Emerging Technology and Security Update

Similar documents
ICT procurement trends in the Netherlands

Emerging & disruptive technology risks

5 Pitfalls and 5 Payoffs of Conducting Your Business Processes in the Cloud

Discover the Difference

Cloud Computing Starter Kit: Cost and Business Case Considerations

Moving to the Cloud: Benefits, Risks & a Case Study What is this Cloud thing?

Embracing SaaS: A Blueprint for IT Success

Module: Building the Cloud Infrastructure

Topics and Trends. A presentation by Vonya Global Vonya Global LLC Duplication without written consent from Vonya Global is not permitted.

IBM ICE (Innovation Centre for Education) Welcome to: Unit 1 Overview of delivery models in Cloud Computing. Copyright IBM Corporation

THE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE

evaluate UCaaS providers and ensure you make an informed decision

White paper June Managing the tidal wave of data with IBM Tivoli storage management solutions

Put cloud-based insights to work for your business

You can plan and execute tests across multiple concurrent projects and people by sharing and scheduling software/hardware resources.

The Cloud at Your Service

Technology evolution. Managing the risk in four key areas

<Insert Picture Here> Cloud Computing

The Top 5 Questions CIOs Ask About Moving to the Cloud

Ensuring Organizational & Enterprise Resiliency with Third Parties

IT cost allocation The gateway to business alignment and mature service management if done correctly

Transforming software delivery with cloud

Cloud Computing An IBM Perspective

OpenText RightFax. OpenText RightFax OnDemand. Product Brochure. Benefits

Carahsoft End-User Computing Solutions Services

THINK YOU NEED A BYO STRATEGY? THINK AGAIN. Shift to a Digital Workspace Strategy in 5 Steps

How to Choose a Managed Services Provider

You can plan and execute tests across multiple concurrent projects and people by sharing and scheduling software/hardware resources.

Srinivasan Sundara Rajan MASTER Architect / Cloud Evangelist / Cloud Computing Journal Author

IBM SmartCloud Strategy How cloud computing can support your business Christoph Schwaiger Cloud Offering manager, CEE October 18th, 2011

Cloud Solutions Infrastructure, Platform or Software: Where should you go?

itsmf Annual Conference 2012

SunGard: Cloud Provider Capabilities

Mobility, Smart Devices, BYOD Do You Have a Solution & Strategy?

IBM Service Management for a Dynamic Infrastructure IBM Corporation

Fixed scope offering. Oracle Fusion HCM Cloud Service. 22 February 2016 A DIVISION OF DIMENSION DATA

INTER CA NOVEMBER 2018

Communications in the Cloud:

Hitachi Solutions. Ground to Cloud Dynamics AX 2012 Migration to D365

HYBRID CLOUD MANAGEMENT WITH. ServiceNow. Research Paper

Business Layer: Services Definition

Title: HP OpenView Configuration Management Overview Session #: 87 Speaker: Loic Avenel Company: HP

Using Predictive Analytics for Cost Optimization Across Cloud Workloads

Best Practices in Adopting Cloud in Your IT Sourcing Environment Gartner IT Expo

Introduction to Enterprise Computing. Computing Infrastructure Matters

Securing Capabilities in the Cloud: Security and Privacy in the Evolution of Cloud Computing

Cloud Solutions Infrastructure, Platform or Software

Whitepaper Processing Invoices in the Cloud. Processing Invoices in the Cloud

Building a Winning Business Case for HCM SaaS

Business Resilience: Proactive measures for forward-looking enterprises

Cloud Considerations for the PLM ISV Jim Brown President Tech-Clarity

Recording TCO Cook Book 7 Ways to Reduce TCO and Improve Business Operations

How to Choose a Cloud Backup Service Provider

Top 5 Reasons Your Business Needs the Cloud

RELIABLEIT. How to Choose a Managed Services Provider. Finding Peace of Mind

Asset Management Oversight is Essential to Effective Governance

New Technology: Mission Impossible?

Microsoft ISV Partners & The Cloud. Managing & Monetizing the Business Transition

WE RE IN THIS TOGETHER

Cloud Computing & On Demand Services

TOP 6 SECURITY USE CASES

Top 10 tips for selecting a managed services provider

FREE REPORT: 5 Critical Facts Every Business Owner Must Know Before Moving Their Network to the Cloud

VDI. Citrix Cloud Services Adrian Fish

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

Achieve Continuous Compliance via Business Service Management (BSM)

ClearPath Services. Accelerate your ClearPath ROI. Isaac Levy Global Manager ClearPath Services May 2013

The Worry-Free IT Investment

W H I T E PA P E R. Cloud Migration Methodology -Janaki Jayachandran (Director of Technology) a t t e n t i o n. a l w a y s.

