Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
Cybersecurity, Data Management, and You: Best Practices for Protecting Enterprise Data
Johna Till Johnson CEO, Nemertes Research
[email protected], @johnatilljohnso
May 9, 2018
© 2018 Nemertes Research DN6744 1
Agenda
• Information stewardship: the discipline of data management
• The cybersecurity challenge: risk management in a hyperconnected world
• New paradigm: the zero-trust model
• Putting it all together
© 2018 Nemertes Research DN6744 2
Information Stewardship: The Art of Data Management
3© 2018 Nemertes Research DN6744
Information Stewardship
Information
Protection
Data quality
management
Information Lifecycle
Management
BCP/DR
Compliance
Information Stewardship
Information Stewardship Disciplines
© 2018 Nemertes Research DN6744 4
What Information Stewardship Means
Data Classification
Organizational Structure
User Classification
Key Technologies
Information Protection
Which data must be protected?
Who is responsible for protecting data
Who can see data Identity management, encryption, anti-malware
Data Quality Management
Which data must be accurate and to what degree?
Who is responsible for ensuring data integrity
Who can enter/modify data Data cleansing, data matching, ETL
BCP/DR How quickly must different tiers of data be restored?
Who is responsible for ensuring data availability
Who needs fastest access to data in event of outage?
Networking, disk mirroring, clustering, grid
ILM Where should data reside? Who determines where data should reside
Who has access to data at different storage “tiers”
Disk arrays, virtualized storage, ILM software tape drives
Compliance Degree to which data is affected by regulations
How compliance and IT intersect and communicate
Who is responsible for ensuring/enforcing compliance
Logging, auditing, monitoring
© 2018 Nemertes Research DN6744 5
The Information Lifecycle
Security
and
Compliance
Acquisition
Classification and Management
InfrastructureAnalysis and Visualization
End of Life
© 2018 Nemertes Research DN6744 6
Acquisition/Transformation• Old friends
o ODBC/JDBC/SQL queryo ETL/EAI/Data integration toolso Flat file import
• Newer wayso Web serviceso Storm — “Stream Reduce” & processing/massaging continuous feedso Sqoop — Parallelize via MapReduceo Flume — Apache; light modifications of data; minutes not hours; text
file aggregation and import typicallyo Activity streams
7© 2018 Nemertes Research DN6744
Example: Flume• Scalable, dynamic data aggregation• Context-driven data handling
o Load balancing, routingo Split, MUX, replicate, tag, filter, serialize
• Rules based and extensible• Low latency processing
• Transactional push of data through channel
• Flexible:o Many sources, many channels
per agento Many sources to a channelo Many channels to a sourceo Sinks get one channel only
8© 2018 Nemertes Research DN6744
Classification Systems and Standards
• Mostly proprietary tools and systems for associating metadata with files of unstructured data
• MDM, e-Discovery, enterprise search, archiving, and general purpose classification tools
• Some standards, models, ontologies, taxonomieso RDF/SKOS/OWL (semantic web standards for modeling content)
o XBRL (taxonomy for ledger information)
o GALEN (ontology for medicine)
o NIST SP 800-60 v 1 (mapping information to security categories)
9© 2018 Nemertes Research DN6744
Information
Stewardship
Disciplines
Data Classification
Organizational
Structure
User Classification
Key Technologies
Processes,
and Procedures
Disciplines Parameters & Policies Processes
Tying It All Together
© 2018 Nemertes Research DN6744 10
The cybersecurity challenge: risk management in a hyperconnectedworld
11© 2018 Nemertes Research DN6744
The Problem
Too much data…
© 2018 Nemertes Research DN6744 12
The Problem
Too much data…
1400 infosec
products on the market—
all generating data
© 2018 Nemertes Research DN6744 13
The Problem
Too much data…
1400 infosec
products on the market—
all generating data
1Tbyte/day or more
of security incident info
© 2018 Nemertes Research DN6744 14
The Problem
Too much data…
1400 infosec
products on the market—
all generating data
1Tbyte/day or more
of security incident info
IDS/IPS can generate 500
or more false positives/day
© 2018 Nemertes Research DN6744 15
The Problem
Too much data…
1400 infosec
products on the market—
all generating data
1Tbyte/day or more
of security incident info
IDS/IPS can generate 500
or more false positives/day
Every networked device, system,
endpoint, application generates
1000s of log events
© 2018 Nemertes Research DN6744 16
The Problem
Too much data…
1400 infosec
products on the market—
all generating data
1Tbyte/day or more
of security incident info
IDS/IPS can generate 500
or more false positives/day
Every networked device, system,
endpoint, application generates
1000s of log events
Correlating events in real time
would require
100s of security analysts—and
more every day!
