26 #SmarterEnterprise

OttawaOctober 9, 2014

#SmarterEnterprise

27 #SmarterEnterprise

Big Data SecurityDon’t  Risk  it:    Gain  Trust  Worthy  Insights  with Enterprise Risk Governance

Chris Mallon,Software Business Executive, IBM Canada Middleware Group

chris@ca.ibm.com

28 #SmarterEnterprise

A new security reality is here

61%data theft and cybercrimeare their greatest threats2012 IBM Global Reputational Risk & IT Study

of organizations say

Average cost of adata breach

2014 Cost of Data Breach, Ponemon Institute

$3.5M

70%of security

executives have cloud and mobile security concerns2013 IBM CISO Survey

Mobile malware growthin just one year

2012 - 2013 Juniper Mobile Threat Report

614% security tools from

vendors

8545

IBM client example

83%of enterprises

have difficulty finding the security skills they need2012 ESG Research

29 #SmarterEnterprise

We are in an era of continuous breachesNear Daily Leaks of Sensitive Data

40% increase in reported data

breaches and incidents

Relentless Use of Multiple Methods

500,000,000+ records were leaked, while the future

shows no sign of change

2011 2012 2013

Note: Size of circle estimates relative impact of incident in terms of cost to business.

SQL injection

Spear phishing

DDoS Third-party software

Physical access

Malware XSS Watering hole

Undisclosed

Attack types

30 #SmarterEnterprise

Security is a board room discussion, and security leaders are more accountable than ever before

31 #SmarterEnterprise

Applications SYSTEMS APPLICATIONS

WEB APPLICATIONS WEB 2.0 MOBILE

APPLICATIONS

DATACENTERS PCs LAPTOPSInfrastructure

CLOUDMOBILE NON-TRADITIONALMOBILE

Security challenges are a complex, four-dimensional  puzzle…

PeopleEMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS

CONSULTANTS PARTNES CONSUMERS

Data STRUCTURED UNSTRUCTURED AT REST IN MOTION

…a  holistic  approach  is  needed

CONSUMERS

IN MOTION

MOBILEAPPLICATIONS

MOBILE

EMPLOYEES

UNSTRUCTURED

WEB 2.0

CLOUDPCs

OUTSOURCERS

STRUCTURED

SYSTEMSAPPLICATIONS

32 #SmarterEnterprise

Ensuring data is secure and sensitive data is kept private

Security & Privacy are related, both are needed to protect data across the enterprise

Allow forAuthorized Use Only

Access to Authorized Users Only

Mask/Redact/Monitor/Audit

Mask/Redact/Encrypt/Monitor/Audit

Securitythe infrastructure-level lockdown, preventing or granting access to certain areas or data based on

authorization.

Privacythe functionality that controls access for users who are authorized

to access that data, but only have privileges to see & use a subset of the data for legitimate business purposes.

33 #SmarterEnterprise

IBM Security strategy• Delivering intelligence, integration and expertise across a comprehensive framework

Advanced threats

Cloud

Mobile

Compliance

Skills shortage

The IBM Security Framework

Security mega trendsCISO’s  changing  role

34 #SmarterEnterprise

Security and Compliance Concerns in Big Data Environments

Structured

Unstructured

Streaming

Massive volume of structured data movement• 2.38 TB / Hour load to data warehouse• High-volume load to Hadoop file system

Ingest unstructured data

Integrate streaming data sources

Big Data Platform

Hadoop Cluster

Clients

•Who is running big data requests? •How is privacy protected? •Is there an exceptional number of file permission exceptions?•Are these jobs part of an authorized program list accessing the data? •Has some new query application been developed that you were previously unaware existed?

