Cybersecurity: How Virtualization and Threats to Big Data Have Changed the Business Landscape The commercialization of the internet since the 1980’s has continuously and exponentially changed the way of the modern world. This applies to both consumers and businesses alike. On the consumer end, unlimited information is available at the touch of a button. Everyday tasks that used to take time and effort like depositing money in the bank are now as simple as taking a picture with a mobile device and entering your banking information online. From an industry viewpoint, technology creates the opportunity to reach a much wider marketplace and continuously offer new products and solutions to consumers which helps firms not only stay relevant in an ever-changing landscape, but also find new ways to grow revenues. As a result of this paradigm shift, data collection has become an essential component of many business operations. Whether it be the collection of customer information or of internet cookies, the storage of data couldn’t be more important. Naturally, as the necessity for efficient data collection grows, so does the need to protect that information at all costs. It doesn’t take long to find an example of how lack of data protection can impact a major organization. In December of 2013, North American retailer Target was subject to a data breach where hackers were able to collect over 40 million credit and debit card numbers as well as 70 million records of Target customers including names, phone numbers, addresses, and emails 1 . This resulted in a 46% drop in profits in the fourth quarter of 2013 compared to that of the year prior, not to mention the $100M spent by Target to increase their security systems let alone conduct damage control. Another prime example of this issue is that of the recent Ashley Madison hack. For those not familiar, Ashley Madison is an online dating website that allows users to arrange extra-marital affairs. Hackers were able to essentially steal the database user list and went as far as to make the user list publically available for no other apparent reason outside of disagreeing with what the company represents from an ethical point of view. Clearly the world has evolved to the point that data is now imperative in order to conduct business. This has resulted in the need for security and protection of this data. Does $170B Cybersecurity Market by 2020 March 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cybersecurity:HowVirtualizationandThreatstoBigDataHaveChangedtheBusinessLandscapeThecommercializationoftheinternetsincethe1980’shascontinuouslyandexponentiallychangedthewayofthemodernworld.Thisappliestobothconsumersandbusinessesalike.Ontheconsumerend,unlimitedinformationisavailableatthetouchofabutton.Everydaytasksthatusedtotaketimeandeffortlikedepositingmoneyinthebankarenowassimpleastakingapicturewithamobiledeviceandenteringyourbankinginformationonline.Fromanindustryviewpoint,technologycreatestheopportunitytoreachamuchwidermarketplaceandcontinuouslyoffernewproductsandsolutionstoconsumerswhichhelpsfirmsnotonlystayrelevantinanever-changinglandscape,butalsofindnewwaystogrowrevenues.Asaresultofthisparadigmshift,datacollectionhasbecomeanessentialcomponentofmanybusinessoperations.Whetheritbethecollectionofcustomerinformationorofinternetcookies,thestorageofdatacouldn’tbemoreimportant.Naturally,asthenecessityforefficientdatacollectiongrows,sodoestheneedtoprotectthatinformationatallcosts.Itdoesn’ttakelongtofindanexampleofhowlackofdataprotectioncanimpactamajororganization.InDecemberof2013,NorthAmericanretailerTargetwassubjecttoadatabreachwherehackerswereabletocollectover40millioncreditanddebitcardnumbersaswellas70millionrecordsofTargetcustomersincludingnames,phonenumbers,addresses,andemails1.Thisresultedina46%dropinprofitsinthefourthquarterof2013comparedtothatoftheyearprior,nottomentionthe$100MspentbyTargettoincreasetheirsecuritysystemsletaloneconductdamagecontrol.AnotherprimeexampleofthisissueisthatoftherecentAshleyMadisonhack.Forthosenotfamiliar,AshleyMadisonisanonlinedatingwebsitethatallowsuserstoarrangeextra-maritalaffairs.Hackerswereabletoessentiallystealthedatabaseuserlistandwentasfarastomaketheuserlistpublicallyavailablefornootherapparentreasonoutsideofdisagreeingwithwhatthecompanyrepresentsfromanethicalpointofview.Clearlytheworldhasevolvedtothepointthatdataisnowimperativeinordertoconductbusiness.Thishasresultedintheneedforsecurityandprotectionofthisdata.Does
