SlideShare a Scribd company logo

Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst

Bill Burns
Bill Burns

What kept your CISO up last night? What market forces and threats are most impactful to your peers? How will these shape the future of enterprise security? Bill Burns, Informatica CISO and former Scale Venture Partners Executive-in-Residence, formed an InfoSec investment thesis by combining his 20+ years of domain expertise with over 100 CISO peer interviews and online survey responses. In this session Bill will share his results and perspectives on what's ahead for practical enterprise security.

Technology
1 of 48
Download to read offline
ScaleVP CISO Research: Investing in Information Security Bill Burns, CISO
Today’s Goals n  What trends affect your security program? n  What are other CISOs doing about them? n  What should you focus on going forward? Public 2
Who and Why am I here? n  Goal: Invest in InfoSec, share back to security community n  Background in Security @ scale –  Co-developed Amazon CloudHSM for IaaS hardware roots of trust –  Deployed one of the largest distributed, hybrid cloud WAFs –  Corporate IT “all-cloud”, mobile-first security strategy –  Public Root CAs, PKIs n  Active advisor: RSA Conference Committee, ISSA CISO Forum, ISSA CISO Career Lifecycle, Startup Technical Advisory Boards n  Previously: Public 3
ABOUT THE SURVEY Survey Results: InfoSec Organizational Structure Public 4
Research Methodology 1.  Scale Venture Partners: 35-question survey 2.  In-person interviews: 22 peer CISOs, across 15 industries 3.  Expanded survey via (Wisegate : Total data set: n=102 4.  Only small variations between both datasets 5.  Not statistically rigorous, Margin of Error= +/-7% @ 90% confidence Public 5
Demographics – Reporting Structure Public 6 Other: •  COO •  CTO •  Managing Director •  EVP •  Strategy Impacts budget approval, project prioritization, implementation friction CRO/Risk 10% CIO 63% CFO 7% CEO/ President 5% Legal/ Privacy 4% Other 11% Who does Security Lead / CISO report to?
How is Security Organized within your company? Centralized 55% By LoB 5% Hybrid 37% Other 3% Impact to project approval, implementation processes, ability to execute Public 7
Who handles operational security tasks? Security Dept 46% Exclusively Other Teams 18% Shared 36% Examples: •  Firewall rules, maintenance •  System Patching •  Vulnerability Scanning •  Configuration Management Impact to budget approval, implementation processes, operational ownership, mean time to resolution Public 8
HOW DID WE GET HERE? Top Trends: Where are we headed? Public 9
Security Forcing Functions – Mobility & BYOD (1) Pew Research, Jan 2014 | (2) Gartner May 2013, (3) Nov 2013 Smartphones: 58% Tablets: 42% By 2017, 50% of employers will require you to BYOD[2] for work. By 2018, 25% of enterprise traffic will flow directly mobile-to-cloud.[3] Public 10
Security Forcing Function – Cloud-IaaS n  Clouds are compelling for businesses, hard for old security controls to match pace n  AWS Example: –  ~Quadrupled # of services in past 4 years –  Reduced pricing 42 times in 8 years as they age equipment out Source: AWS Public 11 4,000,000 3,000,000 2,000,000 1,000,000 0 5/2010 11/2010 4/2011 10/2011 5/2012 10/2012 Toal Amazon Elastic Map Reduce (EMR) Clusters Launched by Customers 3.7 M Clusters Launched since May 2010 Q4 2006Q1 2007Q2 2007Q3 2007Q4 2007Q1 2008Q2 2008Q3 2008Q4 2008Q1 2009Q2 2009Q3 2009Q4 2009Q1 2010Q2 2010Q3 2010Q4 2010Q1 2011Q2 2011Q3 2011Q4 2011Q1 2012Q2 2012 Amazon S3: Total Objects 1.3 Trillion total objects 835,000 peak requests/sec
Even Security Products Are Embracing Cloud Services Public 12 0 500 1000 1500 2000 2500 3000 3500 4000 2010 2011 2012 2013 2014 2015 2016 2017 Global Cloud-Based Security Forecast 18 19 19 20 21 21 23 23 26 27 0 5 10 15 20 25 30 Email security services Web security services Website protection (fraud, DoS) Application security testing Identity and access management Security intelligence engines Vulnerability assessment services Web application firewall as a service SIEM as a service Tokenization/encryption as a service % of respondents Cloud security services consumed over the next 12 months
WHAT DID WE LEARN? Survey Results Public 13
What did we learn? n  Cloud usage at companies falls into three buckets. Which describes yours? –  Cloud Always: New companies. Born with the Cloud. No desire for on-prem infrastructure. –  Cloud First: Existing companies. Pick Cloud-based alternatives first. –  Cloud Cautious: Laggards or Heavily-regulated. See the benefits in limited use cases. Public 14
What did we learn? For CISOs: n Cloud, Mobility and Compliance put pressure on their security programs Public 15
