Presentation on theme: "Services and Facility Overview International Trends in IT Security State of CIO, 25 May 2004 Glen Noble, General Manager Hosting Solutions, Macquarie Corporate."— Presentation transcript:
Services and Facility Overview International Trends in IT Security State of CIO, 25 May 2004 Glen Noble, General Manager Hosting Solutions, Macquarie Corporate James Southworth, CEO & Chief Technical Officer, Secure Pathways, Inc
Agenda 1.Corporate Governance – the escalating need for information security in organisations 2.Security issues of the CIO 3.Trends driven by the Internet Managed Security Services model From reactive to proactive models Architecture changes 4.The US experience 5.Summary
Macquarie Corporate IT&T Solutions to Corporate & Government Voice, Mobile, Data, Internet, Hosting, Security Solutions Australia & Asia Hosting Solutions –World class facility : DSD Accreditation, BS7799, Sun Tone –Broadband multi-homed; carrier independent –Managed Dedicated Hosting, Managed Colocation –BCP / DR, Managed Security, Managed Storage, WAN Connectivity
Is the threat real? Yes - not many corporates “owning up” there is plenty of evidence –AusCert Report –The consultants, Gartner et all –Macquarie’s experience 95%+ of corporate & government customers have a online presence ~100% of customers have a permanent internet connection* Every business has a 24 x 7 security concern - The threat is real and growing * Macquarie Corporate Survey of Customer Base 2002
Legislation which will Drive Security Privacy (Private Sector) Amendment Act 2000 Cybercrime Act 2001 Commonwealth Criminal Code - Corporate Culture Offences NOIE/Attorney General Dept 1992 - Director’s responsibility US Sarbanes-Oxley Act of 2002 Legislation & Corporate Governance has forced security to a board room issue
Internal Vs External Most corporates can’t afford the level of security they require –Capital cost many $100ks - $1.0m –HR costs of specialists & 24x7 is significant $750k-$1.5m Hackers don't respect business hours. –Detection, responses & counter-measures 24x7 Higher security implementation than internal deployment –skill set, priority of security management vs IT issues Managed Security Services from $400 pm Select which parts to be done internally vs externally with a partner
CIO issues Budget restraints Skills shortages Increasing need for 24 x 7 x 365 operations Current architecture WAN and internet security The ability to monitor and respond Counter measures Identifying the real threats
Secure Pathways, Inc Security Technology Systems Integrator and Consultancy Based in Virginia, USA in the Washington DC area Servicing US government markets and Fortune 100 Companies. Consulting to US Federal Law Enforcement domestically and to Interpol HQ in France Experts in internet access technologies and technologies needed to protect access in all forms.
Real Security, A Culture ! Three Major Components Technical, –Firewalls, –Software, –Authentication / Identification, Biometrics, PKI –Physical, Locks, Walls and cages, Guys with Guns (or whistles) – Procedure (Everybody Forgets this one !) No exceptions No Road Blocks Authority to Act
Branch Office Primary ISP Network Secondary ISP Network VPN Router Branch LAN Branch Office Enterprise LAN - WAN Headquarters Site VPN Concentrator Branch LAN Firewall Internet Mobile VPN Concentrator Mobile With Today’s Mobile Workforce, the Complexity Multiplies DSL Cable Remote Office DSL Cable Remote Office Teleworker DSL Cable DSL Cable Teleworker Traditional Solutions NOT Do NOT Scale
Mobile/Telecommuters/ Customers Customer or Vendor Secure Hosting & the Role of a Security MSSP Customer or Vendor Internet VPN Cloud aka Walled Garden Secure with QoS Secure without QoS Headquarters Firewall and/or Encryptor Router Branch Office Customer or Vendor Hosting Center Ethernet Switch Security Intranet or Extranet Servers VPN & Secure Hosting – Role of Security MSSP
Field Office Enterprise LAN - WAN Headquarters LAN Firewall Mobile Teleworker Mobile Paradigm shift – internet mobility Firewall Teleworker Secure Ad Hoc Project Teams Needed Internet
It is simple to make things complex. It is complex to make things simple. Core Belief
The US experience Spyware and Computer Monitoring, existing firewall and normal security precautions are usually circumvented by spyware. Trend to selective security outsourcing Too much data => correlation engines New Architectures required for Gig-Ethernet and 10-Gig Ethernet Voice and Video over IP Existing firewall and corporate LAN’s need to be re-designed to gain the advantages of VOIP
Conclusion and Summary Every business has an ongoing 24x7x365 security problem Corporate governance, privacy regulations & high cost of loss dictates that security needs to be taken seriously Information Security is a multi-divisional implementation process (including BCP, DR, Access Policy, etc). Every organisation must evaluate their risk & then determine their needs. The worst plan is no plan! Customisation and management are the keys to effective security solutions.