Upload
accountor-russia-and-ukraine
View
723
Download
0
Tags:
Embed Size (px)
Citation preview
Change in personal dataprotection law
Issues of the compliance withpersonal data law demands in Russia
©Tieto Corporation2
Current law allows storage and processing inEU and other countries. Dated July 2006New law requires personal data databases tobe located in Russia
Various interpretations:• Totally restricts foreign storageor• Still allows foreign storage if there is a
copy in Russiaand/or• Foreign processing is still allowed when
database is in Russia
o New law signed on 21st of July 2014 andwill come into effect on 1st of September2016
o Proclaimed purpose is to protect Russiandata after Snowden disclosures
o No common understanding yet in legaland IT society how to apply it in practice
o Still it raises Nordic companies concernabout foreign datacentre and cloudservices.
o Companies are evaluating migration toRussia
o On 1st of September 2015 new updatewas submitted to the Parliament
SummaryRussian personal data protection law has been updated
©Tieto Corporation3
Legal scenarios
• *Data like name and contacts. Not including finance, health etc.
Scenarios:1. Soft. New law updates to allow basic* personal
data to be stored abroad according currentrequirements.
2. Strict. New law updates to specify all personaldata to be stored and processed exclusively inRussia.
3. Unclear. No updates when law comes intoeffect.
©Tieto Corporation4
On 24 June 2014, the draft amendment to the Russian Federal Law On Personal Data and On Information,Information Technologies and Protection of Information have been introduced to the Russian Parliament. Theamendments were promptly signed off by the upper chamber of the Parliament – the Federation Council on 9July 2014. This draft law became law (the "Law") on 21 of July when it was signed by the President and comesinto effect on 1 September 2015.“A data operator when collecting personal data of the Russian citizens including, among others, on theInternet, must ensure that the personal data is recorded, systemized, accumulated, stored, updated andgathered by using the data bases which are situated in Russia.”• Personal data = eg. Name. Apparently, there are no exceptions for different types of Personal Data are made.• At this moment there are no Instructions or guidelines issued by any Government agency as to how the law shall be implemented.• Our customers are responsible for complying with personal data law (If they hire us for outsourcing services -> data handling
instructions -> act according to their instructions)• This affects all Tieto services, if personal data of Russian citizens is stored outside Russia.
Details on the law
Publications in media:• http://www.twobirds.com/en/news/articles/2014/global/amended-federal-law-on-personal-data-russia
• http://webforms.hannessnellman.com/SnapshotFiles/c00d649a-0118-40e9-9176-b464fd5394fa/Subscriber.snapshot?clid=98450347-0b08-4de3-998e-f384bdda127c&cid=7ae18867-1a46-401e-8124-a10a33f773c9&ce=a61Y475E62FTB8NLHK71uuZhxVzHw5om
©Tieto Corporation5
Tieto solution
©Tieto Corporation6
• To locate Russian personal data in Tieto datacenterin Moscow
• It’s operated by Tieto from EU with the necessarysupport from Tieto personnel in Russia
Tieto solution
©Tieto Corporation7
Border
Russianlocation
Data collection of PD
Data Base with PD
Prohibited Allowed
Foreignlocation
Scheme of Personal Data (PD) processing
Dataprocessing
Use, transfer (distribution,provision of access),depersonalization, blocking,deletion, destruction ofPersonal Data
Dataprocessing
Dataprocessing
Data Base with PDData Base with PD
Data collection of PDData Base with PD
Prohibited Data collectionof PD
Data Base with PD
©Tieto Corporation8
TietoCloud HUBs with “Capacity on Demand” services
Tieto Cloud HUBs ofData Centers- Moscow- Helsinki- Stockholm
©Tieto Corporation9
Moscow Data CentreMoscow DC located south ofMoscow, in a biggest DC complexand government scientific centre ofcomputing hardware.
It is also place with exeptionalsecurity, fire protection,independent power supply sourcesand massive Internet /data channelscommunication hub, offering Tier 3compliance.
