How Will Your Cloud Strategy Impact Your Cyber Strategy?
•Télécharger en tant que PPTX, PDF•
2 j'aime•82,435 vues
Digital transformation initiatives are forcing organizations to rethink their cybersecurity strategies. BMC and Forbes Insights conducted a security survey among more than 300 C-level executives around the globe to examine today’s biggest cybersecurity threats and new security models being pursued to fill the gaps.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à How Will Your Cloud Strategy Impact Your Cyber Strategy?
Similaire à How Will Your Cloud Strategy Impact Your Cyber Strategy? (20)
Plus de BMC Software
Plus de BMC Software (16)
Dernier
Dernier (20)
How Will Your Cloud Strategy Impact Your Cyber Strategy?
- 1. How Will Your Cloud Strategy Impact Your Cyber Strategy? Build a new security model to close today’s security gaps and effectively wage cyber warfare
- 2. Interviewed • Cameron Brown, Former Forensic Specialist, United Nations • Scott Crowder, CIO, BMC • Paul Lewis, CTO, Hitachi Data Systems • Betty Elliott, Head of InfoSec & CISO, Moneygram International • Michael Matthews, CIO, Deluxe Corp. • Sean Pike, Program Vice President, Security, IDC • Surveyed over 300 executives across North America and Europe • 66% CIO/CTO/CISO/CSO • 34% VP/SVP of Tech of InfoSec • All companies had at least $100M in revenue, and 50% had revenue >= $1B • Interviewed industry experts, analysts, and customers BMC partners with Forbes Insights 2nd Annual Security Operations
- 3. 69% Say Digital Transformation is Forcing Changes to Cybersecurity Strategies Responds to new digital competitors Solidifies and grow market share Serves shifting customer demands
- 4. 3 New Technologies Are Creating the Biggest Security Challenges Why? Clouds and mobile apps send data outside secure firewalls Big data apps centralize data, for easy access by thieves if they breach defenses Public clouds (65%) Big data (63%) Mobile apps (61%)
- 5. Exposure of intellectual property Damage to corporate reputation The Risks to Enterprises Without a Strong Cybersecurity Strategy are Indisputable Theft of corporate financial information Release of sensitive customer information
- 6. The Challenge: Act Now or Leave Corporate Assets Vulnerable to Hackers CIOs and CISOs must expand efforts to: Address sophisticated armies of global cyber-thieves, many of whom are backed by national governments Close the new security gaps that arise as their organizations embrace digital transformation
- 7. The Trade-Off: Boards Must Balance Investments for Security and Next-Gen Business Technology say security was a higher priority in 2016 82% say security investments will rise again in 2017 76% AND of CIOs 75% of CISOs But these executives also acknowledge that when lobbying for additional security funding, technology execs are competing with business peers, all of whom are trying to convince the board where it should allocate money.
- 8. The Answer: Follow 3 Steps to Create a Secure Enterprise Operations Strategy Backed by a Solid Execution Model Target security spending for the biggest impact Redouble efforts to secure mission-critical assets Address organizational and cultural issues
- 9. Step 1 for Waging Modern Cyber Warfare: Target Security Spending for the Biggest Impact 64% will increase investments in 2017 for protecting against known security threats plan to enhance incident response capabilities in the next year 68% Organizations mitigate damages from today’s biggest risks • 43% say investments in IT patch and automation had best ROI The Result:
- 10. Step 2 for Waging Modern Cyber Warfare: Redouble Efforts to Secure Mission-Critical Assets will devote more personnel and technology to ensure the enterprise is never breached will combine security and operations personnel into teams dedicated to specific mission-critical applications 47% 45% Organizations optimize security activities for their most valuable resources The Result:
- 11. Step 3 for Waging Modern Cyber Warfare: Address Organizational and Cultural Issues agree that line-of- business managers must take a greater role in developing security strategies say operations accountability for breaches will increase 72% 52% A culture of security permeates the organization to more effectively fight cybercrime The Result:
- 12. The Benefits of a Modern Cybersecurity Strategy Are Undeniable Safeguards enterprises at a time of change Targets investments for biggest benefits Stays current with latest exploits and cyber-thieves Increased market share, sales, and customer satisfaction
- 13. expanded vulnerability discovery and remediation to fend off hackers say security investments will rise in 2017 60% 82% say digital transformation is forcing changes to cybersecurity strategies will boost spending to protect against known threats plan to enhance incident response capabilities 69% 64% 68% Re-engineering Security Playbooks in the Age of Digital Transformation Key Takeaways
- 14. Additional Resources Learn more about today’s biggest cybersecurity threats and the new security model that can fill the gaps Read the full report, “Enterprises Re-engineer Security in the Age of Digital Transformation”
Notes de l'éditeur
- On January11th BMC announced its second annual security survey done in partnership with Forbes Insights. Forbes insights is the strategic research and thought leadership practice of Forbes Media, a global media, branding and technology company whose combined platforms reach nearly 75 million business decision makers worldwide on a monthly basis. By leveraging proprietary databases of senior-level executives in the Forbes community, Forbes insights conducts research on a wide range of topics to position brands as thought leaders and drive stakeholder engagement. research findings are delivered through a variety of digital, print and live executions, and amplified across Forbes’ social and media platforms. Details of the survey methodology include Surveyed over 300 executives across North America and Europe 66% CIO/CTO/CISO/CSO 34% VP/SVP of Tech of InfoSec All companies had at least $100M in revenue, and 50% had revenue >= $1B Interviewed industry experts, analysts, and customers Cameron Brown, former Forensic Specialist with the United Nations Scott Crowder, CIO, BMC Paul Lewis, CTO Hitachi Data Systems Betty Elliott, Head of InfoSec and CISO, Moneygram International Michael Matthews, CIO, Deluxe Corp. Sean Pike, Program Vice President, Security, IDC The purpose of this presentation is to review some of the key highlights of the report.