© 2018 Nemertes Research DN6744 17
The Problem
Too much data…
1400 infosec
products on the market—
all generating data
1Tbyte/day or more
of security incident info
IDS/IPS can generate 500
or more false positives/day
Every networked device, system,
endpoint, application generates
1000s of log events
Correlating events in real time
would require
100s of security analysts—and
more every day!
© 2018 Nemertes Research DN6744 18
The Problem
Too much data…
© 2018 Nemertes Research DN6744 19
The Problem
Too much data…not enough information!
I still don’t know
what’s going on!
© 2018 Nemertes Research DN6744 20
What Is Advanced Security Analytics
• No single universal definition of the term
• Uses techniques from AI and machine learning to uncover security vulnerabilities, threats, breaches and attacks and perform forensic analysis
• May be developed and delivered in a range of ways: o Do it Yourself (applying general purpose Big Data tools and
techniques to the problem of enterprise security)
o Via special-purpose tools, particularly Behavioral Threat Analytics
o As enhanced capabilities of existing tools and services
© 2018 Nemertes Research DN6744 21
Benefits of ASA
•Drastic reduction in staff time to sort and analyze
•“Went from 500 false positives/day to 3-4 real threats”—CISO, Global 200Reduce false positives
•Shut down malicious activity instantly
•“There’s no other way we could have known what our users are doing,” –CISO, major enterprise
Respond to threats immediately
•Leverages, rather than replaces, investments in Splunk, IDS/IPS, etc
•“It’s the cornerstone of 3-4 other products,”—CISO, global services provider
Leverage existing analytics
•Integrates multiple data sources; can correlate physical, user, system activity
•“Why is Bob sending 10,000 emails from his desktop when he is badged in across the country?”
Detect multi-vector & AP threats
•Evidence for audits, complianceProvide documentation
of attacks© 2018 Nemertes Research DN6744 22
New paradigm: the zero-trust model
23© 2018 Nemertes Research DN6744
Zero Trust: All Assets Untrusted
• Originally developed by Google as part of BeyondCorp™ architecture
• Assumes all assets untrusted; inside the firewall is no safer than outside
• Impacts on all devices, applications, services:o Data-centric approacho Requires detailed asset inventoryo Authentication, authorization, access control at every levelo Firewalls no longer delineate “safe” from “risky”o Encryption everywhere!
