Straw Program - Topics that highlight Ericsson’s IP expertise - Leverage Ericsson’s strengths and apply to new technology and issues to resolve. (e.g, MBH) - Focus on operator perspective and pain points - Cover emerging tech and tech we have “on the truck” - Include “friendly” partners to show not working in a vacuum - Industry thought leaders for keynotes to highlight technical business drivers - One track for non-technical business related content* - Possible Friday customer meetings • 2-3 distinct parallel tracks. • Could have side room for “Meet the Engineer” private sessions. Continuous Multilayer Protection: - Operationalizing a Security Framework Mats Nilsson
16
Embed
Continuous Multilayer Protection: Operationalizing a Security Framework
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Straw Program
- Topics that highlight Ericsson’s IP
expertise
- Leverage Ericsson’s strengths and
apply to new technology and issues to
resolve. (e.g, MBH)
- Focus on operator perspective and
pain points
- Cover emerging tech and tech we have
“on the truck”
- Include “friendly” partners to show not
working in a vacuum
- Industry thought leaders for keynotes to
highlight technical business drivers
- One track for non-technical business
related content*
- Possible Friday customer meetings
• 2-3 distinct parallel tracks.
• Could have side room for “Meet the Engineer” private sessions.
Continuous Multilayer Protection:- Operationalizing a Security Framework
Mats Nilsson
2015-05-25 | Page 2
Connectivity more and more part of our life
1875 20001975
10
30
50
15 years
50 billion connected devices
25 years
5 billion connected people
100 years
1 billion connected places
20
40
Con
ne
ctio
ns (
bill
ion
)
2020
2015-05-25 | Page 3
Connectivity integrated into our way of life
Collaboration
Innovation
Privacy
Competence
Trust
Socializing
Learning
Everything
PEOPLE do
Media
Commerce
Security
Government
Education
Transport
Healthcare
Utilities
In all parts of
SOCIETY &
BUSINESS
Will be done over a
NETWORK
2015-05-25 | Page 4
NEW OPPORTUNITIES– NEW CHALLENGES
Increased
network capacity
More commerce &
financial transactions
More cloud
storage & services
Open and capable
devices
An IP based unified
global network
New things
get connected
More services
get networked
More decisions
based on real-time data
Policy and regulation
› Status and drivers
– On top of political agendas
– The (global) Economic and
Social impact of the ICT
enabled society
– How to ensure core values
and security in Cyberspace
› Activities and consequences– Definition and scope of Critical
Information Infrastructures (e.g. Communications, Healthcare Energy, Transport
– Operational security requirements and audits
› Voluntary but required to avoid liabilities – US
› Law - EU
– Mitigation through recommended Standards, Best practices, implementation incentives or law/liabilities
› Examples of policy measures– US Executive Order 13636 and
“Cyber security Framework”
– EU› Cyber security strategy
› EU proposed NIS directive
› EU NIS platform
– India › Security requirements and
audits on operators.
› Mandatory local testing of equipment (from 1 April 2015) however alignment with global standards
– Many others….
2015-05-25 | Page 6
our perspective on Security in the networked society
• services should always be available
• security should require minimum effort from users
• communications should be protected
• all access to information and data should be authorized
• manipulation of data in the networks should be possible to detect
• the right to privacy should be protected
SECURITY IN THE NETWORKED SOCIETY
Operator Policies
& Directives
Secure
Operations
Secure
Network
Secure
Products
Laws &
RegulationStandards:
ISO 27001…
3GPP, ITU-T,
IETF…
3GPP SECAM,
ISO 15408…
2015-05-25 | Page 8
System scale
UsersThousands Millions Billions
Enterprise
Telecom Networks
Multiple Networks
Moderate
Large
Very large
Our Focus:Large scale security
2015-05-25 | Page 9
Point security
• Firewalls
• Malware detection
• Intrusion detection
• Content scrubbing
Network & Operational Security
• Software and data integrity verification
• Tamper protection
• Identity management
• Fraud prevention mechanisms
• ISO 27 000 certified operations
• Secure storage
Integrated SecurityCreating Large-scale system Security
• Integrity
• Robustness
• Scalability
• Efficiency
• Confidentiality
• Privacy
• Coordinated defense
• Fast response
Integrated security
Threat
Threat
Threat
2015-05-25 | Page 10
People &
Processes HW & SW Data
TransactionsConfigurationsIdentities
Devices
…and much more
What needs to be trusted
2015-05-25 | Page 11
NE
ED
S
THE ERICSSON TRUST STACK
TRUSTED BUSINESS
TRUSTED OPERATIONS
TRUSTED NETWORKS
TRUSTED PRODUCTS
EN
AB
LE
S
2015-05-25 | Page 12
NIST CS FW mapped to RESPONSIBILITIES
Identify
Protect
Detect
Respond
Recover
NIST CS FW
2015-05-25 | Page 13
integrated process for Product and service development
PRODUCT
SECURITY
FUNCTIONS
PRODUCT
SECURITY
ASSURANCE
PRODUCT
SECURITY
DOCUMENTATION
PRODUCT NEAR
SECURITY
SERVICES
Developing the
right security
functions for a
product or service
Assuring that the
security
functionality works
as expected
Documenting
security
functionality to
enable secure
operations
Provide services to
ensure that
security
functionality is
properly used
Security reliability model:
2015-05-25 | Page 14
FROM: PROTECT ONLY
100% protection is possible
Re-Invention of Cloud SecurityThe Shift to Cloud Requires a New Focus
Hardened end points, users not
devices
Illusion of liability protection:
third party audits,
certifications
Data is locked down
Perimeter-centric: access control,
encryption
Authenticate end points: trusted identity of
users AND devices
Data is portable, in compliance
with local regulations
Data - centric: every data asset is
tagged, tracked, located, verified
Onus for proof: independently
verifiable, mathematical
forensics
2015-05-25 | Page 15
Ericsson Wallet Platform overview of security controls