©Tieto Corporation10
International Certificates
10
The certificate coversall the activities ofTieto Russia,including MoscowData center,technology supportstaff, offices.
©Tieto Corporation11
Our Solution - Capacity service at Tieto?• Tieto’s Capacity Services are built on top of the server and
network operations.• The services run on the shared, standardised
infrastructure consisting of shared IT hardware, sharedsystem software, shared applications, sharedmanagement systems, and shared operations staff.
• Capacity Services involve a variety of managed services,hardware, and software as a predefined package.
• Tieto takes care of customers’ needs and provides theright amount of capacity according to capacity planningperformed with the customer.
• Tieto has been successfully offering capacity servicessince 2006. Today, thousands of systems use CapacityServices.
©Tieto Corporation12
Our solutionLowerTCO
Demandmanage-
ment
Risksharing
Agilityand
adaptability
• No capital investments• Better control over capacity costs,
more dynamic adaptation with theneeds.
• Reduced total cost of ownership(TCO)
• Shared capacity platforms, tools,resources etc. Agility to adaptchanges
Reserved physical capacity
Reserved virtual capacity
C = stepwise
C =capacity
T = timeti
C =capacity
T = timeti
C= citi,stepwise
configurable
©20
09Ti
eto
Cor
pora
tion
Connectivity andinformationsecurity services
Roman Sulitsky
Sales ExecutiveTieto, Managed [email protected]
© 2009 Tieto Corporation
Tieto ICT Infrastructure services
14
ServiceCentre
Consolidation&
Optimisation
Infrastructure Services
Business ApplicationServices
DigitalisedBusinessServices
DigitalWorkplace
Management
ApplicationOperations
ServerOperations
Messaging &collaboration Capacity
ServicesConnectivity
&Information
Security
© 2009 Tieto Corporation
Contents
15
1
2
3
4
Value proposition
Benefits
Business environment
Informationsecurity services
© 2009 Tieto Corporation
Contents
16
2
1
3
4
Business environment
Value proposition
Benefits
Informationsecurity services
© 2009 Tieto Corporation
Tieto Information Security definition
17
Information security services ensure businessinformation, applications and resourcesconfidentiality, integrity and availability by:
• Protecting the information against unauthorisedand/or unintentional disclosure, use andmodifications.
• Assuring the information accuracy, completenessand reliability
• Ensuring timely access to business information forauthorised users.
© 2009 Tieto Corporation
Information security - challenges
18
• The existing scattergun approach to IT security thatinvolves organisations deploying a range of point-based protection solutions is not good enough.
• Security architectures must be driven by businessneeds and sensitivity of the information, analysis ofthe risk and threats involved, and regulatorycompliancy requirements – rather than by adding onextra protection layers each time new threats pop up.
• Holistic information security management maximisesthe functional value of the existing securityinvestments, and extend the value by adding inintegrated management and operations services.
© 2009 Tieto Corporation
Drivers for Information security
19
• Information security is about managing threats andrisks related to enterprise Business applicationsand business data.
• The role of internet is growing, linking customers,suppliers and partners to value creating networks
• The ICT infrastructures are ever more complex,decentralised and consist of increasing number ofsoftware components opening new vulnerabilitiesand potential security holes.
• The more digitalised business processes, the morecentral and important is the role of informationsecurity
• => Leading to increased risks of business dataloss and information theft, intrusions, virus attack,information tampering, fraud etc.
Information risks
Operational liability risks
Interruption risks
Environmental risks
Storage & transport risks
Product liability risks
Intellectual property risks
Personnel risks
Business risks
Information risks
© 2009 Tieto Corporation
Information security market requirements
20
• Information security will increasingly become part of thecore ICT infrastructure. *
• Information security services have more holistic andbusiness centric approach
• Sourcing information security services from Managedsecurity services providers (MSSP) will become morepopular. *
• The complexity of information security operations willincrease due to new technologies, tools andcompetences required.
• Security-specific SLAs will be introduced.
• eLearning and other methods to increase the employeesgeneral skills and awareness concerning informationsecurity has become a key focus
• Security operations requires full global 24 / 7 / 365services.