$170BCybersecurityMarketby2020
March2016
thisprotectioncomefrominternallygeneratedprogramsandsoftwareorisitbesttobelicensedouttoathirdparty?Whatkindofthreatsshouldafirmbeawareofandwherecanthebestsolutionbefound?ThisWhitePaperwillexplorehowdatasecurityhasevolvedinrecentyears,whatkindofsolutionsarecurrentlyavailableandhowtheintroductionofcloudcomputinghaschangedthesoftwaresecurityindustryinitsalreadyshortexistence.SizeoftheCybersecurityMarketWiththeuseofdatagrowingexponentiallysoistheneedtoprotectit.Forbesestimatesthattheworldwidecybersecurityindustrytotalled$75billionin2015andisprojectedtogrowto$170billionby20202.Cybersecurityisarelativelyvagueterm,howeveritincorporatessecuritymeasuresfromtechnologyfieldssuchastheInternetofThings(IoT),fintechanddatacollection.Infact,IoTrelatedsecurity(includedintheoriginalfigure)isanindustrycurrentlyestimatedat$6.89billionandexpectedtogrowto$29billionby20203.Cloudsecurityandmobilesecurityareothersegmentsofthemarketthataccountforapproximately68%ofthemarketandareprojectedtogrowat9.8%CAGRby20204.Atestamenttohowquicklythismarketisgrowingistheintroductionofcybersecurityinsurance–insuranceincaseofadatabreach.Approximately$2.5billionwasspentonthisin2015andisexpectedtotripleby20205.HowhastheIndustryChanged?TherearetwomajorwayscompanieshavehadtochangetheirITinfrastructure.Theyaretheresultofbothinnovationandtheneedforconsolidationinanevergrowingworldofdata:
1) Virtualization:Thisreferstocreatingvirtualplatformsratherthanhavingtoconstructphysicalones.Traditionally,companiesbackeduptheirinformationanddataintophysicalharddrives–apracticethatisstillpresenttoday.However,intoday’slandscape,thismethodisonlyusedasabackupintheeventthatonlineserverspaceorcloudspacefails.Virtualizationofserverspacehasallowedcompaniestoeliminatetheneedforlargedatacentersonpremise.Whilethebenefitsofvirtualizationareclear,ithascreatedanadditionalsecurityconcernintheworkplace.
2) CloudComputing:Buildingonthevirtualizationprocess,cloudcomputingisawaytooptimizetheuseofspace.Insteadofhavingtostoreallinternaldataonlargeserversatcompanyheadquarters,cloudcomputingprovidesavirtualizedsolutionforcompanies
tostoretheirdata.Essentially,firmsleaseoutspacewithinthecloud(whichisofferedbythirdparties)andhaveaccesstotheamountofspacetheyneedfortheirdata.Theessentialcomponentofcloudcomputingisthatitallowsallpartiesinvolvedtoaccesstheinformationstoredondemandbothinternallyandfromremotelocations.
Cloudcomputingisnowattheforefrontofinfrastructureforbothlargeandsmallfirmsalike.Asaresult,therearenumerousconsiderationsbeingtakenregardingitssustainabilityandpracticalityinthemodernworkplace.OneimportantfactoristheconsiderationofBringYourOwnDevice(BYOD)intheworkplace–apracticethathasbecomemoreandmorecommonplace.Aswell,companiesareheavilyrelyingonmobileapplicationssuchasDropbox(acloudbasedapp)tomaintaindatawithintheworkforce.Thishasresultedingeneralfearamongemployeesandmanagementregardingthesecurityofappsthatarecloudbased.AccordingtotheCloudUsageRiskandOpportunitiesSurveyReportbytheCSA,whichsurveyedover160ITandsecurityspecialistsacrosstheU.S.,over50%ofrespondentsstatedthatthebiggestconcernaboutcloudbasedapplicationswererelatedtostorage6.Inregardstowhatpoliciespertainingtothecloudaremostheavilybeingreinforced,over80%ofrespondentsindicatedthatcloudstorageandcloudbackupwereattheforefront,aclearsignthatdataleakageandsecurityisoftheutmostimportance7.TypesofSecurityInfrastructuresPerimeterNetworkSecurity:Oneofthemorefamiliarandcommonsecuritymeasuresistheimplementationoffirewalls.Firewallsareintendedtopreventunauthorizedaccessfromunwarrantedpartieswhilestillallowingtheflowofinformationtoandfromacompany’snetworkbyacceptableparties.CloudSecurity:Aswementioned,cloudcomputingintheworkplacehasbeenontherise.However,maintainingtheintegrityofthisdataandprotectingitfromunwantedsourcesisamongthebiggestproblemsandfearsamongusers.Cloudcomputingitselfisn’tlikelytodisappearcreatingalargerdemandforproductsthatcanensurethesecurityofthedatacontainedwithinthecloud.Infact,66%ofITspecialistssaytheirorganization’suseofcloud-basedresourcesreducestheirabilitytoprotectconfidentialinformationand64%believeitmakesitdifficulttosecurebusinesscriticalapplications8.
