11. Exponential Growth in
Malware and Attacks
at the Endpoint
Minimal Increase In IT
Security Software
Spending with Little
Thought to Likelihood
Malware growth IT spend
12.
13. 1. Allow the Assumption That Data is in the Data Center
2.
3.
4.
5.
6.
7.
14. The fleet of smart phones you have deployed to your sales staff enables
them to be more productive, and to work around the clock, but it
also jeopardizes your data.
With the proliferation of laptops, mobile devices, and USB memory sticks,
it is now likely that the majority of your data is no longer under the custody of your IT
department.
Consider how many copies of emails, PowerPoint presentations, business plans, and
other intellectual property are now on devices that are not in your data center.
15. The Ponemon Institute states that each customer record lost is worth $179. If you
look at total cost of loss, you can easily get to the point where you lose your
business 3-4 times a day, based on risk analytics!
Any risk model which ignores the lifeblood of your business, grossly
underestimates your exposure.
Any risk model that ignores reality, is worthless.
16. 1. Allow the Assumption That Data is in the Data Center
2. Treating Mobile Devices Based on the Value of the Physical Asset, not
the Data on the Physical Device
3.
4.
5.
6.
7.
17. Many IT departments make the sad mistake of considering replacement value for
IT assets when developing risk models (if they have them)
•What about all the late nights working on those business plans, board
presentations, and patents?
•The intellectual property on your laptop is worth much more
than the physical device.
18. Example –
What if a Coke bottle is only worth the CRV (recycling value)?
What about the contents?
19. 1. Allow the Assumption That Data is in the Data Center
2. Treating Mobile Devices Based on the Value of the Physical Asset, not
the Data on the Physical Device
3. Treating Mobile Devices as Desktops
4.
5.
6.
7.
20. About those Smartphones,
Have you considered that they are as powerful
as your desktops of 5 years ago?
Now let’s consider laptops, USB devices, etc…
Can you really afford to have a myopic IT department
create a single policy for internal assets as well as for mobile assets?
Whether it is laptops or smart phones, sometimes different rules should apply
when you change locations.
21. The days of the M&M Model of Perimeter Defense are behind us.
Your approach to security needs to keep up.
22. •
Email
"Endpoint . . . solutions are
Internet Video
now a line of
defense . . .”
Personal Websites
Charles Kolodgy
Business Websites Research Director
IDC Security Products Program
Social Media
23. 1. Allow the Assumption That Data is in the Data Center
2. Treating Mobile Devices based on the Value of the Physical Asset, not
the Data on the Physical Device
3. Treating Mobile Devices as Desktops
4. Adoption of Social Media Without Proper Protection
5.
6.
7.
24. Web 2.0 has brought user interaction to a whole different level.
Facebook, Twitter, and other social network platforms allow for collaboration,
interaction and exchanges of ideas on a many-to-many.
However, aside from being a potential drain on corporate resources, they also
jeopardize the integrity of your data, encourage employees to post potentially
sensitive data without thinking, and empower a new wave of identity theft based
on abuse of trust.
25.
26. Outside of your marketing department, and PR…
WHY are employees on social networks during the day?
Facebook is
•Email without the controls…
•450 million strong…
•and zero culture.
They are viruses with legs!
27. 1. Allow the Assumption That Data is in the Data Center
2. Treating Mobile Devices based on the Value of the Physical Asset, not
the Data on the Physical Device
3. Treating Mobile Devices as Desktops
4. Adoption of Social Media Without Proper Protection
5. Allowing Apple & Google to Become Your IT / QA Department
6.
7.
28. With the evolution of our work platforms, we rely more and
more every day on web based applications, PDFs, and
other cloud-based applications
What that means, in reality, is that the QA of your working
platforms is in the hands of Google, Adobe, Apple, and
Microsoft.
A breach in the foundation of these platforms means a
breach in your business processes.
29.
30. Intel recently had to mention on their SEC filings that they
were part of the 34 companies impacted by Operation
Aurora.
How is THAT for security as a board level issue?
And if you are considering cloud based services, or
SaaS solutions, ensure that the infrastructure is secure
and robust.
31. 1. Allow the Assumption That Data is in the Data Center
2. Treating Mobile Devices based on the Value of the Physical Asset, not
the Data on the Physical Device
3. Treating Mobile Devices as Desktops
4. Adoption of Social Media Without Proper Protection
5. Allowing Apple & Google to Become Your IT / QA Department
6. Focusing on Protection rather than Detection
7.
32. Who would you rather fight?
Stevie Wonder vs. Mohammed Ali
Can’t fight what you can’t see…
Or Is Protection just slightly more important than Detection?
33. •
•
• 9%
2%
34% 22%
23%
4%
Doors Locks Alarm Motion detector Dog Gun
Windows Fence Monitoring Crime watch Police Insurance
Source: “Data @ Risk” by David H. Stelzl
34. “We had no idea this
malware was High
getting through.”
Probability of
Likelihood
Occurrence
decreases with
Detection and
Response
“We’ve got it
covered.” Low
Low Impact of Risk High
35. Only a comprehensive system allows you to take appropriate action,
not merely monitor or inform.
However, we need to put the decisions in the hands of the
business process owner, instead of leaving it with IT.
36. 1. Allow the Assumption that Data is in the Data Center
2. Treating mobile devices based on the value of the physical asset, not
the data on the physical device
3. Treating mobile devices as Desktops
4. Adoption of Social Media without proper protection
5. Allowing Apple and Google to become your IT / QA Department
6. Focusing on Protection rather than Detection
7. Assuming everything is OK
37. How many times have you heard your IT team say “We’re covered… We are
compliant”, only to have your expensive external audit firm come in and deliver a
scathing report that enumerates thousands of missed items, erroneous
configurations, and process violations?
38. Frankly, what your IT department is losing is credibility…
With you, the business owners.
But keep in mind…
You still must fund the lighthouse!
39. “Everyone Has a Plan… Until They Get Hit”
Michael Tyson
Philosopher and Pugilist