© 2009 Tieto Corporation
Service value
Approach
Strategy
Economics
Objective
Recognise threatsManage vulnerabilities and risks
Holistic approach
Managed information security services
Business based security policySecurity management
Security operations
Improved operational continuityReduced risk of downtime
Ensure business dataconfidentiality, integrity
and availability
Information security services guidingprinciples
21
© 2009 Tieto Corporation
Contents
22
2
3
4
1
Value proposition
Informationsecurity services
Benefits
Business environment
© 2009 Tieto Corporation
Tieto value proposition
23
Recognisethreats
Managevulnerabilities
Holisticapproach
© 2009 Tieto Corporation
Recognise threats- and manage them as risks
24
• Recognise information security threats embedded inenterprise business operations and transform them tomanageable risks.
• Implement security policies to have a mechanism tocommunicate potential information security threatsand provide rules and instructions how those threatscan be avoided or mitigated
• Prioritise potential threats and direct the protectionactions against most likely threats (cost- benefit).
• Keep the recognised threats and vulnerabilitiesinventory up-to-date and provide early warningservices to increase proactively the informationsecurity services responsiveness
Managevulnerabilitie
s
Holisticapproach
Recognisethreats
© 2009 Tieto Corporation
Manage vulnerabilities & related risks -ensure business continuity
25
• Threats vary widely how they perpetrate damage,taking advantage of the complexity and heterogeneityof modern IT infrastructures (vulnerabilities).
• Most IT infrastructure elements that outwardly maylook identical can actually be different due to releaseversions installed and patches applied
• Vulnerabilities are often devised to take advantage ofvulnerabilities within particular code sets, such asparticular product versions, or even combination ofinter-operational products
• Tieto Information security services manage theserisks (vulnerabilities) proactively from the businesscontinuity point of view using worldwide informationnetwork and security technology supplier sources
Managevulnerabilitie
s
Holisticapproach
Recognisethreats
© 2009 Tieto Corporation
Use holistic approach– Wide range of Expertise and solutions
26
• Tieto provides wide range of expertise, longexperience and tested solutions in Informationsecurity area.
• Tieto has a MSSP (managed security servicesprovider) type of approach, covering from strategiclevel security policies consultancy to operations andtechnology solutions
• Information security management consultancyservices to recognise threats and vulnerabilities,establish information security policies, consult ininformation security technology and solutions and addproactive audit and early warning services
• Information security services to operate on 24 / 7basis the information security platform and handlerelated alerts, incidents and service requests.
Managevulnerabilitie
s
Holisticapproach
Recognisethreats
© 2009 Tieto Corporation
Contents
27
2
3
4
1
Value proposition
Informationsecurity services
Benefits
Business environment
© 2009 Tieto Corporation
Tieto Information Security Services Offering
28
Security Operations
Security Management
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
SecurityAudits
SecurityEarly
WarningsSecurity
ConsultancySecurity
Policy
© 2009 Tieto Corporation
• Information security policy helps you to put yoursecurity strategy into practice.
• Security policy is a result of clear, well-definedsecurity rules, which has been put togetherfrom the business point of view.
• Security policy gives the overall guidelines tothe organisation concerning informationsecurity topics.
• Global Network Security Management Policy
• Firewall Management Policy
• Data Access Authorisation and Protection Policy
• Virtual Private Networks Policy
• Mobile Computing Policy
• Voice Systems Security Policy
• IDS and Monitoring Policy
• Operating System Security Policy
• Web / E-mailContent Filtering Policy
• Directory Services Policy
• HW Sanitisation and Disposal Policy
• Network Security Documents Release Policy
• Third Party Connectivity Policy
• Vulnerability Assessment Policy
• Modem Usage Policy
• Wireless Policy
• Distributed Application Assessment Policy
• Security Patch Policy
• Authentication & Public Key Infrastructure Policy
• Remote Access Security Policy
• eMail and Instant Messaging Policy
• Server Registration & Decommissioning Policy
• User Administration Policy
• Password Policy
Information Security Policy
29
Security Management
SecurityAudits
SecurityEarly
Warnings
SecurityConsultancySecurity
Policy
© 2009 Tieto Corporation
• Information security consultancyprotects your business data andsystems effectively and consultsyour business management ininformation security strategy,architecture and security services.
