1 LIVE WEBINAR Data Protection: Safeguarding your business today & tomorrow Wednesday, November 25, 2009 12:30 PM - 1:30 PM (AEDST), Sydney Australia Conference Number: Australia: 1800 098 754 New Zealand: 0800 447 860 Your conference ID #: 42727822
Jan 13, 2015
1
LIVE WEBINAR
Data Protection: Safeguarding your business today & tomorrow
Wednesday, November 25, 2009 12:30 PM - 1:30 PM (AEDST), Sydney Australia
Conference Number: Australia: 1800 098 754 New Zealand: 0800 447 860
Your conference ID #: 42727822
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
IBRSwww.ibrs.com.au
Current issues in information security, and the value of data
James TurnerAdvisor
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
Presentation outline• About IBRS• Analysis of current issues
– Data Loss Prevention– Mobility of workers– The cloud
What is the common thread?
“Colour Beginning”J.(M.W.) Turner
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
Our advisors
Dr Kevin McIsaac
Terry Dargan
Dr Colin Boswell
Joseph Sweeney
James Turner
Alan Hansell
Rob Mackinnon
Guy Cranswick
Irene Pimentel
Brian Bowman
Jorn Bettin
Peter Hind
IBRS is an Australian company providing timely advice, insightful judgement, and thorough research
to benefit IT and business managers in Australasian organisations.
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
• We’re focussing on:– Confidentiality
• Defend
– Availability• Recover
The CIA triad
Confidentiality
Integrity
Availability
Your sensitive data needs all 3 attributes
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
• Data Loss Prevention• Mobility of workers• The cloud
The issues and trends
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
• Licensing – complex (immature)
• More resources– False alerts and – genuine alerts
• Can be useful for audit• Really poorly named!
Data Loss Prevention
"The scream"Edvard Munch
Business cases based on fear of public disclosure
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
• Lots of people, using lots of devices,to do lots of stuff, to lots of data, on lots of systems
• Complexity is driven by diversity (multiformity)– Complexity is not your friend
Mobility of workers
Virtualisation is the market response to rampant multiformity
The PED trilemmaSource: "Portable electronic devices (PEDs): a frog close to the boil", IBRS, February 2008
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
The cloud
The Cloud
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
• Adoption:– Yes– No– Maybe– It depends
• Resilience, and the location of the data
The cloud
Big migrations will make the news, because they are the exceptions
"Clouds"John Constable
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
The value of the data• These 3 threads all have the data as their core
issue. Clearly the data is paramount!1. Data Loss Prevention
• Endpoint encryption E.g. Client USB key lost on main street
2. Mobility of employees and data• Availability of data to roaming employees
3. Resilience/Availability• E.g. Flooded computer room from faulty aircon
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
Incident response lifecycleMitigate risks
Backup important data
Restore
Life is too short to only learn from your own mistakes
Research & Advisory Services | Consulting | Facilitation
© Copyright 2009 IBRS All rights reserved.
IBRSwww.ibrs.com.au
Current issues in information security, and the value of data
James TurnerAdvisor
Andrew Fry
Business Unit Executive
Business Continuity & Resiliency Services,
IBM Global Technology Services
15
Data Security Services – Endpoint Data ProtectionPGP Corporation Encryption Software and Support
Benefits
Help protect business data in transit and at rest—even beyond the enterprise network Designed to protect sensitive data on endpoint devices—including laptops, hand-helds, and
removable storage devices—against unauthorised exposure Reduces the need for in-house security experts with IBM 24x7x365 support and
professional services
What does PGP Encryption do?
Full disk encryption to protect data even when a device is lost or stolen Selective file or folder encryption to protect data during use Control over and protection of data on removable storage devices Identification of sensitive data and monitoring of usage Policy engine to enforce corporate policies on endpoint devices
16
PGP Encryption – Example
Company: A mining and exploration company operating in a highly competitive and volatile market.
Problem: Suffered from leakage of sensitive corporate data as a result of stolen employee’s laptop.
Solution: Security specialists from IBM ISS implemented a PGP® Whole Disk Encryption solution to protect sensitive corporate data on desktops, laptops and removable media.
Benefits: 1) Peace of mind that sensitive data is constantly protected from unauthorised access, providing strong security for intellectual property and reduced competitive risk
2) Data is protected without changing the user experience
3) Reduced operational costs by centrally automating encryption policies
17
Data Backup and Restoration servicesCloud delivered, fully managed service
Disk, tape and virtual tape-based backup and recovery for data centres, and remote sites
Protect the core: Onsite and Remote data protection
Scalable on-demand services architecture
Disk-based backup and recovery for Desktops and laptops
Protect the edge: Fastprotect Online
• Managed service including scalable hardware, software, monitoring, management and reporting
• Near 100% backup success rate in 24hr period
• Usage based, monthly fee (pay as you go)
18
• A managed service that automatically protects business critical data servers
Remote Data Protection
Automatic, reliable protection for your critical data that can be restored virtually anywhere, anytime
19
• Fully Managed backup service•Internet / Private network•Customer network
• Virtual Server Recovery
A Better way to recover data and server infrastructureCombine Data backup via cloud, and virtualised disaster recovery servers
IBM Recovery Centre
20
Server and Data recovery - Example
Company: Financial services firm, servicing mid-size organisations in Australia
Problem: Business demanded faster recovery times and assurance that data was being protected every day across distributed sites, and all within existing budget.
Solution: Implemented IBM Remote Data Protection to backup critical server data to secure IBM facility, on a pay-as-you-go service. IBM coupled the backup service with IBM Virtual Server recovery to provide complete offsite server and data recovery solution, for a shared price point.
Benefits: 1) Client achieved vastly improved recovery times, without needing to invest in expensive dedicated infrastructure
2) Daily reports confirming critical data is securely backed up
3) Storage capacity scales up/down based on usage (opex model)
21
Data Protection ServicesAvoid data loss or leakage, and have a plan for recovery
Mitigate risks
Backup important data
Restore
22
THANK YOU