CISOs: Externalities and Forcing Functions Q: “What top trends most/least affect your security program?” CISOs are most concerned about Maintaining security and compliance while losing direct control of the underlying infrastructure. 0 10 20 30 40 50 Agile/DevOps BYOD Consumerization of IT / Shadow IT Increased regs or compliance Mobile/IoT IT Automation / API-level integrations Mobility (smartphones and tablets) Cloud-SaaS Ubiquitous Internet Access Cloud-IaaS Weaponization of the Internet / State-sponsored espionage Work / Life Integration Sum - Affected Sum - Unaffected Public 16 Most Affects Least Affects
What did we learn? For CISOs: n Cloud, Mobility and Compliance put pressure on their security programs n Their top concerns are growing… Public 17
CISOs: What kept you up last night? (Q: “What are your top 3 risks right now?”) Public 18
Malware Outbreak 16% Breach of sensitive information 16% Malicious Outsider Threat 8% Malicious Insider Threat 6% Advanced Persistent Threats 5% BYOD Management & Security 5% CISOs: What kept you up last night? (Q: “What are your top 3 risks right now?”) Top 20: •  Malware Outbreak •  Breach of sensitive information •  Malicious Outsider Threat •  Malicious Insider Threat •  Advanced Persistent Threats •  BYOD Management & Security •  Social Engineering •  Privacy & Regulatory Compliance •  Identity Management •  Threat & Vulnerability Management •  3rd Party / Supply Chain Security •  End User Training •  Asset Management •  Cloud Security •  IT Continuity •  People Security •  Server security •  Cyber Threat Intelligence •  Governance •  Insider Unintentional threat 32% 51% Public 19
10% 18% 23% 50% 14% 20% 33% 34% 26% 45% 24% 5% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% I decide based on how much money we have in our budget I look at what parts of the program we need to mature I look at changes to our business strategy I use a risk-based approach 1 2 3 Priority Programs based on risk, business alignment, maturity, cost Public 20
Top risks are growing for my company Public 21 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Top Risk #3 Top Risk #2 Top Risk #1 GROWING for Your Company SHRINKING for Your Company
Top risks are growing for my industry, but even more! Public 22 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Top Risk #3 Top Risk #2 Top Risk #1 GROWING for Your Industry SHRINKING for Your Industry
What did we learn? For CISOs: n  Cloud, Mobility and Compliance put pressure on their security programs n  Their top concerns are growing, but n  They aren’t confident in their current controls … Public 23
Q: How confident your current controls working? A: Slightly more than 50% L Public 24 0% 25% 50% 75% 100% Top Risk #1 Top Risk #2 Top Risk #3
What did we learn? For CISOs: n  Cloud, Mobility and Compliance put pressure on their security programs n  Their top concerns are growing, but n  They lack confidence in their current controls, and n  They struggle to measure impact on the business Public 25
Lack of Metrics, Unable to Map to Business Impact Q: Do you have metrics to track your top risks? A: Half do NOT have metrics (!) Public 26 No Yes 0% 10% 20% 30% 40% 50% 60% Top Risk #1 Top Risk #2 Top Risk #3
WHAT ARE THEY PLANNING TO DO ABOUT IT? Survey Results Public 27
Protecting Corporate Data – At Every Enforcement Point Data-centric controls to protect enterprise information are hot. Most desired control for any enforcement point. As IT hands off infrastructure control, CISOs focus on the data. Shared risk models – a nod to the expanding universe of user devices and the dissolving enterprise perimeter. Public 28
Endpoint Security Controls Public 29 12% 15% 9% 19% 13% 16% 16% 6% 9% 6% 29% 13% 5% 22% 12% 12% 13% 15% 10% 19% 19% 0% 10% 20% 30% 40% 50% 60% 70% (Consumer) Patching, field upgrades Sandboxing / Containerization (Enterprise/Consumer) Incident Response Automation, Orchestration Information protection and control Enterprise endpoint management (proactive, reactive) Server Security Anti-malware1 2 3 Priority
Mobile/IoT Security Controls Public 30 22% 13% 16% 46% 28% 31% 24% 18% 21% 29% 31% 19% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Enterprise endpoint / App / Security Posture management Vulnerability Management Threat management Information protection and control (DLP, tracking, masking, encryption) 1 2 3 Priority
Messaging, Collaboration, File Sync/Sharing Security Controls Public 31 41% 16% 24% 13% 6% 22% 22% 18% 21% 18% 15% 28% 21% 26% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Information protection and control (DLP, tracking, masking, encryption) Antispam / Antiphishing / Brand Reputation Antivirus / Antimalware Encryption / Encryption Key Management Social Media / Social Networks Content filtering 1 2 3 Priority
21% 26% 13% 7% 32% 29% 15% 21% 15% 21% 21% 29% 22% 12% 16% 0% 10% 20% 30% 40% 50% 60% 70% 80% Encryption / Encryption Key Management Web application firewall Database Firewall / Activity Monitoring Sandboxing / Process isolation lightweight containers Information protection and control (DLP, tracking, masking, encryption)1 2 3 Priority Infrastructure Security Controls Public 32
