe in a rapidly converging physical and virtual world
  • 2. Table of contents 2 Introduction 2 Classic security 2 Modern security 3 Weak points 5 Recommendations 8 Conclusion 8 About the authors Introduction The proliferation of intelligent devices is providing ever-increasing entry points for those looking to exploit the assets of both citizens and government organizations. Increasingly the physical and virtual worlds are converging, so an integrated response, compliant with local privacy laws, is required. This paper highlights how the security battlefield is changing and identifies how the challenge in remaining secure has grown exponentially. Most importantly, it provides recommendations as to the actions you can take as a leader to ensure your organization is prepared both pre and, increasingly, post attack. Classic security It wasn’t so long ago that security was a matter for the security specialists, e.g., military, emergency services, and private sector security players. The threats could be easily identified by the fact that they looked different to the “good guys,” and they typically had to pass through physical perimeter to conduct their malicious activity. Thus, vulnerabilities tended to be located on the physical periphery of the building under attack. This was relatively easy to monitor, and attacks were usually obvious. In the bygone era, security tended to have a castle feel to it. Moats, high walls, strong doors, and boundary patrols were key elements. Modern security But the world has moved on. Increased mobility, coupled with the proliferation of smart devices and sensors, has had the effect of blurring the boundary. Today every device, from a printer to a phone to a car, is an access point. Attacks are typically concealed. The enemy may enter your organization via your supply chain, via a socially off-guard employee, or through poor policy. What is more, increasingly the threat can operate unhindered for months, if not years, before the breach is identified. The arrival of the Internet of Things (IoT) adds a whole new dimension to the challenge, as does the unregulated usage of recording devices, including those mounted on drones. Unfortunately, the hacker community is highly collaborative and organized. Those that compromise your organization’s infrastructure may have no interest in their plunder. However, they know exactly who has and will monetize their efforts via “internal” markets accordingly. Business white paper Page 2
  • 3. We are also witnessing the emergence of a generation of people who have no problem sharing their most intimate of details. They do not always make the connection between being burgled whilst on holiday, and the fact that they promoted their forthcoming holiday on their social networks with the vigor of a new entrant marketer. Fortunately, to varying extents, those in charge recognize the importance of privacy. However, privacy’s gain is often security’s loss. The recent FBI and Apple iPhone® saga highlights this. It is clear that your organization cannot rely on a castle-based model, given the threats can emerge from a bewildering array of entry points. Thus, a model more akin to a hotel has to be considered. One has to operate knowing that people, with good and bad intent, are passing through your environment on a continual basis. Given the porousness of your infrastructure, it is perhaps better to start from a position that you have already been compromised. In the digital economy, threat detection trumps threat prevention. Weak points As we have seen, building and maintaining a robust security framework is challenging in the digital age. Other challenges include: Weak authentication policy: A poor security culture invariably leads to a lackadaisical approach to good practice. Passwords of the form “password123” or passwords that could be retrieved by knowing just a couple of personal facts, e.g., names of children, pets, or favorite football team, and make life very easy for attackers. As do “passwords for life” and devices with no “timeout” enforcement. Lack of leadership in both war and peacetime: Some organizations fail to understand that security is not a departmental issue, but one that concerns everybody, including the leadership. During “peacetime,” nobody in the leadership team is governing the security model (usually “abdicated to the IT function”). During times of war, there needs to be a command system to ensure that the threat is dealt with as a priority, with no delays in the allocation of the necessary resources. Business white paper Page 3
