Safeguarding the Enterprise. A new approach

Safeguarding the EnterpriseSafeguarding the Enterprisea new approach

Sanjay Sahay,

IG, Karnataka

Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach

Why?

Physical Security

Safeguarding of Data


Structure of the Presentation• Definition of a Safeguarded Enterprise

• New approach – Gartner White Paper

• Goals

• Security risks and key success factors• Security risks and key success factors

• Security Architecture

• Data Center, Connectivity and Application

• Application Data Security Lifecycle

• Security Information and Event Management

• Single Sign On

• The future – Cloud Computing

• Conclusion


What is a Safeguarded Enterprise?

Safeguarded Enterprise is the sum total of a clear-cut

perception, appropriate/integrated planning,perception, appropriate/integrated planning,

documentation, meticulous execution and

dynamic/robust maintenance of enterprise security

policy at awareness, attitudinal, physical, systems,

processes, application and data dimensions throughout

the enterprise creating a near fails safe enterprise.

Sanjay Sahay

Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSecurity as a SILOSecurity as a SILOSecurity as a SILOSecurity as a SILO

• Architecture• Architecture

Business Information

• Security• Architecture

Technology


Gartner White Paper 2006

Incorporating Security into the

Enterprise Architecture

Process

S E S E S E S E a new approacha new approacha new approacha new approachEnterprise Information Security ArchitectureEnterprise Information Security ArchitectureEnterprise Information Security ArchitectureEnterprise Information Security Architecture


Business Information


SecurityTechnology

SE9/11 a watershed in modern history

Whatever Come May…Whatever Come May…

Physical Security will Always Count!

Land, Air Or Water


Goals

� Provide structure, coherence and cohesiveness

• Must enable business-to-security alignment• Must enable business-to-security alignment

• Defined top-down beginning with business strategy

• Establish a common "language" for information for

information security within the organisation

SE SE SE SE a new approacha new approacha new approacha new approach

Top 10 Enterprise Security RisksTop 10 Enterprise Security RisksTop 10 Enterprise Security RisksTop 10 Enterprise Security Risks

� Email Attachments

� VPN Tunnel Vulnerabilities

� Blended Attacks

� Diversionary Tactics� Diversionary Tactics

� Download from Websites

� Supply Chain and Partners Added to the Network

� Microsoft’s SOAP

� Renaming Documents

� Peer – to - Peer Applications

� Music and Video Browsers


Key Success Factors of SecurityKey Success Factors of SecurityKey Success Factors of SecurityKey Success Factors of Security

a

Security Awareness

Application Network Security

Operating System Security

Patch and AV management

Application Security

SIEM

SE SE SE SE a new approacha new approacha new approacha new approachSecurity ArchitectureSecurity ArchitectureSecurity ArchitectureSecurity Architecture

People

Processes

Technology

SE SE SE SE a new approacha new approacha new approacha new approachSecurity ArchitectureSecurity ArchitectureSecurity ArchitectureSecurity Architecture

People Processes Technology User Awareness Policies IPSGuidance Standards Firewall Guidance Standards Firewall Administration Guidelines AVMonitor Audit DLP

SIEM


Defense in DepthDefense in DepthDefense in DepthDefense in Depth

� “Defense in Depth” which is a concept used to

describe layers of defense strategies

� The components at each layer work in tandem to� The components at each layer work in tandem to

provide in tandem to provide one cohesive security

mechanism

� This layered approach will also help localize the

impact if one element of the mechanism is

compromised


Data Center, Connectivity and

Application are at the core of

Enterprise Security


Data Center

� The main purpose of a data center is

running the applications that handle the core

business and operational data of the

organization

� Secure Application Usage is the Key


KSP Data Center KSP Data Center KSP Data Center KSP Data Center


Secure Connectivity is the Backbone

S E S E S E S E a new approacha new approacha new approacha new approach

KSP ConnectivityKSP ConnectivityKSP ConnectivityKSP Connectivity


Application/s is at the heart of the

enterprise

SESESESE a new approacha new approacha new approacha new approachThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security Lifecycle

Assess Set Policies/Controls

Measure Monitor / Enforce

The Application Data Security

Life Cycle


Assess

� Discover Servers and Data

� Test Configuration

� Evaluate Inherent Risks

� Assess how and by who data and applications are used

Set Policies and Controls

� Set policies automatically

� Adapt to user changes

� Support granular polices and controls


Monitor and Enforce

� Ensure separation of duties

� Enforce user accountability

� Capture full details� Capture full details

� Alert and block in real time

Measure

� Built in & custom reports

� Roll-up and drill down of data

� Security event analysis

� Compliance workflow

SE SE SE SE a new approacha new approacha new approacha new approachSecurity Information & Event ManagementSecurity Information & Event ManagementSecurity Information & Event ManagementSecurity Information & Event Management

Asset Discovery

Threat Detection

Vulnerability Assessment

SI Vulnerability Assessment

Event Collection

Correlation

Event Management

Log Storage

IEM


SIEMSIEMSIEMSIEM

SIEM is a Intelligence platform helps safeguard the

business by giving you complete visibility into activity

across the IT Infrastructure

SIEM Capabilities

� Data Aggression� Data Aggression

� Correlation

� Alerting

� Dashboards

� Compliance

� Retention


Single Sign OnSingle Sign OnSingle Sign OnSingle Sign On

�Single Sign On, SSO, is a property of access control of multiple related, but independent software systems.software systems.

�Conversely, Single Sign Off, is the property whereby the single action of signing out terminates access to multiple software systems


Single Sign OnSingle Sign OnSingle Sign OnSingle Sign On

�More secure

�Reduces password fatigue

�Reduces time spend for re -entering passwords�Reduces time spend for re -entering passwords

�Reducing IT costs- Help desk calls about passwords

�Security on all levels of entry/exit/access to syst ems

�Centralized reporting for compliance adherence


Cloud Computing & SecurityCloud Computing & SecurityCloud Computing & SecurityCloud Computing & Security

There are a number of security issues/concerns asso ciated with cloud computing but these issues fall into two broad cate gories:

�Security issues faced by cloud providers (organizati ons providing software-platform or infrastructure -as-a-service via the cloud) and security issues faced platform or infrastructure -as-a-service via the cloud) and security issues faced by their customers

�The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected

�The customer must ensure that the provider has take n the proper security measures to protect their information.



VirtualizationVirtualizationVirtualizationVirtualization

�The extensive use of virtualization in implementing cloud infrastructure brings unique security concern s for customers or tenants of a public cloud servicefor customers or tenants of a public cloud service

�Virtualization alters the relationship between the O S and underlying hardware - be it computing, storage o r even networking



VirtualizationVirtualizationVirtualizationVirtualization

•This introduces an additional layer - virtualization - that itself must be properly configured, managed and securedsecured

•Specific concerns include the potential to compromi se the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist

SE SE SE SE a new approach a new approach a new approach a new approach

ConclusionConclusionConclusionConclusion

Complexity is our life and making it simple our goal.

Technology gains the highest end with simplistic products

and services. The complexity of IT security gets confounded

with innumerable applications, the processing power, the with innumerable applications, the processing power, the

world wide web interface, cross enterprise collaboration and

the like. Cloud computing, though in its nascent stage has

thrown a major challenge to IT security, the success of

which would be epochal and the IT services would take a

well deserving leap forward.