24© 2018 Nemertes Research DN6744
Zero Trust: All Assets Untrusted
©2016 Google
25© 2018 Nemertes Research DN6744
Zero Trust: Classification is Key
©2016 Google
26© 2018 Nemertes Research DN6744
State of Zero Trust Today
27© 2018 Nemertes Research DN6744
Current State: Overall
34.0%
17.3%
13.5%
12.8%
12.8%
9.6%
2.6%
Haven't heard of it or am not quite sure what it is
Evaluating
Have now
No plans
Planning for 2017
Planning for 2018
No plans (evaluated but rejected)
Zero-Trust Security: Current State
28© 2018 Nemertes Research DN6744
Current State: by Success
34.6%
9.9%
13.6%
2.5%
14.8%
12.3%
12.3%
31.6%
16.5%
20.3%
2.5%
10.1%
12.7%
6.3%
Haven'theardofitoramnotquitesurewhatitis
CurrentlyImplemen ng
Evalua ng
Notplanning(evaluatedbutrejected)
Notplanning
Planningfor2017
Planningfor2018
ZeroTrustAdop onbySuccess
MoreSuccessful
LessSuccessful
29© 2018 Nemertes Research DN6744
Enabling Tools and Practices for Zero Trust
30© 2018 Nemertes Research DN6744
Data Classification
46.4%
26.8%
10.7%
10.7%
3.6%
1.8%
42.2%
7.8%
7.8%
17.6%
1.0%
23.5%
Havenow
Planningfor2017
Planningfor2018
Evalua ng
Notplanning(assessedandrejected)
Notplanning
DataClassifica onAdop on
ZeroTrustNon-Adopters
ZeroTrustAdopters
31© 2018 Nemertes Research DN6744
Data Classification
46.4%
26.8%
10.7%
10.7%
3.6%
1.8%
42.2%
7.8%
7.8%
17.6%
1.0%
23.5%
Havenow
Planningfor2017
Planningfor2018
Evalua ng
Notplanning(assessedandrejected)
Notplanning
DataClassifica onAdop on
ZeroTrustNon-Adopters
ZeroTrustAdopters
Adopters up to 3X as likely to be implementing data classification
32© 2018 Nemertes Research DN6744
Security Automation
33© 2018 Nemertes Research DN6744
Security Automation
Adopters up to 70% as likely to be automating security
34© 2018 Nemertes Research DN6744
Firewall Architecture
0.0%
46.0%
24.0%
30.0%
8.0%
17.8%
35.5%
29.0%
17.8%
11.2%
Nofirewalls
Centralized
Distributed
Virtualized
Cloud-based
FirewallArchitecture
ZeroTrustNon-Adopters
ZeroTrustAdopters
35© 2018 Nemertes Research DN6744
Firewall Architecture
0.0%
46.0%
24.0%
30.0%
8.0%
17.8%
35.5%
29.0%
17.8%
11.2%
Nofirewalls
Centralized
Distributed
Virtualized
Cloud-based
FirewallArchitecture
ZeroTrustNon-Adopters
ZeroTrustAdopters
Adopters almost twice as likely to have virtualized firewalls
36© 2018 Nemertes Research DN6744
Firewall Architecture
0.0%
46.0%
24.0%
30.0%
8.0%
17.8%
35.5%
29.0%
17.8%
11.2%
Nofirewalls
Centralized
Distributed
Virtualized
Cloud-based
FirewallArchitecture
ZeroTrustNon-Adopters
ZeroTrustAdopters
Adopters more likely to have centralized firewalls
37© 2018 Nemertes Research DN6744
Advanced Endpoint Security (AES)
38© 2018 Nemertes Research DN6744
Advanced Endpoint Security (AES)
Adopters more likely to have implemented AES
39© 2018 Nemertes Research DN6744
Behavioral Threat Analytics
26.8%
23.2%
28.6%
14.3%
0.0%
7.1%
17.5%
5.8%
7.8%
23.3%
3.9%
41.7%
Havenow
Planningfor2017
Planningfor2018
Evalua ng
Notplanning(assessedandrejected)
Notplanning
BTAAdop on
ZeroTrustNon-Adopters
ZeroTrustAdopters
Adopters more likely to have implemented BTA
40© 2018 Nemertes Research DN6744
Behavioral Threat Analytics
26.8%
23.2%
28.6%
14.3%
0.0%
7.1%
17.5%
5.8%
7.8%
23.3%
3.9%
41.7%
Havenow
Planningfor2017
Planningfor2018
Evalua ng
Notplanning(assessedandrejected)
Notplanning
BTAAdop on
ZeroTrustNon-Adopters
ZeroTrustAdopters
41© 2018 Nemertes Research DN6744
Cloud: Data Loss Prevention
42© 2018 Nemertes Research DN6744
Cloud: Data Loss Prevention
Adopters more likely to have implemented DLP for cloud