4. Automate All the Things CISOs want automation, orchestration to manage point solution sprawl. APIs: Three-quarters of CISOs are building or integrating solutions to address their top risks. Public 33
Q: Did you need to build something custom to address? A: Yes, we had to build something to address our top risks. Public 34 0% 25% 50% 75% 100% Top Risk #1 Top Risk #2 Top Risk #3
4. Automate All the Things Anecdotes: n  “I’m always adding new controls, I can’t turn anything off!” n  “When tool X finds something wrong, why can’t system Y apply a fix or contain the risk?” n  “I can’t afford to keep adding staff to monitor GUIs and consoles. Why can’t tools automate this?” Public 35
SURPRISES AND OPEN QUESTIONS What did we learn? Public 36
Agile/DevOps: Equally impactful and not impactful Public 37 Top Forcing Functions
Are APT and State-Sponsored Espionage a top concern? No: Top Forcing Functions Yes: Top RisksVersus Public 38 Advanced Persistent Threats 5%
Long-tail of individual “top concerns” Top Risks, Categorized Public 39
9% 6% 22% 26% 28% 9% 0% 5% 10% 15% 20% 25% 30% Software-Defined Networking & Security Automation Network Admission Control Firewall Unified threat management (UTM) Intrusion detection and prevention Cloud Service Brokers / Cloud Application Gateways1 Priority Network Security Controls – don’t address top externalities Public 40
0% 5% 10% 15% 20% 25% 30% Software-Defined Networking & Security Automation Network Admission Control Firewall Unified threat management (UTM) Intrusion detection and prevention Cloud Service Brokers / Cloud Application Gateways1 Priority …But implementing Cloud gateways would Public 41
IAM – Still biased towards basic controls Public 42 9% 3% 6% 25% 22% 10% 25% 12% 9% 9% 26% 13% 18% 13% 9% 25% 12% 12% 13% 18% 12% 0% 10% 20% 30% 40% 50% 60% 70% Converged physical / logical security PKI, Digital Certificates Social Media Indentity Management User provisioning and identity management especially Cloud, SaaS, social media Web SSO (includes federation) Risk-, behavior-, context-based authentication, authorization Advanced authentication & identification schemes 1 2 3 Priority
31% 10% 15% 44% 22% 9% 28% 41% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Threat Feeds, Intelligence, Sharing Forensics and incident investigation (includes "Mandiant In A Box") Incident Response Automation, Orchestration Proactive detection, automated / real-time response 1 2 Priority Incident Response – Need actionable data, not more feeds Public 43
INSIGHTS – CALL TO ACTION Information Security Market Public 44
Insights & Calls to Action 1.  IT handing off infrastructure control of endpoints and networks –  Shared risk requires *aaS vendors to have security and auditability core features –  Authentication and Data become the new perimeters; controls move closer to data –  User endpoints are typical attack vector; focus on intel, orchestration, encrypt/wipe –  Build “right to audit”, security best practices in your partner agreements; test them 2.  Predictive, behavioral analytics become standard security features –  Broad, horizontal function applicable everywhere (logs, app execution, network) –  Potential to increase confidence, faster remediation, lower false positives –  Early market, room for maturity. Start building simple metrics to measure efficacy. Public 45
Insights & Calls to Action 3.  Teams embrace automation, SecDevOps, cloud security services –  Integrating security into dev workflows improves visibility, consistency, efficacy –  Security products will offload compute, storage to cloud to keep up with attackers –  Buy/build products based on APIs not GUIs, data interoperability –  Worry less about threat feeds, focus on incident response and automation 4.  Virtuous Cycle to focus on improving your security program maturity –  Mature security programs have more confidence in their controls –  Measurability leads to better insights, confidence, prioritization 5.  CISOs, exec mgmt, Boards need broad security metrics, risk insights –  Aggregate your security point solutions to build holistic risk scores –  Identify, create metrics that show security program’s impact on business Public 46
Insights & Calls to Action 6.  Future Look: Enterprise security controls respect user privacy –  End users are becoming their own Chief Privacy and Security Officers. –  Confluence of forces: Work/Life Integration, Mobility, BYOD, Privacy –  Mutually beneficial: Users trust security teams to protect their BYOD, still protect corporate data –  New class of vendors observing a personal/work separation in usage, flows Public 47
Bill Burns | CISO | Informatica | BBurns@Informatica.com | @x509v3 Thank you! Security-Research@ScaleVP.com Public 48

