monitoring security in the externalised organisation (auscert 2013)
DESCRIPTION
With an increasing prevalence of cloud services, end user computing and third party delivery - many organisations are having to monitor security controls at arms length where they don't have direct contact or accessTRANSCRIPT
Copyright © Tier-3 Pty Ltd, 2012. All rights reserved.
Monitoring security in the“Externalised organisation”
(Or in the “office of the future”)
Piers WilsonTier-3 Huntsman® - Head of Product Management
2
Introductions
01/05/2013
Piers WilsonHead of Product Management
at Tier-3Director of IISP
Previously Senior Manager in PricewaterhouseCoopers Cyber Security practice
Tier-3 Huntsman®Advanced Security Incident & Event Management (SIEM) solution
• High performance event correlation• Behaviour Anomaly Detection (BAD 2.0)
• “Big data” analytics• Governance, Risk, Compliance• Cloud/multi-tenancy support
• Active response
Agenda and scope
• What this talk is about…
– The implications of technology trends– Anticipating the emergent IT and
security environment– Monitoring security when:
• It is more important• It is more difficult
– Approaches to dealing with this in a constructive way
01/05/2013 3
79% of the UK population use the internet anywhere, on any device
Ofcom, 2012
Looking ahead to 2013, we are going to see more and more organisations seeking alternatives to on-premise deployments.
Paul Moxon, Axway (via IDG Connect)
Most significantly, we’re seeing an overriding belief that cloud is disrupting software in fundamental and lasting ways.
Michael Skok, 2012 Future of Cloud Computing
A standard setup of computing on a business' premises — a server in a closet or basement, and software loaded on individual machines — is a model that's likely to drift into obsolescence
The Daily Progress, 2013
Enterprise mobility is booming; organizations must connect with employees, customers, and partners in new ways and across new devices and applications.
Forrester
Background
• Mobile apps, consumerisation and "bring your own device" are here
• Users / Customers increasingly expect to access systems via mobile / personal devices
• Cloud computing is well along the hype curve – its use and pervasiveness is growing
• Social media is already a more “normal” way of working than email for many people
01/05/2013 4
5
The old “Office of the Future”
01/05/2013
6
The “Office of the Future”
This is starting to be known as the “externalised organisation”
A greater focus and proportion of IT delivery / use happens outside
01/05/2013
IT your users control
IT your cloud provider controls
IT you control
7
Conclusions...
Security teams face a real challenge
• Data isn’t where it used to be• The network is going beyond just losing its perimeter to being completely
external• You have a lot less control over the front and back end platforms (i.e. none)• People are working and communicating differently (e.g. social media)
Some new approaches are necessary...
01/05/2013
8
More diversity and complexity in monitoring and control
01/05/2013
Security Operations• Greater visibility• Compliance burden• Improved response
Cyber-securityUsersMobile EnvironmentCloud ApplicationsPaaS
• Cyber security controls• Threat feeds• Social media
• End-user devices• Social Media
• MDM• Mobile Apps• App backends
• Salesforce• Etc...
• Virtualised Platforms• Hypervisor layer
Platforms PhysicalSecurity ControlsNetworkApplications• Windows• Unix• Mainframe
• Locks• CCTV• RFID
• Firewalls• AV• IDS/IPS• ID&AM
• LAN/WAN• VPN• Remote Access
• Web• Client/Server• Databases
9
Future-proof, advanced SIEM solutions
01/05/2013
Cyber-security
Users
Mobile Environment
Cloud Applications
PaaS• Ability to consider the platform and the hypervisor layer• Multi-tenancy increasingly going to be demanded by platform suppliers• Ability to monitor service levels and risk currently rare
• Everything is externalised, what log access is possible?• Are there ways to track access, misuse, anomalous go away
• MDM platforms and staff mobility management• Custom apps – does log data come from the user device or the back-end• What will mobile payments mean – esp. for carriers, banks, retailers
• Activity on internal and external systems• Social media monitoring – legality, effectiveness and feasibility• What about the wider communications environment
• Increasingly rich market for “cyber security solutions” which add to the controls portfolio
None of this is easy
Agility within the organisation and in its
security partners will be key
Check suppliers have got these trends on their
radar
Operations will require “intelligent” SIEM
solutions to meet business demands
10
Future security operations
01/05/2013
Data Visualisation Data Enrichment
Cloud platforms
External Apps
Threats
Intelligent SIEM
Deciding what information to collectand why…
Security teams are used to drawing a balance between benefit and risk• what data we collect and its value
Industry (more widely) is starting to invest in, and discover, the value of data analytics
In security, the wider benefits of “big data”involves different parameters … more data means:• Improved fraud analytic capability• Better customer profiling• More context• Better diagnostics (and anticipation)AND• Greater visibility around security threats, risks, attacks
01/05/2013 11
Smarter data analytics
More useful data sources
More uses / Bigger audience
… and then making sure we canprotect it
Growth of security/customer/fraud/business data from the mobile computing environment can:• Challenge privacy obligations• Give security teams another (and higher impact) data set to protect
Need to evolve security stance - even simple “big data” examples could raise the risk levels much higher
Cloud changes the way we deliver ITMust ensure we have the right tools and approaches to gain the maximum value from the security, fraud, activity data available
Social media exposes users, and gives business new ways to interactUsage and brand management need monitoring - threat awareness becomes a tangible advantage
01/05/2013 12
So what?
• The value of (all) data is increasing
• More mobile and app-oriented environment and wider adoption of external services… security logs, behaviour anomaly detection, cyber threat detection and analytics more critical… businesses increasingly looking to drive efficiencies and interaction
• We have to acknowledge these trends and ensure that we adequately protect business information
• Gaining visibility – and keeping it – is vital
01/05/2013 13
Copyright © Tier-3 Pty Ltd, 2012. All rights reserved.
Finally…
14
Time for questionsOr:
Find me at Tier-3’s stand
[email protected]+44 (0) 7800 508517
www.tier-3.com @tier3huntsman