Content Security For The Next Decade
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Content Security For The Next Decade as PDF for free.
More details
- Words: 780
- Pages: 33
Content security for the next decade Is your organisation ready to weather the storm? Bob Tarzey, Service Director Quocirca Ltd
Security seminar – Nov 11th 2008
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
2
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
3
Percentage saying external users are provided access to internal systems 0%
20%
40%
60%
80%
Finance Utility
Telecomms and Media Public Sector
Retail Industrial
Healthcare Contractors
Partners
Suppliers
Customers
Source, Quocirca, The Distributed Business Index, March 2008 © 2008 Quocirca Ltd
4
Number of employees
Use of laptops
Percentage of laptops 1,200 European and US small and mid-sized businesses, 2006
Number of employees
Use of mobile devices
Employee use of mobiles to access IT 1,200 European and US small and mid-sized businesses, 2006 © 2008 Quocirca Ltd
6
Not a new problem 1980s
Corporate IT Firewall
Print and fax
2008
FTP Email Web
IM Blogs, wikis, RSS Social networks/ virtual worlds
Data, information or content Content generators
Create data and information © 2008 Quocirca Ltd
8
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
9
Nationwide – just a laptop theft?
FSA fine: £980K
© 2008 Quocirca Ltd
10
Cost of data breach
Direct
Theft Fines Disclosure © 2008 Quocirca Ltd
Indirect
Reputation Customer loss Share price
11
Compliance and disclosure Government and EU regulations
US and other non-EU regulations
Industry regulations
Miscellaneous Non-Disclosure Agreement Software Licence Agreement
© 2008 Quocirca Ltd
12
The main sources of data leaks
Internal Employee carelessness/stupidity Broken business processes Poor policy
External – Malware – spyware, phishing, Pharming etc.
External – Hackers Internal – Employee malice © 2008 Quocirca Ltd
13
Causes of leaks – mostly internal
Employee oversight Poor business process Manager approved Malicious Other
Source, Symantec, Risk Assessment Findings, 2008 © 2008 Quocirca Ltd
14
Do employees implement back door solutions for IM, VoIP, web conferencing etc. 0%
10%
20%
30%
40%
Definitely Probably Possibly
No Don't know
Source, Superhighway at the Crossroads –Quocirca, September 2008 © 2008 Quocirca Ltd
15
Use of Web 2.0 technologies in businesses
Heavily Moderately Sparingly Not at all
© 2008 Quocirca Ltd
Source, Quocirca, Why Application Security is Crucial, March 2008
16
Policies and technologies for Limiting or blocking use
Yes
Working on creating them No
Source, Quocirca, Why Application Security is Crucial, March 2008 © 2008 Quocirca Ltd
17
Internal threat - malice Money Coercion Ideology
Oct 2005 © 2008 Quocirca Ltd
18
Ignoring the internal threat
Desire to trust
Provide access
Weak policy Deny
© 2008 Quocirca Ltd
Avoid bad press
19
Number of organisations worldwide targeted by phishing attacks by month (March 2006 to June 2008)
Source, MarkMonitor – October 2008 © 2008 Quocirca Ltd
20
Hacking
© 2008 Quocirca Ltd
21
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
22
The need for policy
Policy should: 1. Aim to prevent breaches 2. Detail how breaches are handled 3. Be reviewed date in light off • New technology • New legislation • New business processes
© 2008 Quocirca Ltd
23
Aim of policy To define how people (internal and external)
Handle content
© 2008 Quocirca Ltd
24
Standard starting points
ISO 27001
© 2008 Quocirca Ltd
25
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
26
Consequences for IT security
Security
People Content
Servers and end points
Network Time © 2008 Quocirca Ltd
27
The encryption conundrum The right data needs to easy to share, with the right people and at the right time
© 2008 Quocirca Ltd
28
Managing end-points User access devices
© 2008 Quocirca Ltd
USB Mania
29
End of life
© 2008 Quocirca Ltd
30
DLP – data leak prevention
Print USB
SMTP
Policy
FTP
Web 2.0 Web Mail
© 2008 Quocirca Ltd
Blogs
HTTP
31
Conclusion The imperative for content security
© 2008 Quocirca Ltd
•
Aim to enable open communications
•
Recognise threats of poor content security
•
Clear policy for communications and content security
•
Technology to enforce in the context of a given business’s requirements
32
Conclusions
Thanks, this presentation will be available on www.quocirca.com
Thank you Bob Tarzey Quocirca www.quocirca.com
© 2008 Quocirca Ltd
33
Security seminar – Nov 11th 2008
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
2
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
3
Percentage saying external users are provided access to internal systems 0%
20%
40%
60%
80%
Finance Utility
Telecomms and Media Public Sector
Retail Industrial
Healthcare Contractors
Partners
Suppliers
Customers
Source, Quocirca, The Distributed Business Index, March 2008 © 2008 Quocirca Ltd
4
Number of employees
Use of laptops
Percentage of laptops 1,200 European and US small and mid-sized businesses, 2006
Number of employees
Use of mobile devices
Employee use of mobiles to access IT 1,200 European and US small and mid-sized businesses, 2006 © 2008 Quocirca Ltd
6
Not a new problem 1980s
Corporate IT Firewall
Print and fax
2008
FTP Email Web
IM Blogs, wikis, RSS Social networks/ virtual worlds
Data, information or content Content generators
Create data and information © 2008 Quocirca Ltd
8
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
9
Nationwide – just a laptop theft?
