Ip Over Ip
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ip Over Ip as PDF for free.
More details
- Words: 746
- Pages: 13
IP over IP
The impact of convergence on information value Clive Longbottom, Service Director, Quocirca Ltd
Context • Convergence provides cost savings – Via single management – Via single transport • Convergence provides greater capabilities – Greater integration – Better response times • But… • Convergence can lead to greater security risks
© 2007 Quocirca Ltd
The Lure of Convergence • One technology, one set of wires, one means of management • Brings together data, voice, video • Enables multi-channel businesses to act more coherently • But: – Everything is now accessible via a single transport – Everything is stored in a similar way – Information disruption and theft is more attractive
© 2007 Quocirca Ltd
The old days • Data security based on discrete approaches – Application security – Perimeter security – End Point security – VPN transport security • Encryption seen as a discrete, manual solution
© 2007 Quocirca Ltd
Issues • More deperimeterisation in the value chain – Mobile workers – Contractors/consultants – Suppliers and customers • More data at rest – Less of it fully secured – More of it duplicated • More data in movement – Can you count on it being secure?
© 2007 Quocirca Ltd
The Perception of Security • Our systems are protected by: – A firewall – Database security – Challenge/response access – VPNs – Anti-virus/spyware • Therefore, we must be secure
© 2007 Quocirca Ltd
The Reality • The Firewall is like Swiss Cheese – Ports have been opened all over the place • Database security only protects what’s in the database – That’s less than 20% of an organisation’s data • Challenge/response is no answer – Look for yellow sticky notes stuck to the screen of the laptop • VPNs are good.. – …but if breached, provide a secure tunnel back in to the organisation • Also – look at rogue WiFi access points, P2P software, rogue USB hardware, etc, etc… © 2007 Quocirca Ltd
What needs to be done? • Intellectual property is carried in documents – less so in application databases • Intellectual property should be secured at the point of creation • Intellectual property should be accessible by role and individual – But the rights should be capable of being immediately revoked – Need to be extended to suppliers, customers as well as contractors and consultants
© 2007 Quocirca Ltd
Encryption • Data encryption has been around for ever – But highly technically sold • Data encryption should be as transparent as possible to the user • The use of central policies driving automated encryption has to be utilised
© 2007 Quocirca Ltd
The Hybrid Approach • Remember that the majority of information thefts are still opportunistic – Being more secure than someone else may be enough • Worry that many information thefts are targeted – If your business is heavily based on intellectual property, you can’t risk it • Secure via: – Information security – Transport security – Application security – Database security – Device security – Biometrics © 2007 Quocirca Ltd
Other concerns • Do everything to stop accidental leakage – Limit routing • Use formal workflows to ensure specific flows – Stop email forwarding • Also saving of attachments – Prevent printing – Prevent cut and paste • Create solid guidance to stop purposeful leakage – Use of special screen-grab programs – Use of cameras – Manual copying of information
© 2007 Quocirca Ltd
Prevention and Cure • • • • •
Don’t let a problem get to the network If it gets to the network, don’t let it get to a device If it gets to a device, don’t let it do anything If its does anything, don’t let it get to the information If it gets to the information, make the information useless
• It’s the information that counts – Devices can be replaced – Time can be recouped to a degree – Lost information kills the business
© 2007 Quocirca Ltd
Conclusions • Intellectual property is the life blood of many organisations – Leaving important information at rest or on the move in the clear should not be tolerated • Encryption technologies have to be easy to use – Policy driven approaches can drive needs and hide technical complexity • Security has to be multi-layered – Although its not the device or the network that really matters, pragmatism, loss of time and need for specific skills dictates the need for multi-layered security
© 2007 Quocirca Ltd
The impact of convergence on information value Clive Longbottom, Service Director, Quocirca Ltd
Context • Convergence provides cost savings – Via single management – Via single transport • Convergence provides greater capabilities – Greater integration – Better response times • But… • Convergence can lead to greater security risks
© 2007 Quocirca Ltd
The Lure of Convergence • One technology, one set of wires, one means of management • Brings together data, voice, video • Enables multi-channel businesses to act more coherently • But: – Everything is now accessible via a single transport – Everything is stored in a similar way – Information disruption and theft is more attractive
© 2007 Quocirca Ltd
The old days • Data security based on discrete approaches – Application security – Perimeter security – End Point security – VPN transport security • Encryption seen as a discrete, manual solution
© 2007 Quocirca Ltd
Issues • More deperimeterisation in the value chain – Mobile workers – Contractors/consultants – Suppliers and customers • More data at rest – Less of it fully secured – More of it duplicated • More data in movement – Can you count on it being secure?
© 2007 Quocirca Ltd
The Perception of Security • Our systems are protected by: – A firewall – Database security – Challenge/response access – VPNs – Anti-virus/spyware • Therefore, we must be secure
© 2007 Quocirca Ltd
The Reality • The Firewall is like Swiss Cheese – Ports have been opened all over the place • Database security only protects what’s in the database – That’s less than 20% of an organisation’s data • Challenge/response is no answer – Look for yellow sticky notes stuck to the screen of the laptop • VPNs are good.. – …but if breached, provide a secure tunnel back in to the organisation • Also – look at rogue WiFi access points, P2P software, rogue USB hardware, etc, etc… © 2007 Quocirca Ltd
What needs to be done? • Intellectual property is carried in documents – less so in application databases • Intellectual property should be secured at the point of creation • Intellectual property should be accessible by role and individual – But the rights should be capable of being immediately revoked – Need to be extended to suppliers, customers as well as contractors and consultants
© 2007 Quocirca Ltd
Encryption • Data encryption has been around for ever – But highly technically sold • Data encryption should be as transparent as possible to the user • The use of central policies driving automated encryption has to be utilised
© 2007 Quocirca Ltd
The Hybrid Approach • Remember that the majority of information thefts are still opportunistic – Being more secure than someone else may be enough • Worry that many information thefts are targeted – If your business is heavily based on intellectual property, you can’t risk it • Secure via: – Information security – Transport security – Application security – Database security – Device security – Biometrics © 2007 Quocirca Ltd
Other concerns • Do everything to stop accidental leakage – Limit routing • Use formal workflows to ensure specific flows – Stop email forwarding • Also saving of attachments – Prevent printing – Prevent cut and paste • Create solid guidance to stop purposeful leakage – Use of special screen-grab programs – Use of cameras – Manual copying of information
© 2007 Quocirca Ltd
Prevention and Cure • • • • •
Don’t let a problem get to the network If it gets to the network, don’t let it get to a device If it gets to a device, don’t let it do anything If its does anything, don’t let it get to the information If it gets to the information, make the information useless
• It’s the information that counts – Devices can be replaced – Time can be recouped to a degree – Lost information kills the business
© 2007 Quocirca Ltd
Conclusions • Intellectual property is the life blood of many organisations – Leaving important information at rest or on the move in the clear should not be tolerated • Encryption technologies have to be easy to use – Policy driven approaches can drive needs and hide technical complexity • Security has to be multi-layered – Although its not the device or the network that really matters, pragmatism, loss of time and need for specific skills dictates the need for multi-layered security
© 2007 Quocirca Ltd
Related Documents
Ip Over Ip
May 2020 4
Ss7 Over Ip
November 2019 9
Voice Over Ip
July 2020 2
Seminar Voice Over Ip
July 2020 12
Voice Over Ip
July 2020 8