- So why should anyone be looking at their security strategy? What events have occurred that have caused the current methods or practices to be out of date? 69% said that digital transformation initiatives have caused them to reconsider their security strategy. Many have pursued a digital strategy as they respond to newer and more nimble digital competitors – organizations that were built from the start considering the needs and demands of an online or digital business. As customers with vast legacy infrastructures try to match them step for step they frequently run into challenges. A digital transformation strategy is the way many are trying to solidify or grow their market share – possibly in new countries around the globe which also creates new security and compliance headaches. Lastly – the constant demand from an increasingly technology led customer base. People demand convenience and speed and quality. Switching costs for many products and services are at an all time low, so in order to achieve any level of loyalty a key component of the strategy must be to be constantly evolving the offerings. How has digital transformation impacted you?
- How has digital transformation changed the technology landscape? Cloud, cloud, and more cloud. 65% listed the usage of public clouds as one of their biggest security concerns, with Hybrid clouds picking up 60%. Big Data and Mobile apps also ranked high and have a clear and direct dependence on cloud capabilities. One of the easiest ways to get code out quickly is to leverage cloud resources, but with that speed comes a price and for many security has paid it. Cloud can expand the attack surface exponentially as entry points are created. Many organizations are struggling to understand the implications of their cloud usage on security as they try to map out where data is going and how to protect it, and how not to leave doors open to attackers. What are your biggest concerns?
- We asked organizations what they were most concerned about protecting. The results were a little surprising. The two of greatest concern were theft of corporate financial information, and the release of customer sensitive information – these beat out brand damage and IP by over 10 percentage points each. What are you most concerned about?
- The challenge facing every organization is to act now, or to suffer the consequences at the hands of hackers. They ARE investing in their skills and abilities. They are taking advantage of open source tools, they are organizing together in syndicates. This is no longer a hobby, its an all out attack. Failure to act may have devastating consequences. Link - http://www.cio.com/article/3150231/security/top-15-security-predictions-for-2017.html Article discusses the top security predictions and stresses importance of acting now and the organization of hackers What are your plans?
- “Do you devote money to maintaining the old environment and preventing security problems that might happen or do you invest in technology that could be a game changer for the business unit?” -- Scott Crowder, CIO, BMC 82% said they plan to invest more in security in the upcoming year. Like all business decisions, you need to make your case, and its hard to make a case on “this could happen” scenarios. In the next few slides we elaborate on how you can place your investments in the areas with strong hard savings that will help win over budget.
- So how do you start? BMC can help customers in a myriad of ways. One of the biggest first steps is to sit down and figure out where the biggest areas of opportunity are and then build a plan to address those. Target security spending for the biggest impact – make sure those dollars are working Redouble efforts to secure mission-critical assets – by their nature these are more complex and more bran power is needed to work on them. Free those resources up by making strong investments in item 1. Address organizational and cultural issues – money can’t fix everything. Some of it comes from the tone and tenor of the organization. Let’s walk through these steps and see which are of most interest to you to dig deeper.
- A great strategy is about balance. In security its about balancing the known with the unknown. Or mastering the known so resources are freed up to deal with the unknown. 64% will increase investments to protect against known threats. This includes things like patching and remediation of known vulnerabilities – 43% said the investments in IT patch and automation had the highest ROI of all their security investments. 60% said that better vulnerability id and remediation was the best way to make themselves less attractive targets for hackers Mastering the known is one stream of activities – and with strategic investments in automation to remove manual processes, it can free up already taxed resources to work on the unknown. As such - 68% will invest in incident response capabilities for the next year. What are your plans? 43% say investments in IT and patch-automation systems delivered the best ROI in 2016
- Take care of the mission critical assets. In many organizations the systems that are least up to date on patching are those with mission critical applications. This is largely because people are most afraid to touch these. The most frightening piece of that equation is that these are likely also the biggest targets with the most sensitive data. So what do we do. 47% of organizations plan to devote more personnel to these efforts, and 45% plan to combine the security and operations teams dedicated to these specific mission-critical applications. It is likely you will also see the line of business manager thrown into this mix as 72% believe the LOB owner should also take a greater role in security as they have the most intimate knowledge of the application. What these stats tell me is that there really isn’t a great plan at the moment, but the initial salvo will be to throw some more bodies at it to get to a reasonable conclusion . We expect to explore this conversation more with our customer over the coming months and with the next set of research. Likely topics to come up will be – how best to prioritize changes, how to make sure we don’t suffer from alert fatigue, how do we use the data we have in a meaningful way, what are the best testing strategies? A key question will be – are you able to dedicate the resources to this to figure it out? That’s what makes step 1 so critical.
- 54% will develop a corporate culture that makes everyone in the company responsible for security Simply changing org charts or throwing teams together – by itself rarely has any kind of meaningful or lasting impact. In order for security to be a priority, it needs to be seen that the executives and leaders are making it a priority, and that focus is inherent to everything from day to day interactions to performance metrics. As mentioned previously 72% believe line of business managers need to take a greater role in developing security strategies – they need to be AWARE of the security posture and they need to be designing with security in mind. They need to be part of the process of keeping their applications up to date and not the source of “no, you can’t touch that”. Interestingly the operations team is poised to take a bigger role in security, with 52% saying that accountability for breaches will increase over the next 12 months. 47% said that operations will all have increased accountability for ensuring that known remediations are applied within established service level agreements. This increased level of scrutiny in performance metrics will be a potentially unwelcome change for many as they do not have a clear way to measure – do you have a way to measure performance against SLAs for patching/remediation? What does it take to do it?
- Are you ready to improve your cybersecurity strategy? What areas have interested you the most?