Information Security Consultancy
30
Security Management
SecurityAudits
SecurityEarly
WarningsSecurity
PolicySecurity
Consultancy
Businessstrategy
Policies
Continuity
RiskFramework
LegalFramework
Processes
Technology
People & Skills
Identification
Forensics
Administration
Directories
Authentication
Authorisation
Access Controls
Audits
Risk Policy Vulnerability Audit
Secu
rity
Stra
tegy
Information Security Organisation
Secu
rity
Arch
itect
ure
Secu
rity
Serv
ices
Trus
ted
Bus
ines
sO
pera
tions
© 2009 Tieto Corporation
• The objective of security audits are to proactivelydiscover the ICT infrastructure vulnerabilities.
• An audit is a fast and thorough analysis of theorganisation’s ICT infrastructure security level.
• The result is a compact and clear report, whichprioritises the development areas, according totheir potential business impact.
• The service is provisioned as one-off audit ofcertain information security area or as on-goingautomated service e.g network client audits, policycompliancy audits
Information Security Audits
31
Security Management
SecurityEarly
WarningsSecurity
PolicySecurity
ConsultancySecurityAudits
© 2009 Tieto Corporation
• Ensures that Customer’s information securityorganisation are constantly aware of currentinternal vulnerabilities and general externalthreat level
• Early Warning service is based oninternational CVE system (CommonVulnerabilities and Exposures) andinformation sharing between securitytechnology suppliers.
• The service delivers notification ofvulnerabilities and examines which of thesewill affect the customer’s ICT infrastructure.
• Based on early warning notifications theCustomer can proactively plan countermeasures
• Early warning information is also used to setenterprise security alert level codes, to makethe enterprise more prepared to tacklespecified threats
Information Security Early Warnings
32
Security Management
SecurityPolicy
SecurityConsultancy
SecurityAudits
SecurityEarly
Warnings
© 2009 Tieto Corporation
Digitalised business Services
Information Security Operations
33
Business Application Services
Infrastructure Services
•Incident / Problem Management
•Service Request Management
•Business Impact Management
•User satisfaction & feedback
•Communication & Information Distribution
•elearning
•Identity management
•Customer Site Services
Service requests,Incident orproblem tickets
SystemsMonitoring
Routing toPartner
Security Operations
Self-Services
PhoneEmailWeb
AutomatedServices
Single pointof contact
ServiceDesk
24/7Control
Desk
Customer
© 2009 Tieto Corporation
• Centralised Security Desk to operateenterprise information security servicesand Service Desk to support users andhandle service requests
• 24 / 7 System monitoring, alerts andincident handling.
• Centralised security software updatedistributions e.g virus protection fingerprint updates
• Centralised automated software securitypatch distributions
• Centralised place to activate securitycounter measures, isolate problems tominimise damages and initiatemanagement escalations in case ofcatastrophe
Security Desk part of Tieto Service Centre
34
© 2009 Tieto Corporation
Identity Management
35
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Useraccount
management
Usercertificate
management
Metadirectory
managementSingle-sign-on
© 2009 Tieto Corporation
• Allows role-based and centralisedprovisioning and administration of useraccounts.
• Controls access rights for differentbusiness application, services and networkresources for example servers,applications, document repository, fileservices, remote access systems, andmainframes etc.
• Automated provisioning of accounts, sothat user can request new standardaccount and access rights as a self-servicevia the Customer Portal.
• When an employee leaves the company allaccount and access rights can be turnedinactive immediately and centrally deletedafter the quarantine period.
User account management
36
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Usercertificate
management
Metadirectory
management
Single-sign-on
Useraccount
management
© 2009 Tieto Corporation
• Centralised management of digital usercertificates stored on cryptographic smartcards or USB tokens.
