data protection presentation

1

LIVE WEBINAR

Data Protection: Safeguarding your business today & tomorrow

Wednesday, November 25, 2009 12:30 PM - 1:30 PM (AEDST), Sydney Australia

Conference Number: Australia: 1800 098 754 New Zealand: 0800 447 860

Your conference ID #: 42727822

Research & Advisory Services | Consulting | Facilitation

© Copyright 2009 IBRS All rights reserved.

IBRSwww.ibrs.com.au

Current issues in information security, and the value of data

James TurnerAdvisor



Presentation outline• About IBRS• Analysis of current issues

– Data Loss Prevention– Mobility of workers– The cloud

What is the common thread?

“Colour Beginning”J.(M.W.) Turner



Our advisors

Dr Kevin McIsaac

Terry Dargan

Dr Colin Boswell

Joseph Sweeney

James Turner

Alan Hansell

Rob Mackinnon

Guy Cranswick

Irene Pimentel

Brian Bowman

Jorn Bettin

Peter Hind

IBRS is an Australian company providing timely advice, insightful judgement, and thorough research

to benefit IT and business managers in Australasian organisations.



• We’re focussing on:– Confidentiality

• Defend

– Availability• Recover

The CIA triad

Confidentiality

Integrity

Availability

Your sensitive data needs all 3 attributes



• Data Loss Prevention• Mobility of workers• The cloud

The issues and trends



• Licensing – complex (immature)

• More resources– False alerts and – genuine alerts

• Can be useful for audit• Really poorly named!

Data Loss Prevention

"The scream"Edvard Munch

Business cases based on fear of public disclosure



• Lots of people, using lots of devices,to do lots of stuff, to lots of data, on lots of systems

• Complexity is driven by diversity (multiformity)– Complexity is not your friend

Mobility of workers

Virtualisation is the market response to rampant multiformity

The PED trilemmaSource: "Portable electronic devices (PEDs): a frog close to the boil", IBRS, February 2008



The cloud

The Cloud



• Adoption:– Yes– No– Maybe– It depends

• Resilience, and the location of the data

The cloud

Big migrations will make the news, because they are the exceptions

"Clouds"John Constable



The value of the data• These 3 threads all have the data as their core

issue. Clearly the data is paramount!1. Data Loss Prevention

• Endpoint encryption E.g. Client USB key lost on main street

2. Mobility of employees and data• Availability of data to roaming employees

3. Resilience/Availability• E.g. Flooded computer room from faulty aircon



Incident response lifecycleMitigate risks

Backup important data

Restore

Life is too short to only learn from your own mistakes



IBRSwww.ibrs.com.au

Current issues in information security, and the value of data

James TurnerAdvisor

Andrew Fry

Business Unit Executive

Business Continuity & Resiliency Services,

IBM Global Technology Services

15

Data Security Services – Endpoint Data ProtectionPGP Corporation Encryption Software and Support

Benefits

Help protect business data in transit and at rest—even beyond the enterprise network Designed to protect sensitive data on endpoint devices—including laptops, hand-helds, and

removable storage devices—against unauthorised exposure Reduces the need for in-house security experts with IBM 24x7x365 support and

professional services

What does PGP Encryption do?

Full disk encryption to protect data even when a device is lost or stolen Selective file or folder encryption to protect data during use Control over and protection of data on removable storage devices Identification of sensitive data and monitoring of usage Policy engine to enforce corporate policies on endpoint devices

16

PGP Encryption – Example

Company: A mining and exploration company operating in a highly competitive and volatile market.

Problem: Suffered from leakage of sensitive corporate data as a result of stolen employee’s laptop.

Solution: Security specialists from IBM ISS implemented a PGP® Whole Disk Encryption solution to protect sensitive corporate data on desktops, laptops and removable media.

Benefits: 1) Peace of mind that sensitive data is constantly protected from unauthorised access, providing strong security for intellectual property and reduced competitive risk

2) Data is protected without changing the user experience

3) Reduced operational costs by centrally automating encryption policies

17

Data Backup and Restoration servicesCloud delivered, fully managed service

Disk, tape and virtual tape-based backup and recovery for data centres, and remote sites

Protect the core: Onsite and Remote data protection

Scalable on-demand services architecture

Disk-based backup and recovery for Desktops and laptops

Protect the edge: Fastprotect Online

• Managed service including scalable hardware, software, monitoring, management and reporting

• Near 100% backup success rate in 24hr period

• Usage based, monthly fee (pay as you go)

18

• A managed service that automatically protects business critical data servers

Remote Data Protection

Automatic, reliable protection for your critical data that can be restored virtually anywhere, anytime

19

• Fully Managed backup service•Internet / Private network•Customer network

• Virtual Server Recovery

A Better way to recover data and server infrastructureCombine Data backup via cloud, and virtualised disaster recovery servers

IBM Recovery Centre

20

Server and Data recovery - Example

Company: Financial services firm, servicing mid-size organisations in Australia

Problem: Business demanded faster recovery times and assurance that data was being protected every day across distributed sites, and all within existing budget.

Solution: Implemented IBM Remote Data Protection to backup critical server data to secure IBM facility, on a pay-as-you-go service. IBM coupled the backup service with IBM Virtual Server recovery to provide complete offsite server and data recovery solution, for a shared price point.

Benefits: 1) Client achieved vastly improved recovery times, without needing to invest in expensive dedicated infrastructure

2) Daily reports confirming critical data is securely backed up

3) Storage capacity scales up/down based on usage (opex model)

21

Data Protection ServicesAvoid data loss or leakage, and have a plan for recovery

Mitigate risks

Backup important data

Restore

22

THANK YOU