The Answer Company White Paper

InforCloudSuite. Public Sector. Overview INFOR CLOUDSUITE PUBLIC SECTOR 1

Redefining Perspectives A thought leadership forum for technologists interested in defining a new future

A Examcollection.Premium.Exam.35q

MANAGED NOC AND HELP DESK SERVICES

1 P a g e. IT Tailored to Your Needs

Policy Outsourcing and Cloud-Based File Sharing

Moving From Contact Center to Customer Engagement

Learn How To Implement Cloud on System z. Delivering and optimizing private cloud on System z with Integrated Service Management

Office 365 for Non-Profit Organisations

FOR SAP ON MICROSOFT AZURE

CLOUDCHECKR ON AWS AND AZURE: A GUIDE TO PUBLIC CLOUD COST MANAGEMENT

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017

WHAT IS CLOUD COMPUTING?

Smart voice and data recording. with Red Box Quantify

The Migration of Web Applications to the Cloud Environment By. Pethuru Raj PhD Enterprise Architect Sify Software Ltd. Chennai

PDSA Special Report. Why Move to the Cloud

Managed Services. Managed Services. Choices that work for you PEOPLESOFT ORACLE CLOUD JD EDWARDS E-BUSINESS SUITE.

GUIDEBOOK ADAPTIVE INSIGHTS

GDPR: Centralize Unstructured Data Governance Across On-premises and Cloud

Architecting an On Demand Enterprise with the Federal Enterprise Architecture (FEA) Andras R. Szakal Chief Architect, IBM Federal Software, S&D

WHITE PAPER. FlexNet Manager Suite Leverages Microsoft System Center to Deliver Next Generation Software Asset Management

OS A superior platform for business. Operate seamlessly, automatically, and intelligently anywhere in the world

Cape Rock Ltd. Attendees. Date Consultant. Mats Nyström. Richard Bull Anastasia Birchwood

Infrastructure in the Cloud:

IBM QRadar SIEM. Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights

Ten Ways to Catch ERP Software Companies Faking It with Cloudwashing

Managed Services and the Bottom Line

Enterprise Resource Planning (ERP) in Cloud

Reinventing the IT War Room:

Transcription:

Emerging Technology and Security Update Presented by, Cal Slemp Managing Director, New York, NY October 25, 2012

Speaker Presenter Cal Slemp Managing Director, New York Topic Emerging Technology and Security Update Objective Provide: An overview of and key risks associated with cloud computing If time allows, also address security considerations with Social Media Relevant Experience Protiviti s Global Leader Security and Privacy Solutions Associated with IBM for 30 years prior to joining Protiviti, led their global Security and Privacy Services team Developed a unique identity management service offering for IBM called Trusted Identity 2

Framing the Discussion

Emerging IT Trends Demand Side 1 Rise of the Knowledge Worker 2 Ubiquitous Data Widespread transaction automation and outsourcing, and the resulting shift in retained skills, mean almost everyone is becoming a knowledge worker The rise of "smart" mobile devices and "ubiquitous sensing" will drive an exponential increase in data volume and throughput 3 Social Media 4 Emerging Market Growth The way customers and consumers learn about products and interact with companies is changing fundamentally Shifting global demand means emerging markets will be main source of growth, eventually reaching the scale of developed markets 5 Efficiency Shortfalls 6 Tech-Savvy Workforce The corporate center (IT, Finance, HR, Supply Chain, Procurement, etc.) is reaching the limits of efficiency in its current functionally-oriented form Technology knowledge and confidence in the workforce is broadening but losing its depth (fewer have a deep technical expertise) Important but not Transformative trends 7 Green IT Green IT, greater government intervention in the economy Source: CIO.com 4