• The service includes generation,certification, storage, archive, recoveryand revocation of keys
• User certificates are used to controlaccess to resources, platforms,applications, and databases. A user isauthenticated through a certificate storedon a cryptographic card or USB token.
• User certificate related service requestscan be dealt using self-services onCustomer portal.
User certificate management
37
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Useraccount
management
Metadirectory
management
Single-sign-on
Usercertificate
management
© 2009 Tieto Corporation
• Employees, customers and partners can bemanaged either one or in multiple andheterogeneous LDAP directories
• TE Meta directory management servicecombines heterogeneous LDAPenvironments into one meta-directory eithervia consolidation or by providing a meta viewand allowing interoperability (for example,based on X.500) across these differentLDAP-based directories.
• Supported LDAP directories include
• MS Active Directory
• iPlanet/SUN ONE
• Lotus Notes
• OpenLDAP
• etc.
Meta directory management
38
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Useraccount
management
Usercertificate
management
Single-sign-on
Metadirectory
management
© 2009 Tieto Corporation
Single sign-on
39
• How can users remember increasingnumber of passwords, without storingthem somewhere and compromisinginformation security?
• Recent Gartner study claims over 35% of all Service Desk incidents arerelated to resetting standard userpasswords.
• TE single sign-on service simplifiespassword-related operations withoutcompromising information security.
• Single sign-on service supports bothWeb and Non-Web applications
• Users can reset their passwordsthrough Customer Portal self-healingfunctionality
• TE Service Centre includes 24/7based password and access violationmonitoring and alert handling.
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Useraccount
management
Usercertificate
management
Metadirectory
managementSingle-sign-on
© 2009 Tieto Corporation
Boundary Protection
40
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Internetconnections
Partner andcustomer
connections
Intrusiondetection and
prevention
Enterprisee-Mail
Security
Web virusprotection &
content filtering
© 2009 Tieto Corporation
• Controlled and managed datagateway and channel betweenthe corporate network andInternet
• Firewall and proxy/cachemanagement
• Typical Internet connectionrelated information securitythreats are:
• IP Spoofing
• E-mail attacks
• Fragmentation attacks
• Backdoor & remoteadministration
• Service scanning
• MAC address verification
• Buffer overflows
• DNS reply spoofing
• FTP attacks
• Hidden file extensions
• Port scanning
• Syn Flood
• IP option irregularities
• DoS attacks
Internet connections
41
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Partner andcustomer
connections
Intrusiondetection and
prevention
Enterprisee-Mail
Security
Web virusprotection &
content filtering
Internetconnection
s
© 2009 Tieto Corporation
• Provides secure point-to-pointaccess for customers and partnersto enterprise network to be able toshare business applications anddata
• Information security services:• Authentication / Access
Controls• Data encryption• Event accounting and
auditing• Access methods like; HTTP, XML,
FTP, EDI etc. are supported• Secure Internet connections to and
from customers like VPN, SSL etc.
Partner and customer connections
42
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Internetconnections
Intrusiondetection and
prevention
Enterprisee-Mail
Security
Web virusprotection &
content filtering
Partner andcustomer
connections
© 2009 Tieto Corporation
• Intrusion detection and preventionservice monitors systems andnetwork traffic with the goalidentifying signs of unauthorisedintrusion.
• The service covers both host basedand network based approach and itincludes the Intrusion preventionwhich automatically prevent theattack from causing any damage.
• Intrusion detection and preventionservice deals with both internal andexternal intrusion attempts.
• The service includes keeping thesignature files up-to-date andcontinuously maintaining the pre-configured rule base.
Intrusion detection and prevention
43
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Internetconnections
Partner andcustomer
connections
Enterprisee-Mail
Security
Web virusprotection &
content filtering
Intrusiondetection and
prevention
© 2009 Tieto Corporation
• Enterprise e-mail system isprotected against virus attacksand spam e-mails
• The information securitylevel can be furtherenhanced with e-mailcontent and imagecontrols and e-mailmessage encryptionservices.
