20th march session five by ramesh shanmughanathan
DESCRIPTION
Enabling A Secure Enterprise - Ramesh Shanmughanathan, Group CIO John Keells Holdings Plc Sri LankaTRANSCRIPT
ENABLING A SECURE ENTERPRISE
- A RATIONALE APPROACH
Ramesh ShanmuganathanExecutive Vice President / CIO
John Keells Group
20th March 2010
BUSINESS CONTEXT IS CHANGING
Source: Forrester Research, Inc.
Access is granted to employees only
Applications and data are centralized in fortified IT bunkers
Security manager decides who gets access
Internal Focus
Centralized Assets
The goal of security is to protect against confidentiality breaches
Prevent Losses
IT Control
Yesterday
Suppliers, customers, and prospects all need some form
of access
Applications and data are distributed across servers,
locations, and business units
The goal of security is to enable eCommerce
Business units want the authority to grant access
External Focus
Distributed Assets
Generate Revenue
Business Control
Today
IT IS BECOMING A BUSINESS ENABLER
Basic
Uncoordinated, manual
infrastructure
Objective
Ability toChange
Resource Utilization
Processes& Automation
BusinessAlignment
React
Organized
Centrally Managed IT Infrastructure with some automation
Optimized
Managed and consolidated IT Infrastructure
Dynamic
Fully automated IT management dynamic
resource usage and business linked SLA's
Slow, weeks to months
Unknown
Ad hoc
No SLAs
Manage
Weeks
Known, poor
Defined
Arbitrary SLAs
Reduce complexity
Days
Optimized
Mature
Class of Service SLAs
Agility
Minutes
High, As needed
Policy-based
BusinessSLAs
Role of IT
Cost Center Efficient Cost Center
Business Enabler
Strategic Asset
BUSINESS & IT PRIORITIES ARE GETTING ALIGNED
4
1. Security
2. Application integration
3. Compliance/ risk management
4. Disaster recovery/ business continuity
5. Enterprise Applications
1. Managing risk
2. Achieving growth and profitability
3. Acquiring new customers
4. Using IT to reduce costs and create value
5. Changing organizational culture
Sources:Goldman Sachs, Accenture
Top Business Priorities Top IT Spending Priorities
ENABLING A SECURE ENTERPRISE THE BUSINESS CASE
Benefits – What is the tangible benefits of Securing your enterprise? Increased Business Agility IT enabled delivery channels Better time to market Effective roll-out of corporate/business strategies 360 view of customers - knowledge is power!
Investments - What is the true cost of Securing your enterprise? Confidentiality-Integrity-Availability(CIA) vs Disclosure-
Alteration-Distruction (DAD) Insurance analogy – security is a necessary evil? Risk Management =F (Fear, Uncertainty, Doubt)?
Authentication, Directory, FederationAuthentication, Directory, Federation
Development tools Development tools for secure codefor secure code
Policy, Code (Identity, Updates)Policy, Code (Identity, Updates)
IsolationIsolation(Firewall, Quarantine)(Firewall, Quarantine)
ENABLING A SECURE ENTERPRISE THE PERTINENT ISSUES
ENABLING A SECURE ENTERPRISE THE COMPETING FACTORS
Information Security Policy
Asset evaluation, Classifications and Control
Information Security Organization
Business Continuity & Compliance
Access Control & incident management
Security deployment , enforcement & risk mitigation
Business drivers
Blue printing, Control measures and Management
Security systems acquisition, Implementation & Monitoring
ENABLING A SECURE ENTERPRISE THE APPROACH
3 “D”s DefenseDeterrenceDetection
5 stepsAssets – What is to be protected?Risks – What are the threats, vulnerabilities?Protections – How will the assets be protected?Tools – What will be done to protect them?Priorities – In what order will the protective steps
be implemented ( multi-layered methodology) ?
ENABLING A SECURE ENTERPRISE THE 3D-5 STEP METHOD
CustomerNeed
ENABLING A SECURE ENTERPRISE CONTINUOUS REVIEW
The pertinent question is not how to do things right but, how to find the right
things to do , and concentrate resources and efforts on them.
- Peter F Drucker ( 1964)
11
A parting thought……….
Thank you!
My touch points:Skype: ramesh24inc , Gtalk: ramesh.shanmuganathan
Email: [email protected], [email protected]
Internet : www.keells.com , www.ramesh24.com 12