43© 2018 Nemertes Research DN6744
Cloud: Cloud Access Security Brokers
44© 2018 Nemertes Research DN6744
Cloud: Cloud Access Security Brokers
Adopters more likely to have implemented CASB
45© 2018 Nemertes Research DN6744
Putting It All Togther
• Review your data management efforts in light of emerging paradigm shiftso Cloud
o Zero trust security
• Invest in data-centric security analytics toolso BTA
o CASB
o Cloud DLP
• Seek assistance where appropriate
© 2018 Nemertes Research DN6744 46
Additional Resources
Nemertes Strategic Support Program: Technology Users
• Assistance developing policy, business cases, strategy, architecture, roadmap, vendor strategic selection
• Data-based guidance on staffing, spending, budgeting, governance, operations• Success metrics for comparable organizations
o Maturity modelso Operational and success benchmarking
• Interactive tools and modelso Cost models o Capacity plannerso Vendor selection weighted scorecards
Ongoing support, telephone advisory service, written inquiries and access to all research
© 2018 Nemertes Research DN6744 47
49
© 2018 NTT DATA, Inc. All rights reserved.
The Data-Driven Enterprise: The Key to Succeeding with AI, IoT
and Disruptive Technologies
Michael GoodmanSenior Director, Data & Analytics, and Technology Advisory Practice Lead, NTT DATA Services
© 2018 NTT DATA, Inc. All rights reserved. 51
Customer Service, Ease of Use, Personalization, and Cost Efficiency are the most commonly used words to describe what the market is asking of Financial Services companies now – all packaged in innovative delivery and formats for consumption.
Moving Toward Advanced Customer Experience (CX) and Cost Efficiency
Cognitive AI
Analytics is no longer enough –
insight must be derived and
leveraged through NLP-based
interactions with Virtual Agents,
Machine Learning, Predictive
Algorithms, and chatbots
Personalization
Customers of all types think about
interactions they way they think about
making purchases on Amazon and
selecting content on Netflix
Channel of Choice
The way in which consumers interact
with their money has changed and with
it has come a desire for convenience
and minimal unnecessary interactions
Ease of Use
Customers want their
business to be transactional
(not conversational) and
quick
Free Service
Many services that used to be
profitable fee-based business can
be had at minimal-to-no-cost
somewhere else
APIs
Integration is no longer a term being
used - Open APIs, Exposed APIs,
Partner Ecosystems – these are how
you create new business channels
and products so that you can find
new monetization opportunities
© 2018 NTT DATA, Inc. All rights reserved. 52
CX: Critical Driver for Banks to Gain Market Share
for ONE point
improvement in
CX score.Source: Clarabridge
$59MIMPACT
61%customers who demand that
digital CX improveSource: NTT DATA Services
56%
RISK REWARDS
of “Explorers” would leave
FSI for a better digital CX Source: NTT DATA Services
higher growth for
banks in the top
100 ranking for
CX excellenceSource: Clarabridge
163%86%
of financial services
orgs say they don’t
have the data and
systems to take
digital CX to the next
levelSource: NTT DATA Services
49%
of banks believe that digital
CX will be a differentiator Source: NTT DATA Services
© 2018 NTT DATA, Inc. All rights reserved. 53
AI and machine learning are critical to success of data-driven digital business models. Consider the various domains that benefit from AI.