  • 4. The enemy has a sophisticated collaborative ecosystem: This has already been mentioned. The openness of the “dark side” has cultivated an ecosystem that enables the acquisition of a small piece of intelligence by an adolescent hacker to be used as the spearhead of a state sponsored assault. Humans are too social and trusting: It is in our nature to be trusting, particularly where the threat has been kind to us (creating the pressure of reciprocity), or simply charms us into revealing more than is wise. Poor software release and patch management: The vendor community has no interest in their offerings being perceived as insecure; however, some will be faster than others in responding to new threats. But this is of little value if your organization does not install the associated updates and patches. Just because the users perceive no functional benefit in the latest upgrades, it is not reason enough to take no action. Compromised software: Some hackers cleverly find their way into the organization via the development tools used to build the software used by your people. Thus, the vendor has inadvertently played an active role in compromising your organization. Such zero-day attacks are a serious concern because the attacker is likely to have already exploited the vulnerability before it is discovered. A shortage of battle-hardened infosecurity experts: The exponential growth in the demand for security experts is not being met with a similar growth in expertise. Even if the education system were retuned accordingly, it would still take a number of years before the graduates gained the real-world experience to be effective security professionals. This is a problem that is set to become more acute. IoT: Every device from heart pacemaker to car is a potential entry point or target for hackers. The thought that your driverless car can be commandeered by anyone from bored kids to foreign security agencies is unsettling. The growth in wearable devices, for example fitness wristbands, also adds a new dimension to the security challenge. Privacy: As mentioned, in addressing increasingly cunning attacks, it would make life easier for authorities to waive the right to privacy. A balance has to be achieved to avoid the consequences of a post-privacy society. The extent to which each government adheres to this will depend on local legislation. Business white paper Page 4
  • 5. Your supply chain: As mentioned, your supply chain, or even your users or citizens, is potential entry point for attackers. But the increasing volatility of the market means that supplier relationships and partnerships will form and dissolve at a greater rate. Your increasingly tactical relationships have the potential to be the source of great financial or reputational loss. Your staff: Your staff, through a casual approach to security, might well be the source of vulnerability. Weak passwords, not closing secure cabinets, and revealing sensitive information in an unsecure environment, are all ways of inadvertently causing damage. Some staff may have been planted to exploit your organization from the inside, and are happy to do so. Others may be under pressure to exploit your organization, despite their otherwise good character, because they are being pressured by a malevolent third party. Other governments: Such a third party might well be another government. If it is cheaper to acquire intellectual property through theft than through costly research and development efforts, then it makes economic sense to proceed in that fashion. This is only if the state concerned has a set of values that support such behavior. State sponsored acts are a concern, not least because of the resources they can draw upon to achieve their goals. Recommendations There is a lot to consider when planning and implementing a secure environment. Here are some steps you can take to strengthen your defenses: • Appoint a chief security officer (CSO) who in the event of an attack has permission to take control of the organization until the threat is eliminated. Keep in mind that whilst many aspects of modern day security are IT related, the responsibility of the CSO needs to extend across all aspects of your organization’s defenses. • Run scenario exercises to ensure everyone in the organization understands their role in the event of a detection. Well-rehearsed procedures will dampen the impact of a breach. Business white paper Page 5
  • 6. • Audit all actors and assets in your organization and supply chain in respect of their trustworthiness and “infosecurity robustness,” and engage with them accordingly. In fact, it would be wise to make these primary criteria in choosing suppliers, staff, and even customers. • Utilize real-time sensors to discourage threats. Their visibility can serve as a deterrent. Their functionality provides context and evidence for the purposes of prosecution. • Develop a security policy and architecture that has a compartmentalizing impact on the degree to which a threat can propagate around the organization. Again, think hotel rather than castle model. Even though anybody can enter the lobby, only certain people can enter the rooms or cupboards. • Understand the intentions of your HR function, and agree how you address the associated threat possibilities. The emergence of personally owned devices, including wearables, need to be factored in to your security policy. Some of these wearables may be driven by your HR function, in respect of talent engagement. • Ensure all staff understand their role in respect of maintaining a secure environment. Create a culture where your people are both careful and vigilant. • Ensure your public relation function