Changes&ThreatstoFirmsandtheSoftwareTheyUseThetwoexampleslistedpreviouslyaredirectlyindicativeofthetypesofbreachesthataffecttheusersofacompany’sproductsorservices.However,thereisalsothematterofprotectingacompany’sproprietaryinformationaswellasthedatatheyuseonadailybasistoeffectivelyruntheirfirm.Whilethisdatamaynothaveadirectimpactontheconsumerthemselves,itisequallyimportanttothecompanythatthisinformationstayprotected.Arecentstudyattemptedtoestimatetheimpactofdatabreachesonacompanyinafinancialcapacity.Thestudyshowsthatper100,000customers,theestimatedimpactofadatabreachisapproximately$201.28percustomertotaling$20.1Mdollars9.Withthelikelihoodofabreachoccurringbeingestimatedat11.8%,thetotalexpectedvalueofadatabreachequatestoanaverageof$2.37M10.Atthispointweexaminesomeoftheissuesrelatedtocybersecurity.Thecostliesttypeofbreachthatcouldoccurforacompanywouldresultfroma50%increaseinthebackupandstorageofcustomersensitivedata–ifthisinformationwerelostitwouldcostacompanyanaverageof$7.34M11.Anothertypeofcostlydatabreachwouldresultfromtheexpansionofcloudprovideroperationsresultinginfinancialdifficulties(fortheprovider)–estimatedat$7.06M12.Thispointiscoveredbelow:
• Theaccessofinternaluserstoexternalapplicationswarrantstheimplementationofasecuritymeasure.Putsimply,thiswouldbeacaseofanemployeegoingthroughdifferentwebsiteswhileatworkandtheapplicationcouldbeconsideredtheinternaldatabasecontainingcompanyinformation.Organizationsmustbeabletoprotecttheinformationstoredintheapplicationaswellasdetectmaliciouscontentattemptingtoenterintoit.Thestandardsolutiontothisproblemistheimplementationsoffirewalls.HowevertheubiquitoususeofsocialmediaintheworkplacehasexpandedthisthreatleadingtotheintroductionofNextGenerationFirewalls(NGFWs)whichprovidethesameriskmanagementasatraditionalfirewallbutalsoidentifiessafeapplicationswhileenforcingapplication-levelpolicies13.
• Comparatively,externaluseraccesstointernalapplicationsisanotheressentialcomponentofdatasecurity.Thisconcerndirectlyrelatestoacompany’sbottomlineandisinlinewiththetraditionalfearofgettinghacked.Intoday'senvironment,therearesomanyusersofthedatathatitisessentialtodistinguishbetweenusersaccessingitremotelyforlegitimatepurposesandunwantedvirusesorcomputerhackers.Onecommonfearfromthisstyleofattackisknownasdistributeddenial-of-service(DDoS)anditcommonlyemployedasawayofbreachingafirm’sdata.SolutionsmustbeabletoblockDDoSattacksandbeabletoidentifylegitimateusersofthecompany’sdataandmalwareorattacksthatseektocauseharm.
• BringYourOwnDevice(BYOD)hasbecomecommonplaceallowingemployeestoaccess
sensitivedatafromtheirowndevicesfromtheworkplaceandremotely.Thisresultsinthemostdangerousofbreachesshouldithappen14.Approximately53%ofemployeesusetheirowndevicesintheworkplacewhile50%ofthisgroupareconnectingtothecompanycloudviathesedevices15.InherentintheBYODproblemisthatofBringYourOwnCloud(BYOC)whichresultsfromcustomersbringingthirdpartycloudbasedappsintotheworkplacesimplyasafunctionofbringingintheirowndevices.
• Finally,therearerisksassociatedwithactuallyhostingthedatathroughvirtualization–essentiallyinthecloud.Aspreviouslymentioned,oneofthelargersecuritythreatsforcompaniesisthatofstoragemanagement.Accesstothecloudmustbecompletelysecuretoensurethatinformationisnotstolenorcontaminatedbyoutsideforcessuchasmalware.Duetothesizeandscaleofthedataitisessentialthatlatency(i.e.speed)isnotanissueandthatinformationisabletoquicklyandsecurelyflowtoandfromeachnecessaryparty.