Leveraging AI Across the Enterprise
BI / AnalyticsAutomation
Customer Engagement
Internet of
Things
Natural Language
Processing
Prediction
Visualization
Digital Marketing
Robotic Process
Automation
Autonomics
UI / UX
Artificial Intelligence
Machine Learning Virtual Agents
“[AI] systems don’t
just require more
information than
humans to
understand concepts
or recognize features,
they require hundreds
of thousands times
more.”Neil Lawrence,
Professor of machine learning
at the University of Sheffield
and part of Amazon’s AI team
© 2018 NTT DATA, Inc. All rights reserved. 54
Bad data is circulating through businesses at a rapid rate. New technologies are increasing the need to be sure your business is spending less time fixing data and more time gaining business insights from good data.
The Cost of Bad Data
1 IBM estimate published in “Extracting business value from the 4 V's of big data” 20162 http://soa.sys-con.com/node/19751263 https://www.edq.com/globalassets/white-papers/2017-global-data-management-benchmark-report.pdf
Cost to US businesses due to poor
quality customer data
% of global companies that trust
their data to make important
business decisions
Poor data quality translates into lost productivity, creates competitive disadvantages,
regulatory scrutiny, and ultimately, customer relationship and financial loss.
Business cost of bad data for an
organization’s revenue
$3.1Trillion1
10-25%of revenue2
56%don’t trust
their data3
“It is rare to see a discussion of a business objective that
does not include data issues as a barrier to success.”
© 2018 NTT DATA, Inc. All rights reserved. 55
Problems range from sourcing and obtaining data and data quality to managing real-time interaction data and integration of data across products and channels.
What’s Behind the Data Problem?
Privacy is a major
challenge
70%
Security is a major challenge
64%
Have a data talent shortage
59%
Do not have a solid data
strategy that supports Digital CX
49%
67%Have limited or no trust in data
and analytics
48%
Struggle to manage the volume
of data for Digital CX
46%
@NTTDATAServices
Q62: Do you have a data talent shortage that is limited your ability to succeed in digital CX
Q64: How would you answer the following statements as it pertains to your data strategy and initiatives for digital CX?
© 2018 NTT DATA, Inc. All rights reserved. 56
Companies that successfully manage data as an asset gain competitive advantage.
The Data-Driven Enterprise
70% of executives surveyed say data and analytics have caused at least moderate changes in the competitive landscape
McKinsey survey, “Data monetization is becoming a differentiator,” December 2017
>50% have begun monetizing data, say respondents in basic materials and energy, financial services, and high tech
High performing companies are three times more likely than others to say their data monetization efforts contribute more than
20% to company revenues
© 2018 NTT DATA, Inc. All rights reserved. 57
Data-Driven Enterprises seek to maximize insight through optimized analytics, treat data as an asset and recognize the importance of a basic data management capability.
The Data-Driven Enterprise
Data as an asset
Data Management
Maturity
Optimized Analytics
Establish an analytics
ecosystem that is able to
adapt to the rapidly changing
world of data and analytics.
Recognize the costs and risks
posed by their data and manage
that data for maximum return.
Lay the foundation supporting
the pursuit of insight and the
monetization of data.
© 2018 NTT DATA, Inc. All rights reserved. 58
Three Roads to the Data-Driven Enterprise
Data-Driven
Enterprise
Optimized
Analytics
Data as an
Asset
Data
Management
Maturity
Drive Quality Derive
Insight
Manage as a
Service Monetize
Strategy Governance Architecture Platform Operations
Organized
Analytics
Governed
Analytics
Analytics
Services
Information
Marketplace
© 2018 NTT DATA, Inc. All rights reserved. 59
An analytics ecosystem where models are judged by the insight and value they provide. Methods, inputs and outputs are continually evaluated and adjusted to maximize value.
Defining Advance Analytics
Output
s
Inp
uts
Isolated Integrate
d
Prescriptive
© 2018 NTT DATA, Inc. All rights reserved. 60
To get the full report, visit: www.nttdataservices.com/DigitalCXin2020
Download the White Paper
© 2018 NTT DATA, Inc. All rights reserved. 61
About NTT DATA Services
Top 10 IT services provider, helping clients
integrate business strategy and technology to
accelerate business growth in a digital world.