Emerging IT Trends (cont.) Supply Side 8 Technology as a Service 9 The Industrialized, Externalized Back Office Infrastructure and applications are becoming available as virtualized, configurable, and scalable services in the cloud (or will) adopt licensing structures to mimic a service Industry standards will emerge for back-office business processes that are then delivered by external providers 10 A Blueprint for Service Delivery 11 Desktop Transformation ITILv3 provides a pathway to reorienting IT around service delivery Virtualization, SaaS, and unified communications combined with greater workforce mobility triggers a "transformation of the desktop," enabling deviceagnostic service delivery Organization Side 12 Fewer than 25% of employees currently within IT will remain in their current roles 13 Many activities will devolve to business units, be consolidated with other central functions such as HR and finance, or be externally sourced 14 CIOs face the choice of expanding to lead a business shared service group, or seeing their position shrink to managing technology delivery 15 Several trends in IT demand and supply will change how organizations use technology to create value, and the roles, structure and skills of the IT function Source: CIO.com 5

Emerging Strategic Technologies Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. The following are the top technologies that could have a potential impact on future strategic direction which businesses may chose to take. Cloud Computing Social Media Green IT Internet Marketing Mobile Commerce Context Aware Computing Off shoring / Out sourcing IT Security 6

IT Capabilities and Needs Insight 7

Multiple Models of Cloud Computing Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. OR more simply, IT runs over the Internet instead of installing hardware and software yourself. Characteristics Service Models Deployment Models On demand self-service Pay as you use Rapid elasticity (expand / contract) Multi tenancy (shared pool) Broad network access Business Process as a Service (emerging) Entire business process as a service in the cloud Software as a Service Finished applications that you rent and customize Platform as a Service Developer platform that abstracts the infrastructure, OS, and middleware for developer productivity Infrastructure as a Service Deployment platform that abstracts the infrastructure Public Cloud Community Cloud Hybrid Cloud Private Cloud 8

How Can It Help Businesses? Serving High Demand Allowing High Variable Demand Reaching Geographically Dispersed Users Assisting with Start Ups Consolidating Company IT Experimenting Easily and Cheaply Planning for Disaster Recovery Operational Expertise Patch Management, Version Updates, Data Security Management 9

Many Cloud Computing Offerings Business / Enterprise Influenced System Infrastructure Application Infrastructure Application and Information Process Consumer / Web Influenced * A sample list only. There are many more players. 10

SW Dev & Testing BU / Archive Storage Primary Storage Web Hosting CRM and / or SFA HR Mgmt Mktg Automation / Solutions ERP Email Collaboration IT Service Mgmt Project & Port Mgmt (PPM) Payroll, Actg, Fin'l Mgmt Predictive BI How The Cloud Is Being Utilized? 12% 10% 8% 9% 9% 11% 7% 8% 8% 10% 9% 7% 11% 6% 4% 2% 3% 2% 4% 0% 0% Source: March 2011, Worldwide Executive Council 11

Clouds Are Cloudy Requirements Services As visibility is lost Where is the data? Who can see the data? Who has seen the data? Has data been tampered with? Where is processing performed? How is processing configured? Does backup happen? How? Where? security, compliance, and value are lost as well. 12

Top Risks Loss of Governance Lock-In Management Interface Compromise Incomplete or Insecure Data Deletion Data Protection Malicious Insider Isolation Failure Compliance Risks 13

Categories of Control Objectives Compliance Data Governance Facility Security Human Resources Information Security Legal Operations Management Risk Management Release Management Resiliency 14

Control Objectives Independent Regulatory Audits Compliance Vendor Management Information System Regulatory Mapping Intellectual Property Classification Data Governance Handling / Labeling / Security Policy Retention Policy Risk Assessments Facility Policy User Access Asset Management Background Screening Human Resources Employment Agreements Employment Termination 15

Control Objectives Management Program Policy, Reviews, Enforcement User Access Restriction / Authorization / Reviews Awareness Training Roles / Responsibilities Information Security Management Oversight User Access Policy Workspace Cleanliness Anti-Virus / Malicious Software Incident Management Identification, Reporting and Monitoring Incident Response Legal Preparation 16

Control Objectives Non-Disclosure Agreements Legal Operations Management Third Party Agreements Service Level Agreements Capacity / Resource Planning Program Assessments Risk Management Mitigation / Acceptance Business / Policy Change Impacts Third Party Access Release Management Resiliency Production Changes Outsourced Development Management Program Impact Analysis Business Continuity Planning Business Continuity Testing 17