CybersecuritySolutionsAsisthenatureofsuchalargeindustry,thereareagrowingnumberofsolutionsbecomingavailabletomeetthecybersecurityneedsofeveryonefromtheconsumerathometomultinationalcorporations.Below,weoutlinethecompanyVirtualArmor,astheyareanall-inclusivedatasecurityprovider.VirtualArmor(VAI.CSE)VirtualArmorisanInformationTechnologycompanyfocusedondeliveringcybersecurityandnetworksolutionstobusinesses.VirtualArmorpartnerswithleadersintheITindustrytoprovidesolutionsandofferstheabilitytocustomizeasolutionbasedonfirmspecificneeds.StrategicpartnersincludeworldleadersintheITsecurityfieldsuchasJuniper,IBM,VMwareandseveralothers.Solutionsinclude:
SecurityIntelligenceSolutions:Onekeytoeffectiveinformationsecurityisvisibility–whoisaccessingwhat,when,andwhere;knowingwhatisnormalbehavior;identifyingabnormalormaliciousbehavior.Intodaysenterprise,thisvisibilitytypicallyequatestohundredsofthousandsoflogentriesfromnetworkandsecuritydevicesandplatforms,mostofwhichcannotbereviewedindepth.VirtualArmorprovidesaSecurityIntelligenceplatformthatwillingestandconsumeallsecurityandaccessrelateddataandlogs,performadvancedanalyticsandeventcorrelationacrossthedatasetinreal-time,providingtheuserwithadistilledviewofidentifiedSecurityIncidentsthatarerelevanttothespecificcustomerenvironmentandsecurityposture.
• CloudApplicationSecuritySolutions:VirtualArmoroffersaCloudSecurityandVisibilitysolutionthatprovidesfullvisibilityintousageofcloudapplicationswithinanorganization,andinmanyinstancesprovideadditionalsecurityandauditcontrolsfortheapplications.Thisserviceallowsuserstosecurelymanagetheinflowandoutflowofsensitivedatafrombothsanctionedandnon-sanctionedcloudapps.
• DDoSProtectionSolutions:DDoSareacommonformofattacksthatfirmsmayface.
Overtime,thesestyleofattackshaveevolvedtobecomebetteratpenetratingsecuritymeasuresandfoundmorecreativewaystoremainunidentified.VirtualArmor’sDDoSsolutionprotectsagainstthelargestandmostsophisticatedDDoStechniquesattheflipoftheswitch–orautomaticallywhenthresholdsareexceeded.Thissolutionensuresacompany’scriticalinternet-facingapplicationsandservicesremainavailablesolelytolegitimateusersandcustomers.
WhilethesesolutionsareamajorcomponentoftheVirtualArmorsuite,theyareonlyafewoftheofferingsthattheyprovide.Traditionally,companiesareforcedtoworkwithseveralthirdpartyproviderstomanagetheirdatasecurity–sometimesseveraldifferentcompaniesoffersolutionstoeachuniqueproblem.Thiscanbestrenuousonafirm’sITdepartmentparticularlyhavingtokeeptrackofwhichserviceproviderresolveswhichsolution.Thisisinefficient,costly,andtimeconsuming.VirtualArmoractsasanumbrellaserviceproviderensuringthatallsecuritymeasuresarecoveredbyonecompanywith24/7supportwhiletakingadvantageofitsrelationshipswithstrategicpartnerstoensurethehighestqualityofprotection.Theseproductsinclude:
• PerimeterNetworkSecurity:Althoughthenetwork“perimeter”continuestogrowandtoblur,traditionalandNextGen(NG)firewallsarestillahighlyeffectivefirstlayerofprotection.Asstatedbefore,thesearefirewallsthatactasafirstlineofdefenseagainstinboundandoutbounddatabothfromtheofficeandremotely.Aswell,thefirm’stechnologyprotectsagainstlowlatency,DDoSattacksandoutlinessinglepointsoffailureimmediately.
• PublicandPrivateCloudSecurity:Currentlyamajortrendincybersecurity,VirtualArmoroffersawidevarietyofsolutionstohelpensurethesecurityofacompany’spublicorprivatecloud.Usingvirtualization-awarestoragesolutionsandvirtualizednetworkfunctionslikesecureroutersandfirewallshostedinthecloud,VirtualArmorworkscloselywithindustryleadingpartnerstoensurethesecurityofthecontentswithinacloud.
• RemoteandMobileAccess:Withindividualmobiledevicesandworkingawayfromthe
officebecomingcommonplaceintheworkforce,thesecurityofremoteaccessandmobiledeviceshasneverbeenmoreimportant.VirtualArmorisabletoworkcloselywithanycompany’sITdepartmentstoensurethatremoteaccesshaslow-latencyandthatthereisminimalriskfromemployeesaccessingsensitivematerialfromtheirremotedevicesoroutsidetheoffice.
