privacy a corporate responsibility ronald ross, ceo
TRANSCRIPT
Privacy A Corporate Responsibility
Ronald Ross, CEO
Privacy A Corporate Responsibility
– How bad it gets?– Social and economic implications– Legislations– Challenges– MSS and privacy– Conclusion
Refreshing Statistics• The U.S. Federal Trade Commision’s Hotline
received 445 phone calls per week in November of 1999
• By June 2001 the number rose to 1800 calls per week
445
1800
0
200
400
600
800
1000
1200
1400
1600
1800
Ca
lls
pe
r w
ee
k
Stolen Identity Dynamics,U.S.
Year20011999
Categories of Identity Theft
• Credit Card fraud
• Unauthorized Phone or Utility Services
• Bank Fraud
• Fraudulent Loans
• Government Documents or Benefits
• Other Identity Theft
• Multiple Types
Sample contacts received
326
24
736 7
Identity theft
Identity verification
Sales
Loss of Card
Problem with SSN
More Statistics
Source: U.S. Office of the Inspector General, August 1999
Canadians Accessing the Internet
23%
31%
37%
49%
57%
0%
10%
20%
30%
40%
50%
60%
Canadians Accessing the Internet
Year
20001999199819971996
Source: Industry Canada
53%
94%
22%
69%
14%
44%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Canadian BusinessConnected to the
Internet
Canadian BusinessWith Websites
Canadian Businessto Procure Goods
Canadian Private Sector vs Public, 1999 Statistics
Private
Public
Use of the Internet by Sectors
Source: Industry Canada
Major Business Obsticales for E-commerce
42%
40%
31%
29%
0% 10% 20% 30% 40% 50%
Security Concerns
Privacy Concerns
IT DevelopmentCosts
IT Support Costs
Barriers to E-Commerce Development
Source: Deloitte and Touche
E-Commerce Consumer Barriers
40%
23%
60%
0% 10% 20% 30% 40% 50% 60% 70%
Security Concerns
No Need
Other
Source: Ekos Research Associates
Privacy Legislations CANADA:
Personal Information Protection and Electronic Document Act, April 13, 2000
U.S. : Health Insurance Portability and Accountability, 1996 Children’s Online Privacy Protection Act, 1998 Gramm-Leach-Bliley Act for the banking industry, 1999
Europe: Data Protection Directive, 1995 Telecommunications Directive, 1997
Australia: The Privacy Amendment Act, 2000
Japan: Guidelines Concerning the Protection of Personal Information Associated with Electronic
Computer Data Processing in the Private Sector, 1989
Most Recent Developments
U.S.: Federal Trade Commission will hold a workshop in December 2001 to assist
companies with writing privacy policies that comply with Gramm-Leach-Bliley Act October, 2001 - California Creates Identity Theft Law, Senate Bill 168
Europe: Anti Spam legislation Echelon report accepted
IT Security and Privacy are closely related Without proper security and security policies, the privacy
cannot be enforced Technology is just an enabler to protect the private
information People are managing the technologies and risks
Security and Privacy
Complexity of the systems, including the OS. Microsoft Windows 2000 estimated to have 35-40 million lines of codes
Network configuration errors Shortage of qualified IT security personnel and turnover Costly to maintain in-house Lack of funding Human factor
Challenges
Compliancy with the Privacy Act:
Basic Questions Do you have a Security policy in place? Do you enforce your Security policy? Do you encrypt all private and sensitive data? Do you monitor any unauthorized access to private information? How the cookies are handled in your organization? Who can
access the cookies?
How JETNET Can Help You
A Brief Introduction to JETNET
• Founded in 1998 in Ottawa as a “JetForm Affiliate”– Design of International Deployment of VPN/FW
• First mover in “Managed Security Services”• Recognized as a “Pioneer” by TeleManagement • Ottawa, Toronto Locations• 7/24 Internetworking Operations Centre (IOC) • JETNET is Canada’s leading Managed Security
Services Provider– Impressive Customer List– Patent pending technology and service delivery
JETNET Technology Partnerships
• Partnerships with the leaders in the security market
• Best of breed technology offering
We Offer to You...• Focus
– Our only offering is MSS (Has been for the last 3 years)
• Track Record– “Blue Chip” Customers, Systems, People– Trust factor/Relationship has been established and maintained
• Mature Offering– 3 Year design and development– Process Driven and extensive expertise– Investment in Infrastructure has been made
• Annuity, High Leverage Model in a High Growth Market– Ability to compensate your team and deliver
• Continued Support– Employees, Customers and Investors
JETNET Services Managed Firewall
Managed VPN Branch
Managed VPN – Remote Access
Managed Radius Authentication Service
Managed Authentication – VPN
Managed Authentication – Web
Bundled Security Service – FW, VPN, FW/VPN
Professional Services
Vulnerability assessment services
MMRH Service OfferingOPERATIONAL
SUPPORT
VALUE PROPOSITION (7x24)
Management
Conduct moves/adds/changes
Provide access to technical expertise
Supply regular backup of device configuration file
Apply vendor updates and patches necessary to ensure operational stability and adherence to industry security standards
Monitoring
Vigilant monitoring for device health, performance, availability, capacity and security compliance
Timely response to selective conditions
Reporting
Supply third party device health, performance, availability, capacity and security compliance reports
Reports available for all Managed Devices
Help Desk
Provide access to technical expertise and support via single point of contact
Notify customer in the event of an operational exception
Liaise with the respective maintenance and support vendors in the event of an operational exception
- Coverage by countries
JETNET Global Coverage
JETNET’s Technology Can Help To Safeguard Your Network
Security Activity Manager Collection Agent or SCA is an agent on a dedicated HW
SCA can securely track different events and log files within the LAN’s DMZ area
Top 10 Web sites reports Top 25 Users In-house developed or third party applications for
monitoring privacy compliance can be deployed and alerts can be generated in a real-time
$629,241
$1,660,979
$0
$200,000
$400,000
$600,000
$800,000
$1,000,000
$1,200,000
$1,400,000
$1,600,000
$1,800,000
Co
st,
$
JETNET Solution vs In-House Implementation
JETNET In-house
$629,241
$2,319,083
$0
$500,000
$1,000,000
$1,500,000
$2,000,000
$2,500,000
Co
st,
$
JETNET Solution vs Full In-House Implementation
JETNET In-house
Business Models Comparison
JETNET – Customer Data Flow
VPN Device
VPN GW
JETNET MonitoringCustomer Deployment
JETNET SCA
JETNET Intelligence
JETNET IOC SAM
Phone, pager
Customer Feedback
FW
IDS
SCA Deployment
Monitoring The Privacy Act Compliance
Privacy compliance audits Recommendations/implementation for improvement, based on
the results of audits Proactive Managed Security Services – protect the networks Managed applications inside the customer network (SCA) to
monitor any unauthorized behavior and notify the customer
“Technological advances have also facilitated ’identity theft,’ the availability and misuse of electronic account and personal information. Identity theft poses significant risks to financial institutions and individuals alike. The Internet is also engendering other bank-related frauds.”
Conclusion
Statement of Charles L. Owens; Chief, Financial Crimes Section, FBI; in a hearing on Financial Instrument Fraud held by the Subcommittee on Financial Services and Technology; Committee on Banking, Housing, and Urban Affairs; U.S. Senate; Sept. 16, 1997.
Thank You