Recommended

What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPSymantec
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 

Recommended

What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPSymantec
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Positive Hack Days
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachOmar Khawaja
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
 

More Related Content

What's hot

To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Positive Hack Days
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachOmar Khawaja
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 

What's hot (20)

To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Cyber security
Cyber securityCyber security
Cyber security
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
 

Similar to Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst

Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissEnterprise Mobile
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
IoT - Data Management Trends, Best Practices, & Use Cases
IoT - Data Management Trends, Best Practices, & Use CasesIoT - Data Management Trends, Best Practices, & Use Cases
IoT - Data Management Trends, Best Practices, & Use CasesCloudera, Inc.
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014Ashlie Steele
 
The impact of mobile devices on information security
The impact of mobile devices on information securityThe impact of mobile devices on information security
The impact of mobile devices on information securityBee_Ware
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataEnterprise Management Associates
 
Retail Week: Cloud Security
Retail Week: Cloud SecurityRetail Week: Cloud Security
Retail Week: Cloud SecurityDatapipe
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Enterprise Management Associates
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapEnterprise Management Associates
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享m12016changTIIMP
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 

Similar to Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst (20)

Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy World
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
IoT - Data Management Trends, Best Practices, & Use Cases
IoT - Data Management Trends, Best Practices, & Use CasesIoT - Data Management Trends, Best Practices, & Use Cases
IoT - Data Management Trends, Best Practices, & Use Cases
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a Crisis
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems Today
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014
 
The impact of mobile devices on information security
The impact of mobile devices on information securityThe impact of mobile devices on information security
The impact of mobile devices on information security
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 
Retail Week: Cloud Security
Retail Week: Cloud SecurityRetail Week: Cloud Security
Retail Week: Cloud Security
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst

  • 1. ScaleVP CISO Research: Investing in Information Security Bill Burns, CISO
  • 2. Today’s Goals n  What trends affect your security program? n  What are other CISOs doing about them? n  What should you focus on going forward? Public 2
  • 3. Who and Why am I here? n  Goal: Invest in InfoSec, share back to security community n  Background in Security @ scale –  Co-developed Amazon CloudHSM for IaaS hardware roots of trust –  Deployed one of the largest distributed, hybrid cloud WAFs –  Corporate IT “all-cloud”, mobile-first security strategy –  Public Root CAs, PKIs n  Active advisor: RSA Conference Committee, ISSA CISO Forum, ISSA CISO Career Lifecycle, Startup Technical Advisory Boards n  Previously: Public 3
  • 4. ABOUT THE SURVEY Survey Results: InfoSec Organizational Structure Public 4
  • 5. Research Methodology 1.  Scale Venture Partners: 35-question survey 2.  In-person interviews: 22 peer CISOs, across 15 industries 3.  Expanded survey via (Wisegate : Total data set: n=102 4.  Only small variations between both datasets 5.  Not statistically rigorous, Margin of Error= +/-7% @ 90% confidence Public 5
  • 6. Demographics – Reporting Structure Public 6 Other: •  COO •  CTO •  Managing Director •  EVP •  Strategy Impacts budget approval, project prioritization, implementation friction CRO/Risk 10% CIO 63% CFO 7% CEO/ President 5% Legal/ Privacy 4% Other 11% Who does Security Lead / CISO report to?
  • 7. How is Security Organized within your company? Centralized 55% By LoB 5% Hybrid 37% Other 3% Impact to project approval, implementation processes, ability to execute Public 7
  • 8. Who handles operational security tasks? Security Dept 46% Exclusively Other Teams 18% Shared 36% Examples: •  Firewall rules, maintenance •  System Patching •  Vulnerability Scanning •  Configuration Management Impact to budget approval, implementation processes, operational ownership, mean time to resolution Public 8
  • 9. HOW DID WE GET HERE? Top Trends: Where are we headed? Public 9
  • 10. Security Forcing Functions – Mobility & BYOD (1) Pew Research, Jan 2014 | (2) Gartner May 2013, (3) Nov 2013 Smartphones: 58% Tablets: 42% By 2017, 50% of employers will require you to BYOD[2] for work. By 2018, 25% of enterprise traffic will flow directly mobile-to-cloud.[3] Public 10
  • 11. Security Forcing Function – Cloud-IaaS n  Clouds are compelling for businesses, hard for old security controls to match pace n  AWS Example: –  ~Quadrupled # of services in past 4 years –  Reduced pricing 42 times in 8 years as they age equipment out Source: AWS Public 11 4,000,000 3,000,000 2,000,000 1,000,000 0 5/2010 11/2010 4/2011 10/2011 5/2012 10/2012 Toal Amazon Elastic Map Reduce (EMR) Clusters Launched by Customers 3.7 M Clusters Launched since May 2010 Q4 2006Q1 2007Q2 2007Q3 2007Q4 2007Q1 2008Q2 2008Q3 2008Q4 2008Q1 2009Q2 2009Q3 2009Q4 2009Q1 2010Q2 2010Q3 2010Q4 2010Q1 2011Q2 2011Q3 2011Q4 2011Q1 2012Q2 2012 Amazon S3: Total Objects 1.3 Trillion total objects 835,000 peak requests/sec
  • 12. Even Security Products Are Embracing Cloud Services Public 12 0 500 1000 1500 2000 2500 3000 3500 4000 2010 2011 2012 2013 2014 2015 2016 2017 Global Cloud-Based Security Forecast 18 19 19 20 21 21 23 23 26 27 0 5 10 15 20 25 30 Email security services Web security services Website protection (fraud, DoS) Application security testing Identity and access management Security intelligence engines Vulnerability assessment services Web application firewall as a service SIEM as a service Tokenization/encryption as a service % of respondents Cloud security services consumed over the next 12 months
  • 13. WHAT DID WE LEARN? Survey Results Public 13
  • 14. What did we learn? n  Cloud usage at companies falls into three buckets. Which describes yours? –  Cloud Always: New companies. Born with the Cloud. No desire for on-prem infrastructure. –  Cloud First: Existing companies. Pick Cloud-based alternatives first. –  Cloud Cautious: Laggards or Heavily-regulated. See the benefits in limited use cases. Public 14
  • 15. What did we learn? For CISOs: n Cloud, Mobility and Compliance put pressure on their security programs Public 15
  • 16. CISOs: Externalities and Forcing Functions Q: “What top trends most/least affect your security program?” CISOs are most concerned about Maintaining security and compliance while losing direct control of the underlying infrastructure. 0 10 20 30 40 50 Agile/DevOps BYOD Consumerization of IT / Shadow IT Increased regs or compliance Mobile/IoT IT Automation / API-level integrations Mobility (smartphones and tablets) Cloud-SaaS Ubiquitous Internet Access Cloud-IaaS Weaponization of the Internet / State-sponsored espionage Work / Life Integration Sum - Affected Sum - Unaffected Public 16 Most Affects Least Affects