Aswecansee,cybersecurityanddatamanagementhasbecomeanincreasinglygrowingconcernforcompaniesofallsizes.Theintroductionofcloudbasedcomputinghasentirelyshiftedtheparadigmofthinkingforcompaniesacrosstheworld.Datamanagementisnowattheforefrontofthemindsofcompaniesthatseektomaintainproductivityinthisnewdigitalageaswellaskeepinformationoutofthehandsofthoseseekingtocauseharm.TheTargetleakandAshleyMadisonleakareonlytwoofcountlessexamplesofbusinessesbeingtakenadvantageofandtheybothgotoshowthedamagethatcanbedonefrombothafinancialperspectiveandreputationperspective.Theseexamplesaretwoofmanythathavealreadyoccurredandwithoutadoubttherewillbemanymoretocome.Asdatasecuritystrengthens,hackersandill-intentionedgroupsfindnewwaystogainaccesstoinformationandcauseharm.Asbusinessesandconsumerscontinuetonavigatetheirwayinadigitaleconomy,cybersecuritywillplayaneverincreasingroleinensuringthatsafetyofallpartiesinvolved.ContactInformationBabakPedramPresidentbpedram@virtusadvisory.com
VirtusAdvisoryGroupInc.1FirstCanadianPlace100KingStreet,West,Suite5600Toronto,ON,M5X1C9T:416-644-5081|f:416-644-8801www.virtusadvisory.com|twitter.com/Virtus_Advisory
AboutVirtusAdvisoryGroupVirtusAdvisoryGroupisanindependentcapitalmarketsadvisoryfirm,providingselectprivateand publicly listed companies with capital markets strategy, investor relations and businessconsulting services. We specialize in helping technology, healthcare and clean energycompaniesstrategicallynavigatethecapitalmarkets,growretailandinstitutionalinvestorbaseandeffectivelycommunicatewithallstakeholders.
DisclaimersTheinformationandrecommendationsmadeavailableherebyTheVirtusAdvisoryGroupInc.(“VirtusAdvisory”)and/orallaffiliatesisforinformationpurposesonly.Theopinionsexpressedinthisarticlearebaseduponouranalysisandinterpretationofwidelyavailablemarketandcompanyinformation,andnottobeusedorconstruedasanoffertosellorsolicitationofanoffertobuyanyservicesorsecurities.VirtusAdvisorynoritsprincipals,officers,directors,representatives,andassociateswillbeliablefortheaccuracyoftheinformationincludedinthisarticlenorshallbeliableforanylossesorliabilitiesthatmaybeoccasionedasaresultoftheinformationorcommentaryprovidedinthisarticle.VirtusAdvisorymayactascapitalmarketsadvisorforcertainorallofthecompaniesmentionedinthisarticle,andmayreceiveremunerationforitsservices.VirtusAdvisoryand/oritsprincipals,officers,directors,representatives,andassociatesmayhaveapositioninthesecuritiesmentionedinthisarticleandmaymakepurchasesand/orsalesofthesesecuritiesfromtimetotimeintheopenmarketorotherwise.Donotconsiderbuyingorsellinganystockwithoutconductingyourownduediligence.Priortomakinganyinvestmentdecision,itisrecommendedthatyouseekoutsideadvicefromaqualifiedorregisteredinvestmentadvisor.
Copyright©2016byVirtusAdvisoryGroup
Allrightsreserved.Nopartofthispublicationmaybereproduced,distributed,ortransmittedinanyformorbyanymeans,includingphotocopying,recording,orotherelectronicormechanicalmethods,withoutthepriorwrittenpermissionofVirtusAdvisoryGroupInc.,exceptinthecaseofbriefquotationsembodiedincriticalreviewsandcertainothernoncommercialusespermittedbycopyrightlaw.
1TheTargetBreach,BytheNumbers2CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20203CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20204CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20205CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20206CloudUsageRisksandOpportunitiesSurveyReport7CloudUsageRisksandOpportunitiesSurveyReport8Ponemon–DataBreachCloudMultiplierEffect9Ponemon–DataBreachCloudMultiplierEffect10Ponemon–DataBreachCloudMultiplierEffect11Ponemon–DataBreachCloudMultiplierEffect12Ponemon–DataBreachCloudMultiplierEffect13UniqueSecurityChallengesintheDatacentreDemandInnovationSolutions14Ponemon–DataBreachCloudMultiplierEffect15Ponemon–DataBreachCloudMultiplierEffect
Related Documents