FSA fine: £980K
© 2008 Quocirca Ltd
10
Cost of data breach
Direct
Theft Fines Disclosure © 2008 Quocirca Ltd
Indirect
Reputation Customer loss Share price
11
Compliance and disclosure Government and EU regulations
US and other non-EU regulations
Industry regulations
Miscellaneous Non-Disclosure Agreement Software Licence Agreement
© 2008 Quocirca Ltd
12
The main sources of data leaks
Internal Employee carelessness/stupidity Broken business processes Poor policy
External – Malware – spyware, phishing, Pharming etc.
External – Hackers Internal – Employee malice © 2008 Quocirca Ltd
13
Causes of leaks – mostly internal
Employee oversight Poor business process Manager approved Malicious Other
Source, Symantec, Risk Assessment Findings, 2008 © 2008 Quocirca Ltd
14
Do employees implement back door solutions for IM, VoIP, web conferencing etc. 0%
10%
20%
30%
40%
Definitely Probably Possibly
No Don't know
Source, Superhighway at the Crossroads –Quocirca, September 2008 © 2008 Quocirca Ltd
15
Use of Web 2.0 technologies in businesses
Heavily Moderately Sparingly Not at all
© 2008 Quocirca Ltd
Source, Quocirca, Why Application Security is Crucial, March 2008
16
Policies and technologies for Limiting or blocking use
Yes
Working on creating them No
Source, Quocirca, Why Application Security is Crucial, March 2008 © 2008 Quocirca Ltd
17
Internal threat - malice Money Coercion Ideology
Oct 2005 © 2008 Quocirca Ltd
18
Ignoring the internal threat
Desire to trust
Provide access
Weak policy Deny
© 2008 Quocirca Ltd
Avoid bad press
19
Number of organisations worldwide targeted by phishing attacks by month (March 2006 to June 2008)
Source, MarkMonitor – October 2008 © 2008 Quocirca Ltd
20
Hacking
© 2008 Quocirca Ltd
21
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
22
The need for policy
Policy should: 1. Aim to prevent breaches 2. Detail how breaches are handled 3. Be reviewed date in light off • New technology • New legislation • New business processes
© 2008 Quocirca Ltd
23
Aim of policy To define how people (internal and external)
Handle content
© 2008 Quocirca Ltd
24
Standard starting points
ISO 27001
© 2008 Quocirca Ltd
25
Agenda
The need for content security The risk landscape Security policy for the business Technology - problem and solution
© 2008 Quocirca Ltd
26
Consequences for IT security
Security
People Content
Servers and end points
Network Time © 2008 Quocirca Ltd
27
The encryption conundrum The right data needs to easy to share, with the right people and at the right time
© 2008 Quocirca Ltd
28
Managing end-points User access devices
© 2008 Quocirca Ltd
USB Mania
29
End of life
© 2008 Quocirca Ltd
30
DLP – data leak prevention
Print USB
SMTP
Policy
FTP
Web 2.0 Web Mail
© 2008 Quocirca Ltd
Blogs
HTTP
31
Conclusion The imperative for content security
© 2008 Quocirca Ltd
•
Aim to enable open communications
•
Recognise threats of poor content security
•
Clear policy for communications and content security
•
Technology to enforce in the context of a given business’s requirements
32
Conclusions
Thanks, this presentation will be available on www.quocirca.com
Thank you Bob Tarzey Quocirca www.quocirca.com
© 2008 Quocirca Ltd
33
Related Documents
Content Security For The Next Decade
May 2020 2
Content Security For The Next Decade
May 2020 2
Content Security For The Next Decade
May 2020 4
For The Next Generation
July 2020 15
Next Generation Content Management: Keynote
July 2020 4