StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business perspective Security & storage must be managed end-to-end Answering the “who, what, where, when & how” of information systems ensures compliance and improves operational efficiency
2007 Security Business Drivers Complexity, Compliance, Cost –Solutions need to balance IT Risk, Cost & Performance –Security needs to fit business needs The rise of the “Malicious Insider” Physical & Digital Convergence Targeted application threats – AJAX, VOIP Poisoned Websites Zero-Day Exploits
StorTech’s Security Engagement Survey –Check internal policies against compliance best practice –Assess vulnerabilities and threats across the entire network –Provide a vulnerability assessment report –Recommend remedial priorities –Produce remedial plan Solve –Comprehensive, multi-vendor solutions –Standalone or integrated offerings –Market-leading technologies Support –Full maintenance options –Ongoing vulnerability & compliance assessments Solve Support Survey
Compliance Regulations, like the World Cup, are coming here Standards/regulations are good –Increase business benefit –Decrease risk –Open up business opportunities –Ready for the future Why reinvent the wheel? PCI
Requirements Regulatory Data Protection Data Retention/Corp Gov National Security Legal Framework IPR Protection Who? What? Where? When? How? But, All Regulations are the Same.. Real World Events Identity Theft Financial Scandals Terrorist Threats Electronic Commerce SA Constitution
Information “At Rest” Information “On the Move” It All Starts With Identity…… Who? What? Corporate Governance Where? When? How? When? How? Where? What?
Who? – Strong Identity Management Centralised User Management Reduced or Single Sign-On Multi-Function Devices A single management console for all users. Centralised access management to applications, devices and locations. Full audit trail for compliance. Easy addition and removal of users. Centralised user control for all access. Identity Management system deals with password resets. Single authentication method can unlock all user access. Additional services can be added. Increases the business value of Strong Authentication.
What? - Perimeter Security Anti-VirusAnti-Spam Encryption Secure BackUp & Disaster Recovery Reduced Infection = Reduced Downtime Customer Protection Ensured 60% Reduction of Messaging Traffic Reduced Storage Overhead Faster Messaging = Increased Business Efficiency Secrecy & Non-Repudiation = More Electronic Use for Paper- Based Transactions Secure Electronic Transactions = Better Customer Experience Increased Availability = Reduced Downtime Ensured Compliance = Good Business Practice
Where? - End-Point Compliance Appliance Identification Centralised Management Policy Adherance Securely identifying the user is pointless if the remote device is insecure. Centrally managing end-points enables your business to allow more services remotely. More remote services increases overall efficiency. Increased efficiency gives a better customer experience. Users have different levels of access according to the device they are logging on from. Policy-based access according to business rules. Dictates the level of security for full remote access.
Where? – Mobile Security Smartphones & PDA’s Centralised Management Policy Adherance Phones, PDA’s and other devices are increasingly powerful and being used as business tools. They represent similar risks to businesses as traditional laptops and PC’s. They need to be protected in the same way. Mobile Security is managed centrally. This is both from a device management perspective as well as the deployment of client software. The system treats phones and remote devices in the same way as any remote computer. Users have different levels of access according to the device they are logging on from and the risk associated with that device.
When? - Time-Based Info Management Digital Verification Data Retention & Control Corporate Governance Digital signatures ensure that electronic transactions are secret, secure and tamper-proof. Ensuring secure electronic transactions means trusted electronic business. Defining the correct business policies means IP can be retained, leveraged and managed efficiently. Controlled destruction of expired data limits exponential storage growth. Defining good internal business policies limits an organisation’s exposure to expensive litigation. Clearly defining employee roles based on compliance ensures greater operational efficiency.
Secure Information Blueprint Symantec NetBackup/Backup Exec Symantec Cluster Server StorageTek Disk & Tape Internet Microsoft Exchange Messaging Security (Groupware) Storage Management Recovery and Availability Information Archiving Messaging Security (SMTP) Symantec Storage Foundation Symantec CommandCentral Sun GSM Symantec Enterprise VaultSymantec Mail Security/ Symantec IM Manager Symantec Mail Security Software/Appliances/Hosted IBM Notes/Domino SMTP Traffic MTA Identity Management RSA SecurID & Auth. Manager Symantec Sygate Sun IDM
Managed Security Services In Partnership with Symantec –1 st & 2 nd line support by StorTech locally, 3 rd line by Symantec Global SOC’s Managed Perimeter Security –AV, Anti-Spam, IDS, IPS Managed Identity –Strong authentication, IDM Secure Incident & Event Management –Management of user log files to detect & manage additional security threats –Reduction of false/positives –Greater efficiency for patch management –Tiered relevance for alerts according to the specific organisation