Securing the Digital Transformation Overview
Largest Data Breaches Hacks resulting in loss of more than 30,000 records uTorrent Philippines’ Banner Mail.ru Commission on Health 25000000 Anthem Verizon Elections 800000000 55000000 Clinton Linux Campaign Wendy’s Ubuntu MySpace Latest forums British 164000000 Telegram Syrian Airways Experian / Government T-Mobile VK Carefirst Hacking National AshleyMadison.com Team Childbirth CarPhone Invest Securus 100544934 Japan Trust Warehouse Bank Premera Airlines Technologies 2015 MSpy Dominos 70000000 Adult Friend Pizzas Finder Vtech (France) NASDAQ Kromtech Ebay JP Morgan TalkTalk AOL Chase Community Mac Sony US Office of Health Rumours 76000000 Pictures Personnel Services 2400000 .com Management Target (2 nd Breach) UPS 2014 Apple Neiman Marcus 70000000 A&B US Office of Central Personnel Altegrity Home Depot Nintendo Adobe Hudson Management Staples Gas & LivingSocial 56000000 Yahoo Japan 36000000 Electric OHV 50000000 European Scribd Evernote Central Twitch TV Bank 50000000 2013 Washington State Court System Ubuntu Source: Informationisbeautiful.net Digital Transformation Realized™ 2
Economic Impact from Cybercrime $162m $1 billion $171m Target JPMorgan Sony Digital Transformation Realized™ 3
Risk Mitigation and Digital Transformation 1 The Digital Transformation is driving change in the way IT is leveraged throughout the business 2 The way IT is secured and risks mitigated within the business will also rapidly evolve as threats enter new vectors 3 The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities 4 The defense against the modern (and existing) threats of the Digital Transformation start now Digital Transformation Realized™ 4
The Digital Transformation is driving change in the way IT is leveraged throughout the business
Companies are Becoming More Digital Customers Partners Employees Enabling the customer Enabling partner interactions Driving efficiency experience with technology through technology in internal operations Digital Transformation Realized™ 6
Transformative vs. Non-Transformative Digital Transformation Realized™ 7
Digital Transformation Modern IT Management Secure Mobile Modern Applications Customer Engagement DevOps and IT Service, IoT, Mixed Reality, Business Process CRM, Extranets, B2B solutions Collaboration, ECM, BPM Transformation, Governance Cloud Data Center Mobile Secure Analytics & Data Identity & Device Management , BI, SQL, Predictive Cloud Integration & Management, Analytics, Big Data Unified Communications Digital Transformation Realized™ 8
The way IT is secured and risks mitigated within the business will rapidly evolve as threats enter new vectors
Top New Threats with Financial Impact Customer User Database Compromise Predictive Analytics Compromise IoT Device Compromise Source Code Compromise Internal Identity Compromise Social Engineering Theft Confidential Data Compromise Physical Access paired with Theft Digital Transformation Realized™ 10
Modern Security Layers to Mitigate Risk Network Operating System Identity Application Information Communications Management Physical Digital Transformation Realized™ 11
NIST Security Framework Identify Recover Protect Digital Transformation Respond Detect Digital Transformation Realized™ 12
Risk Mitigation Combining Layers and NIST Identify Network Cloud threat identification Operating System Recover Protect Identity Declarative configuration Cloud consistent protection patterns Application Digital Information Transformation Communications Respond Detect Management Automated response Big data detection patterns mechanisms Physical Digital Transformation Realized™ 13
Modern Security Layers and NIST Identify Network The extent to which traffic can reach the intended destination based on its qualities, being from a known source, appropriate port, and of certain characteristics. Recover Protect Digital Millions of hacked agents Transformation Network boundary is everywhere Respond Detect Applications are customer facing Digital Transformation Realized™ 14
Modern Security Layers and NIST Identify Operating System The extent to which the operating system is protected from attack based on its inherent flaws, as well as the extent to which it provides for modern protections from modern invasive approaches. Recover Protect Digital Out-of-Date Operating Systems Transformation Your clients are your network boundary Respond Detect IoT clients, mobile, and devices exposed Digital Transformation Realized™ 15
Modern Security Layers and NIST Identify Identity The extent to which authentication to an application provides a more important role in security in the modern age, as well as what access the authenticated person has based on role based access control. Recover Protect Digital Weak passwords everywhere Transformation Applications not properly identity secured Respond Detect Brute force techniques increasing in capability Digital Transformation Realized™ 16
Modern Security Layers and NIST Identify Application The security of the actual application itself, as was tested and written using patterns and practices which mitigate known threats and attack vectors. Recover Protect Applications using APIs and Digital features with known flaws Transformation Interaction between application components Respond Detect Boundary security flaws on endpoint Digital Transformation Realized™ 17
Modern Security Layers and NIST Identify Information The extent to which documents and data are protected regardless of location and are controlled based on their qualities. Recover Protect Confidential information is Digital widely accessible Transformation Secure content is used to gain other content Respond Detect Users who “should” have access change Digital Transformation Realized™ 18
Modern Security Layers and NIST Identify Management The extent to which management tools have evolved to address modern threats which require analysis and response exceeding manual effort. These scenarios look more like “big data” and machine learning scenarios than manual reviews and responses that traditional security practices employed. Recover Protect Breadth of threats exceeds Digital human capabilities Transformation Response needs are immediate Respond Detect Employees not properly trained Digital Transformation Realized™ 19
Modern Security Layers and NIST Identify Communications The extent to which application communications (or even personal communications) are protected and private based on identity and application qualities. Recover Protect No assurance that the network Digital is secured Transformation Modern devices are connected to the internet Respond Detect Pass-the-Hash, Password Extraction Digital Transformation Realized™ 20
The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities
Mapping in Technology Solutions NIST CSF to Category / Microsoft technology map PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition Cloud Datacenter Operations Management Suite & System Center PR.DS-4: Adequate capacity to ensure availability is Modern IT Management maintained Data Security (PR.DS): Information and records (data) Customer Enablement Enterprise Mobility Suite are managed consistent with Cloud Datacenter Operations Management Suite & System Center the organization’s risk strategy PR.DS-5: Protections against data leaks are implemented Modern IT Management Azure Resource Management Standards to protect the confidentiality, Office365 integrity, and availability of information. Protect (PR) Customer Enablement Enterprise Mobility Suite PR.DS-6: Integrity checking mechanisms are used to verify Modern IT Management Operations Management Suite & System Center software, firmware, and information integrity Cloud Datacenter Azure Resource Management Standards PR.DS-7: The development and testing environment(s) are Modern IT Management Visual Studio Team Services separate from the production environment Modern IT Management Operations Management Suite &System Center ServiceNow PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained Modern IT Management Visual Studio Team Services PR.IP-2: A System Development Life Cycle to manage systems Operations Management Suite & System Center ServiceNow is implemented Digital Transformation Realized™ 22
Tool Categories and Mapping Modern Operational Modern Service Modern Development Predictive and Automation Management Platform Platform Analytics Platform ServiceNow Operations Visual Studio Azure Machine Management Suite Team Services Learning Digital Transformation Realized™ 23
Tool Categories and Mapping Collaboration Client Management Cloud End User and Business Platform Platform Computing Platform Process Platform Enterprise Mobility + Office365 Azure Platform as a Service Windows 10 Security Suite Dynamics 365 Azure Cloud Platform, Windows Server Microsoft IoT Platform Azure Stack Digital Transformation Realized™ 24
Recommend
More recommend