  • 17. What did we learn? For CISOs: n Cloud, Mobility and Compliance put pressure on their security programs n Their top concerns are growing… Public 17
  • 18. CISOs: What kept you up last night? (Q: “What are your top 3 risks right now?”) Public 18
  • 19. Malware Outbreak 16% Breach of sensitive information 16% Malicious Outsider Threat 8% Malicious Insider Threat 6% Advanced Persistent Threats 5% BYOD Management & Security 5% CISOs: What kept you up last night? (Q: “What are your top 3 risks right now?”) Top 20: •  Malware Outbreak •  Breach of sensitive information •  Malicious Outsider Threat •  Malicious Insider Threat •  Advanced Persistent Threats •  BYOD Management & Security •  Social Engineering •  Privacy & Regulatory Compliance •  Identity Management •  Threat & Vulnerability Management •  3rd Party / Supply Chain Security •  End User Training •  Asset Management •  Cloud Security •  IT Continuity •  People Security •  Server security •  Cyber Threat Intelligence •  Governance •  Insider Unintentional threat 32% 51% Public 19
  • 20. 10% 18% 23% 50% 14% 20% 33% 34% 26% 45% 24% 5% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% I decide based on how much money we have in our budget I look at what parts of the program we need to mature I look at changes to our business strategy I use a risk-based approach 1 2 3 Priority Programs based on risk, business alignment, maturity, cost Public 20
  • 21. Top risks are growing for my company Public 21 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Top Risk #3 Top Risk #2 Top Risk #1 GROWING for Your Company SHRINKING for Your Company
  • 22. Top risks are growing for my industry, but even more! Public 22 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Top Risk #3 Top Risk #2 Top Risk #1 GROWING for Your Industry SHRINKING for Your Industry
  • 23. What did we learn? For CISOs: n  Cloud, Mobility and Compliance put pressure on their security programs n  Their top concerns are growing, but n  They aren’t confident in their current controls … Public 23
  • 24. Q: How confident your current controls working? A: Slightly more than 50% L Public 24 0% 25% 50% 75% 100% Top Risk #1 Top Risk #2 Top Risk #3
  • 25. What did we learn? For CISOs: n  Cloud, Mobility and Compliance put pressure on their security programs n  Their top concerns are growing, but n  They lack confidence in their current controls, and n  They struggle to measure impact on the business Public 25
  • 26. Lack of Metrics, Unable to Map to Business Impact Q: Do you have metrics to track your top risks? A: Half do NOT have metrics (!) Public 26 No Yes 0% 10% 20% 30% 40% 50% 60% Top Risk #1 Top Risk #2 Top Risk #3
  • 27. WHAT ARE THEY PLANNING TO DO ABOUT IT? Survey Results Public 27
  • 28. Protecting Corporate Data – At Every Enforcement Point Data-centric controls to protect enterprise information are hot. Most desired control for any enforcement point. As IT hands off infrastructure control, CISOs focus on the data. Shared risk models – a nod to the expanding universe of user devices and the dissolving enterprise perimeter. Public 28
  • 29. Endpoint Security Controls Public 29 12% 15% 9% 19% 13% 16% 16% 6% 9% 6% 29% 13% 5% 22% 12% 12% 13% 15% 10% 19% 19% 0% 10% 20% 30% 40% 50% 60% 70% (Consumer) Patching, field upgrades Sandboxing / Containerization (Enterprise/Consumer) Incident Response Automation, Orchestration Information protection and control Enterprise endpoint management (proactive, reactive) Server Security Anti-malware1 2 3 Priority
  • 30. Mobile/IoT Security Controls Public 30 22% 13% 16% 46% 28% 31% 24% 18% 21% 29% 31% 19% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Enterprise endpoint / App / Security Posture management Vulnerability Management Threat management Information protection and control (DLP, tracking, masking, encryption) 1 2 3 Priority
  • 31. Messaging, Collaboration, File Sync/Sharing Security Controls Public 31 41% 16% 24% 13% 6% 22% 22% 18% 21% 18% 15% 28% 21% 26% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Information protection and control (DLP, tracking, masking, encryption) Antispam / Antiphishing / Brand Reputation Antivirus / Antimalware Encryption / Encryption Key Management Social Media / Social Networks Content filtering 1 2 3 Priority
  • 32. 21% 26% 13% 7% 32% 29% 15% 21% 15% 21% 21% 29% 22% 12% 16% 0% 10% 20% 30% 40% 50% 60% 70% 80% Encryption / Encryption Key Management Web application firewall Database Firewall / Activity Monitoring Sandboxing / Process isolation lightweight containers Information protection and control (DLP, tracking, masking, encryption)1 2 3 Priority Infrastructure Security Controls Public 32
  • 33. 4. Automate All the Things CISOs want automation, orchestration to manage point solution sprawl. APIs: Three-quarters of CISOs are building or integrating solutions to address their top risks. Public 33
  • 34. Q: Did you need to build something custom to address? A: Yes, we had to build something to address our top risks. Public 34 0% 25% 50% 75% 100% Top Risk #1 Top Risk #2 Top Risk #3
  • 35. 4. Automate All the Things Anecdotes: n  “I’m always adding new controls, I can’t turn anything off!” n  “When tool X finds something wrong, why can’t system Y apply a fix or contain the risk?” n  “I can’t afford to keep adding staff to monitor GUIs and consoles. Why can’t tools automate this?” Public 35
  • 36. SURPRISES AND OPEN QUESTIONS What did we learn? Public 36
  • 37. Agile/DevOps: Equally impactful and not impactful Public 37 Top Forcing Functions
  • 38. Are APT and State-Sponsored Espionage a top concern? No: Top Forcing Functions Yes: Top RisksVersus Public 38 Advanced Persistent Threats 5%
  • 39. Long-tail of individual “top concerns” Top Risks, Categorized Public 39
  • 40. 9% 6% 22% 26% 28% 9% 0% 5% 10% 15% 20% 25% 30% Software-Defined Networking & Security Automation Network Admission Control Firewall Unified threat management (UTM) Intrusion detection and prevention Cloud Service Brokers / Cloud Application Gateways1 Priority Network Security Controls – don’t address top externalities Public 40
  • 41. 0% 5% 10% 15% 20% 25% 30% Software-Defined Networking & Security Automation Network Admission Control Firewall Unified threat management (UTM) Intrusion detection and prevention Cloud Service Brokers / Cloud Application Gateways1 Priority …But implementing Cloud gateways would Public 41
  • 42. IAM – Still biased towards basic controls Public 42 9% 3% 6% 25% 22% 10% 25% 12% 9% 9% 26% 13% 18% 13% 9% 25% 12% 12% 13% 18% 12% 0% 10% 20% 30% 40% 50% 60% 70% Converged physical / logical security PKI, Digital Certificates Social Media Indentity Management User provisioning and identity management especially Cloud, SaaS, social media Web SSO (includes federation) Risk-, behavior-, context-based authentication, authorization Advanced authentication & identification schemes 1 2 3 Priority
  • 43. 31% 10% 15% 44% 22% 9% 28% 41% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Threat Feeds, Intelligence, Sharing Forensics and incident investigation (includes "Mandiant In A Box") Incident Response Automation, Orchestration Proactive detection, automated / real-time response 1 2 Priority Incident Response – Need actionable data, not more feeds Public 43
  • 44. INSIGHTS – CALL TO ACTION Information Security Market Public 44
  • 45. Insights & Calls to Action 1.  IT handing off infrastructure control of endpoints and networks –  Shared risk requires *aaS vendors to have security and auditability core features –  Authentication and Data become the new perimeters; controls move closer to data –  User endpoints are typical attack vector; focus on intel, orchestration, encrypt/wipe –  Build “right to audit”, security best practices in your partner agreements; test them 2.  Predictive, behavioral analytics become standard security features –  Broad, horizontal function applicable everywhere (logs, app execution, network) –  Potential to increase confidence, faster remediation, lower false positives –  Early market, room for maturity. Start building simple metrics to measure efficacy. Public 45
  • 46. Insights & Calls to Action 3.  Teams embrace automation, SecDevOps, cloud security services –  Integrating security into dev workflows improves visibility, consistency, efficacy –  Security products will offload compute, storage to cloud to keep up with attackers –  Buy/build products based on APIs not GUIs, data interoperability –  Worry less about threat feeds, focus on incident response and automation 4.  Virtuous Cycle to focus on improving your security program maturity –  Mature security programs have more confidence in their controls –  Measurability leads to better insights, confidence, prioritization 5.  CISOs, exec mgmt, Boards need broad security metrics, risk insights –  Aggregate your security point solutions to build holistic risk scores –  Identify, create metrics that show security program’s impact on business Public 46
  • 47. Insights & Calls to Action 6.  Future Look: Enterprise security controls respect user privacy –  End users are becoming their own Chief Privacy and Security Officers. –  Confluence of forces: Work/Life Integration, Mobility, BYOD, Privacy –  Mutually beneficial: Users trust security teams to protect their BYOD, still protect corporate data –  New class of vendors observing a personal/work separation in usage, flows Public 47
  • 48. Bill Burns | CISO | Informatica | BBurns@Informatica.com | @x509v3 Thank you! Security-Research@ScaleVP.com Public 48