Involvement of Internal Audit Vendor Selection & Contract Negotiation Validation of business case Right to Audit Clause and / or SAS70 (SSAE16) Compliance Scope Impact of Regulations on Data Security Stability of Partners and Services Providers Contractual Data Protection Responsibilities and Related Clauses Impact of Regulations on Provider Infrastructure Prepare Evidence of How Each Requirement Is Being Met Pre-Implementation Review Project management - roles and responsibilities Data migration strategy Post-Implementation Review Accuracy of data Policies and procedures pertaining to data security, privacy of data Regulatory changes - HIPAA, PCI, etc. 18

Social Media Considerations

What Is Social Media? Technologies that allow bi-directional communication among many participants Evolution from uni-directional 1:1 and 1:many communication to bi-directional many:many interaction Intended to drive engagement Provides easy-to-use tools with a very friendly user interface Mostly Internet-based (with implications on speed and breadth of communication) 20

21

Security Trends in Social Media 21% accept contact offerings from members they don't recognize More than half let acquaintances or roommates access social networks on their machines 64% click on links offered by community members or contacts 26% share files within social networks 20% have experienced identity theft 47% have been victims of malware infections Facebook has been hit with malicious applications and new version of the Koobface virus, which allows hackers to steal information from personal profiles Huge increase in likejacking http://www.webpronews.com 22

Social Use Cases and Key Risks Uses Risks Sales & Collaboration Monitoring Customer Relationship Management (CRM) Market Research Marketing Campaigns HR / Recruiting Brand & Reputation Data Leakage Regulatory & Compliance Violations Viruses Malware Backdoors Loss of Employee Productivity Users

Other Risk Considerations Financial Risk Remarks about company performance could impact stock price and performance. ( The strategic plan for Company C is not going to work and results are not going to be good ) Safety Risk Release of information about what someone is doing or where someone is traveling. ( Our executive team is meeting at Location Z ) Personal Reputation Loss Remarks made by an individual or friends of an individual could be viewed by others ( I can t believe what happened the other night when I was out for dinner )

Other Risk Considerations (cont.) Metrics Integrity Risk Metrics used to measure results of social media efforts may be invalid or inappropriately measured leading to poor decisions and investments. Litigation Risk What is said on social media sites can, and will, be used against individuals and companies in a court of law. Lack of Governance Appropriate involvement of stakeholders and executive oversight do not correlate social media activities to company objectives and culture.

The Social Media Lifecycle STRATEGY Establish linkage to corporate objectives MEASURING THE RESULTS Collect data and validate against goals and adjust approach as needed Business Strategies CREATING THE PLAN Putting the plan into the corporate development process IMPLEMENTATION AND MONITORING Obtain final sign-offs and monitor the activity in a production mode DEVELOPMENT AND CHANGE MANAGEMENT Developing the product and testing in a nonproduction mode 26

The Social Media Lifecycle Guiding Principles Governance Ensure that the social media capabilities have appropriate oversight and ownership Coordinate/integrate social media efforts with other marketing activities Monitor market developments with emerging social media offerings Establish appropriate review and quality assurance steps Capabilities Review current skill sets within the organization and validate what may be needed to deliver social media efforts. Introductory and expert usage training is essential. Make sure that the IT organization is appropriately involved for evaluation and consideration of social media designs Integrity Establish an environment where capabilities can be developed with appropriate oversight and security. Reinforce with clear policies and procedures. Design appropriate monitoring oversight for development and production environments Review interaction of social media capabilities with existing systems and business processes Validate risks and ongoing monitoring steps Security Validate security design Ensure appropriate access to development and production environments Review and implement automated tools to support security monitoring Integrate with your existing security and privacy practices 27

Some Useful Information Sources Auditing Social Media A Governance and Risk Guide - www.theiia.org Social Media Audit / Assurance Program - www.isaca.org Social Media Governance - www.socialmediagovernance.com/policies.php Social Media Explorer - www.socialmediaexplorer.com

Wrap-Up

Call to Action Stay connected to corporate strategies and objectives and then anticipate their implications to the IT environment. Ensure the risks are articulated. Get involved with proof-of-concept activities for new capabilities and technology. Don't assume policies exist (or can be adapted) for adoption of new technologies. Make sure that appropriate and on-going training is in place to educate employees and also external customers. In coordination with the IT team, evaluate monitoring tools that can help address the risks of the emerging technologies. Ensure there is program and project management offices for emerging technology introduction and usage as well as the tracking of risks/issues and ROI. Review the support structure and organization in place to deal with internal and external customers. 30

Q & A

Thank You Cal Slemp Managing Director New York, NY +1.203.905.2926 cal.slemp@protiviti.com 32

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback