ENABLING A SECURE ENTERPRISE

- A RATIONALE APPROACH

Ramesh ShanmuganathanExecutive Vice President / CIO

John Keells Group

20th March 2010

BUSINESS CONTEXT IS CHANGING

Source: Forrester Research, Inc.

Access is granted to employees only

Applications and data are centralized in fortified IT bunkers

Security manager decides who gets access

Internal Focus

Centralized Assets

The goal of security is to protect against confidentiality breaches

Prevent Losses

IT Control

Yesterday

Suppliers, customers, and prospects all need some form

of access

Applications and data are distributed across servers,

locations, and business units

The goal of security is to enable eCommerce

Business units want the authority to grant access

External Focus

Distributed Assets

Generate Revenue

Business Control

Today

IT IS BECOMING A BUSINESS ENABLER

Basic

Uncoordinated, manual

infrastructure

Objective

Ability toChange

Resource Utilization

Processes& Automation

BusinessAlignment

React

Organized

Centrally Managed IT Infrastructure with some automation

Optimized

Managed and consolidated IT Infrastructure

Dynamic

Fully automated IT management dynamic

resource usage and business linked SLA's

Slow, weeks to months

Unknown

Ad hoc

No SLAs

Manage

Weeks

Known, poor

Defined

Arbitrary SLAs

Reduce complexity

Days

Optimized

Mature

Class of Service SLAs

Agility

Minutes

High, As needed

Policy-based

BusinessSLAs

Role of IT

Cost Center Efficient Cost Center

Business Enabler

Strategic Asset

BUSINESS & IT PRIORITIES ARE GETTING ALIGNED

4

1. Security

2. Application integration

3. Compliance/ risk management

4. Disaster recovery/ business continuity

5. Enterprise Applications

1. Managing risk

2. Achieving growth and profitability

3. Acquiring new customers

4. Using IT to reduce costs and create value

5. Changing organizational culture

Sources:Goldman Sachs, Accenture

Top Business Priorities Top IT Spending Priorities

ENABLING A SECURE ENTERPRISE THE BUSINESS CASE

Benefits – What is the tangible benefits of Securing your enterprise? Increased Business Agility IT enabled delivery channels Better time to market Effective roll-out of corporate/business strategies 360 view of customers - knowledge is power!

Investments - What is the true cost of Securing your enterprise? Confidentiality-Integrity-Availability(CIA) vs Disclosure-

Alteration-Distruction (DAD) Insurance analogy – security is a necessary evil? Risk Management =F (Fear, Uncertainty, Doubt)?

Authentication, Directory, FederationAuthentication, Directory, Federation

Development tools Development tools for secure codefor secure code

Policy, Code (Identity, Updates)Policy, Code (Identity, Updates)

IsolationIsolation(Firewall, Quarantine)(Firewall, Quarantine)

ENABLING A SECURE ENTERPRISE THE PERTINENT ISSUES

ENABLING A SECURE ENTERPRISE THE COMPETING FACTORS

Information Security Policy

Asset evaluation, Classifications and Control

Information Security Organization

Business Continuity & Compliance

Access Control & incident management

Security deployment , enforcement & risk mitigation

Business drivers

Blue printing, Control measures and Management

Security systems acquisition, Implementation & Monitoring

ENABLING A SECURE ENTERPRISE THE APPROACH

3 “D”s DefenseDeterrenceDetection

5 stepsAssets – What is to be protected?Risks – What are the threats, vulnerabilities?Protections – How will the assets be protected?Tools – What will be done to protect them?Priorities – In what order will the protective steps

be implemented ( multi-layered methodology) ?

ENABLING A SECURE ENTERPRISE THE 3D-5 STEP METHOD

CustomerNeed

ENABLING A SECURE ENTERPRISE CONTINUOUS REVIEW

The pertinent question is not how to do things right but, how to find the right

things to do , and concentrate resources and efforts on them.

- Peter F Drucker ( 1964)

11

A parting thought……….

Thank you!

My touch points:Skype: ramesh24inc , Gtalk: ramesh.shanmuganathan

Email: ramesh@keells.com, ramesh@ramesh24.com

Internet : www.keells.com , www.ramesh24.com 12