is briefed on how and when they disclose breaches. Timing is everything. Too early and you might cause the attackers to bring their plans forward. Too late and you may be accused of negligent behavior. • Build your security team with genuinely experienced staff, who understand technology, policy, the mindset of the attackers and human nature. Experienced security specialists can make a lot more money in the private sector. You might consider keeping a small highly capable in-house team whose primary role is to coordinate the activities and relationships with specialist providers. Certain activities, such as setting up secure processes, monitoring your environment, and being first on the scene when a threat is detected, might best be done by those who have the appropriate economies of scale. Such organizations regard security management as their core business. • Automate intelligence gathering by using the public or open source intelligence. Also, integrate in the relevant classified sources. This frees up our people so they can focus on higher value analysis work, rather than labor-intensive data gathering. Business white paper Page 6
  • 7. • Embrace video analysis tools. Such tools can identify irregular behavior in real time and alert the appropriate authorities. They can also be used to gather evidence, particularly where lengthy video content needs to be analyzed. This speeds up evidence gathering, reduces the associated cost, and again, frees-up your people to focus on higher value activities. The associated surveillance technology can be deployed at high-risk locations such as airports, railway stations, and shopping malls. Regulated zones such as the public highway can also be monitored for both security and safety purposes. • Reduce staff and citizen inconvenience by using biometric security such as facial or voice recognition. Citizens thus enjoy an improved experience. You save on costly labor, which when overworked can be prone to potentially devastating mistakes. • Assume you have already been compromised and so maintain a threat detection posture at all times. • “Deep audit” your processes by engaging specialists to penetrate your defenses and subsequently advise on how to rectify the detected vulnerabilities. • Ensure your critical security systems are integrated to provide a holistic view of your environment and the associated threats. The data needed to trigger critical alerts may well lie within your systems, but will only if all your systems act as one. • Keep on top of the latest attack developments, such as product vulnerabilities and social attacks. Only when staff are aware of, for example, spear phishing, will they be more guarded when clicking on links within personalized and seemingly harmless messages. • Enter into a public-private partnership with security specialists to keep abreast of the latest developments in counter attack technologies. Business white paper Page 7
  • 8. Rate this document Sign up for updates Conclusion The vulnerability points in the organizational infrastructure are increasing rapidly with the growth of intelligent device usage in society. Users, citizens, suppliers, and partners all represent potential entry points for malevolent behavior. Security impacts everyone, and therefore should not be shoehorned or abdicated into the remit of the IT function. Ultimately, information security, from both a virtual and physical perspective, is a leadership issue. Thus, the 21st century public sector leaders need to regard it as a fiduciary duty to both understand the issues and deploy the appropriate resources to protect those that rely on your services. About the authors Pierre Mirlesse Pierre Mirlesse leads HPE Mobility business in the EMEA region. Mirlesse joined HP (now known as Hewlett Packard Enterprise) over 20 years ago, advising industries and government organizations in their digital experience transformation. He has held a number of executive positions around the globe including Middle East-Africa VP, Worldwide SMB VP based in Palo Alto, Asia-Pacific VP for HP Managed Print Services, and distribution director in Middle East, Africa, and Eastern Europe. Pierre is a recognized industry keynote speaker. He now lives in the UK with his family. Find out more about Pierre on LinkedIn: ch.linkedin.com/in/pierremirlesse Ade McCormack Ade McCormack is a near futurist, digital strategist, keynote speaker, and author. He is a columnist with CIO magazine, and a former columnist with the Financial Times, focusing on digital leadership. His experience extends over three decades and almost 30 countries across many sectors. He has written a number of books, including one on the future of work (Beyond Nine to Five—Your career guide to the digital age). He has also lectured at MIT Sloan School of Management on digital leadership. For more information on Ade, visit ademccormack.com. Learn more at hpe.com/us/en/solutions/security.html © Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. iPhone is a trademark of Apple Computer, Inc. registered in the U.S. and other countries. 4AA6-4685ENW, March 2016 Business white paper