Who we serve
leading financial services and
insurance firms around the
globe including:
>50
15 of the 20 largest U.S. banks
2 of the top 5 global investment banks
50,000 professionals
#9 on Consulting Magazine’s “Best Firms to Work For” List
NTT DATA Services
NTT DATA Services Portfolio:
Organized around your industry and priorities
275,000 professionals | $105B
$2B investment in R&D
#15 World’s Most Valuable
Brands
Acquired Dell Services
2016
Deal of the Year
Acquired Carlisle & Gallagher
2015
Consulting
Digital and Application Services
Infrastructure, Cloud and Security Services
BPO Services
Customer Experience
IT OptimizationInternet of Things
(IoT)
Intelligent Automation
Cybersecurity
Data &
IntelligenceFocus
Areas
Banking and Financial
Services
Capital Markets, Wealth
and Asset Mgmt.
Insurance
© 2018 NTT DATA, Inc. All rights reserved.
63
The Global Shift in Data
Analytics in Bridging the
Knowledge Gap
Pinar Celen
Pre-Sales Manager, Northeast Region
65
Data Acquisition
Data Preparation
Data Selection
Model Selection
Result Generation
Result Presentation
Action Steps
Data Model Creation
Business AnalystIT Business User
Results Interpretation
The old way
66
Data Model Creation
Governance & Oversight
Data Selection
Basic Parameterization
Result Generation
Result Presentation
Action Steps
Data Acquisition
Data Preparation
Advanced Parameterization
Automated Model Selection
Roles are changing
Business AnalystIT Business User
67
Data Lake Explorer
68
Data Lake Explorer
• Helps guide the user to build a
Qlik app on the fly using data
stored anywhere in Cloudera
• Enables the user to visually shop
through the data lake for info they
want to analyze in Qlik.
• Consumes metadata from
Cloudera Navigator, Cloudera
Manager, and Impala to help the
user access data stored in
Cloudera
69
AML
70
AML
Thank You
72
Operational Risk Prediction in IT Systems
Mark Chamness, Director – Data Science
74
AGENDA
1. Common modes of failure
2. Standard forecasting methods
3. Reframe question as failure probability
4. Financial models of risk
75
PROBLEM STATEMENT
Hardware Failures
• Network
• Memory
• Disk/SSD
• Power/Cooling
Software Failures
• Bugs
• Deadlocks
• Memory Leaks
• Full capacity
76
STANDARD ANALYSIS: CAPACITY FORECAST MODEL
77
REFRAME QUESTION: PROBABILITIES
78
INSPIRATION FROM FINANCIAL MODELS
79
MODEL COMPARISON
80
MODEL COMPARISON
81
SOLUTION: BROWNIAN MOTION WITH DRIFT
𝑃 𝑀 𝑡 ≥ 𝑦 = 𝑒2𝑦𝜇/𝜎2 ഥΦ
𝜇𝑡 + 𝑦
𝜎 𝑡+ ഥΦ
𝑦 − 𝜇𝑡
𝜎 𝑡
R Code:
exp(2*y*mu/s)*(1-pnorm((mu*t+y)/sqrt(s*t)))+(1-pnorm((y-
mu*t)/sqrt(s*t)))
82
PRIORITIZE RISKS ACROSS SYSTEMS
SYSTEMPROBABILITY FULL CAPACITY
(90 DAYS)
drt-ds-dev-data01-i2.corp.nutanix.com 93%
drt-ba-tableau01-3.corp.nutanix.com 27%
drt-ds-dev-data01-i3.corp.nutanix.com 23%
drt-ba-tableau-dev01-i4.corp.nutanix.com 7%
drt-ds-prod-data01-c4.corp.nutanix.com 5%
83
KEY POINTS
1. Reframe question – focus on core issue of risk
2. Financial model predicts risk of 100% capacity
3. Generalizable: capacity, memory, network capacities
4. Prioritize and focus on most critical issues
Thank You