35 #SmarterEnterprise

InfoSphere Data Privacy and Security

for Hadoop

InfoSphere Data Privacy and Security for Data Warehousing

Exadata

InfoSphere Data Privacy and Security

Define and ShareDiscover and Classify

Mask and RedactMonitor Data Activity

Purpose-Built Capabilities

IBM’s  Approach  to  Hadoop (BigInsights) and Data Warehouse Appliances (PDA/Netezza)InfoSphere Data Privacy and Security Solutions

36 #SmarterEnterprise

Data Security• Discover and harden your most valuable assets while enabling access

CLIENT SUCCESS

Identify andClassify Data

RecordEvents

AssessVulnerabilities

ProtectSensitive Data

MonitorPrivileged Users

A global financial services companysecured

2,000 critical databases

and saved

$21Min compliance costs

Protect data at rest,in motion, and in use

IBM Security Solutions

• Guardium DatabaseActivity Monitoring

• Guardium Encryption Expert

• Guardium / OptimData Masking

• Key Lifecycle Manager

37 #SmarterEnterprise

Sources, Systems, Silos, Data Marts

Big Data Platform

User Access Request

Identification of Sensitive DataDiscovery/Classification

Masking Structured and Unstructured Data

Access Monitoring and Auditing

IBM’s  Approach  to  Data  Privacy  and  Security

InfoSphere Optim Data PrivacyInfoSphere Guardium Data Redaction

InfoSphere DiscoveryInfoSphere Information Governance Catalogue

InfoSphere Guardium Data Activity Monitor

InfoSphere Guardium Data EncryptionInfoSphere Guardium Vulnerability Assessment

Encrypting Databases and FilesTesting for Infrastructure Vulnerabilities

38 #SmarterEnterprise

Secure and Protect Enterprise Data with the InfoSphere Platform InfoSphere Guardium

InfoSphere Optim

InfoSphere Identity Insight

InfoSphere Business Glossary

InfoSphere Discovery

Holistic Scalable Integrated

Reduce the cost of compliance

Prevent data breaches

Ensure data integrity

The Difference

Completely protects across diverse data environments and types, including big data

Scales across small and large heterogeneous enterprises

Delivers both processes and technologies

Customer streamlines testing and protects test data saving $240K/year in administrative costs

Monitoring database activity protects data and provides 239% ROI

Customer saves $1M per month by preventing fraud

39 #SmarterEnterprise

Safeguarding Customer Information for Washington Metropolitan Area Transit Authority (Metro)

• Who: Operates 2nd largest U.S. rail transit system and transports more than a third of the federal government to work

• Need: Metro needed to safeguard sensitive customer data and simplify compliance with PCI-DSS -- without impacting performance or changing database configurations– Protecting customer data– Passing audits more quickly and easily– Monitoring for potential fraud in PeopleSoft system

• Environment– More than 9 million transactions per year (Level 1 merchant)– Complex, multi-tier heterogeneous environment

• Alternatives considered: Native logging and auditing impractical

• Customer Impact: “Our  customers  trust  us  to  transport  them  safely  and  safeguard  their  personal  information.”– “We  looked  at  native  DBMS  logging  and  auditing,  but  it’s  impractical  because  of  its  high  

overhead,  especially  when  you’re  capturing  every  SELECT  in  a  high-volume environment like  ours.  In  addition,  native  auditing  doesn’t  enforce  separation  of  duties  or  prevent  unauthorized  access  by  privileged  insiders.”

40 #SmarterEnterprise

IBM UseIBM InfoSphere Guardium

• Guardium presently monitors a subset of IBM’s  internal    applications.    The  focus  of  our Guardium deployments is on Sarbanes-Oxley regulatory controlled data, and the primary benefit being derived is privileged user activity monitoring. Internal use of Guardium is set to expand in 2013/2014.

IBM Key Lifecycle Manager• IBM HR has been using its Key Lifecycle

Manager product for 6 years, to manage the keys for tape encryption. They are a public reference for this product.

Examples of IBM Internal Use of the IBM Security portfolio

Identify andClassify Data

RecordEvents

AssessVulnerabilities

ProtectSensitive Data

MonitorPrivileged Users

Protect data at rest,in motion, and in use

IBM Security Solutions• Guardium Database

Activity Monitoring• Guardium Encryption

Expert

• Guardium / OptimData Masking

• Key Lifecycle Manager

41 #SmarterEnterprise

IBM Security market-changing milestones

Mainframeand server

security

SOA management and security

Network intrusion prevention

Access management

Application securityRisk management Data management

1976

1999

2006

2007

2008

2009

2010

2005

2013

2002

Identity managementDirectory integration

2011

2012

Enterprisesingle-

sign-on

Database monitoring and protection

Applicationsecurity

Endpoint managementand securityInformation

and analyticsmanagement

Securityintelligence

Secure mobile management

Advanced fraud protection

• 6,000+ IBM Security experts worldwide

• 3,000+ IBM security patents

• 4,000+ IBM managed security services clients worldwide

• 25 IBM Security labs worldwide

IBM Securityis created

42 #SmarterEnterprise

IBM Security• Integrated capabilities delivered across a comprehensive security framework

QRadar

Trusteer

Identity and Access Management

InfoSphere Guardium

AppScan

Network andEndpoint Protection

IBM X-ForceMonitor  and  evaluate  today’s  threats

Detect, analyze, and prioritize threats

Reduce fraud and malware

Manage users and their access

Discover and harden valuable assets

Secure critical business applications

Protect infrastructure against attacks

The IBM Security Framework

43 #SmarterEnterprise

IBM Security latest industry rankings

44 #SmarterEnterprise

At IBM, the world is our security lab

45 #SmarterEnterprise

IBM X-Force® Research and DevelopmentExpert analysis and data sharing on the global threat landscape

The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new  attack  techniques  and  develop  protection  for  tomorrow’s  security  challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

VulnerabilityProtection

IPReputation

Anti-Spam

MalwareAnalysis

WebApplication

Control

URL / WebFiltering

Zero-dayResearch

46 #SmarterEnterprise

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework

Intelligence

Integration

Expertise

Join us at IBM Insight 2014.

the largest big data conference in the world

sessions and innovativeStreams on Business Analytics,Enterprise Content ManagementAnd Information Management

foundnetworkingopportunitiesinvaluable

business- and industry-focused sessions featuringtop experts from around the world

technical sessions, hands- on labs and developer activities that include cloud, mobile, security, social, Watson and more

exhibitors at the EXPOIncluding showcasesfrom 250+ Business Partners

in training, certification, hands-on labs,networking, executive one-on-one meetings,expert talks and food and entertainment

client andBusiness Partner speakers fromacross all industries

IBM, the IBM logo, and ibm.com are trademarks of IBM Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  web  at  “Copyright  and  trademark  information”  at ibm.com/legal/copytrade.shtml.© Copyright IBM Corporation 2014.

attendees at the one-day Business Partner Summit

Attend IBM Insight to learn how big data and analytics can help you outperform your peers. With IBM business and technical solutions forbig data and analytics, you can turn cloud,mobile and social into competitive advantage.

48 #SmarterEnterprise

Potential next stepsSchedule a Client Value Engagement (CVE) at no cost to you• Business and IT: Narrow the communication gap• Easy to follow programmatic client-centric approach – determine possible benefits from solution• Fast time to completion: Less than 2 weeks – deliverables easy to follow and understand

Visit a lab for a deeper dive with our Product Managers and R&D teams• In-depth technical discussions & product demonstrations• Product roadmap discussions; get the latest on innovations and research• Collaborate with our best experts on your problems and potential solutions

Visit the web for more about InfoSphere solutions • Understanding and selecting data masking solutions• Understanding encryption requirements of PCI DSS• Managing compliance to protect enterprise data• Top tips for security big data environments• Three guiding principals to improve data security• Gartner Magic Quadrant Data Masking Technology

49 #SmarterEnterprise