• Enterprise e-mail system isprotected using 3-layerarchitecture
• Gateway level protection• Server level protection• Client level protection
Enterprise e-Mail informationsecurity
44
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Internetconnections
Partner andcustomer
connections
Intrusiondetection and
prevention
Web virusprotection &
content filtering
Enterprisee-Mail
Security
© 2009 Tieto Corporation
• Monitors and controls inboundand outbound web traffic fromCustomer’s enterprise network toInternet.
• Prevents malicious code andunwanted computer programsand file content to enter inCustomers' terminal equipmentsand servers.
• Provides virus protection andcontent filtering infrastructure tomonitor and control the webtraffic according to Customerdefined security rules andInternet policy.
Web virus protection and content filtering
45
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Internetconnections
Partner andcustomer
connections
Intrusiondetection and
prevention
Enterprisee-Mail
Security
Web virusprotection &
contentfiltering
© 2009 Tieto Corporation
Platform Security
46
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Web serverSSL certificatemanagement
Servervirus
protection
Mainframecryptography& key mgmt
Securitypatch
management
© 2009 Tieto Corporation
• The service provides a centralisedprocess for purchasing andcommissioning SSL certificates forCustomer's web servers.
• Certificates used are issued by wellknown and authorised SSL certificateproviders.
• Certificates are managed andmaintained in centralised repository
• Web server SSL Certificatemanagement service ensures thatdefined servers and server platformsare equipped with valid SSL certificatesat all time.
Web server SSL certificate management
47
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Servervirus
protection
Mainframecryptography& key mgmt
Securitypatch
management
Web serverSSL
certificatemanagement
© 2009 Tieto Corporation
• The service provides a virus protectionto Customer’s servers and serverplatforms.
• The Service is operated from centralisedTE Service centre and technical support(Security Desk)
• Service monitors 24/7 basis that virusprotection system is operational andhandles possible discovered virusincidents.
• Virus signature file updates aredelivered automatically from SecurityDesk
• All security software updates are testedin a test environment before releasingthe updates to Customer environment.
Server virus protection
48
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Web serverSSL certificatemanagement
Mainframecryptography& key mgmt
Securitypatch
management
Servervirus
protection
© 2009 Tieto Corporation
• Mainframe cryptography and Keymanagement services consist ofinstallation, operations andmaintenance of cryptographic servicesfor mainframe production, testing andpossible backup environments.
• Mainframe cryptographic services areused for centralised management ofencryption keys for different businessapplications.
• Service provides application interfacefor centralised mainframecryptographic services and supportsdifferent application specific keymanagement models.
Mainframe cryptography and keymanagement
49
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Web serverSSL certificatemanagement
Servervirus
protection
Securitypatch
management
Mainframecryptography& key mgmt
© 2009 Tieto Corporation
• Security patch management service provides asingle point of control to maintain systems andplatforms version integrity and vulnerability level
• Security patch management is operated 24/7basis by TE Service centre and technicalsupport (Security Desk)
• Security patch management is a naturalextension of Early Warning service whichprovides proactive inputs which securitypatches should be deployed and when.
• Security patch management includes also”emergency patching” which is a forced priorityupdate normally deployed only in a case ofmajor catastrophe
• All published security patches are tested in atest environment before releasing the updatesto automated distribution.
Security patch management
50
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Web serverSSL certificatemanagement
Servervirus
protection
Mainframecryptography& key mgmt
Securitypatch
management
© 2009 Tieto Corporation
End-point Security
51
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Remoteclient
connections
Clientinformation
security
© 2009 Tieto Corporation
• Single client access to the enterprisenetwork, typically through the Internet (homeoffice PC, laptop access from airport or hotelroom, mobile phone accessing e-mail andcalendar over the cell phone network etc.)
• Supported access methods like VPN client,SSL VPN, RAS, GSM, xG
• Information security services:• Authentication / Access Controls• Data encryption• Event accounting and auditing
• Typical clients desktops, laptops, PDAs andsmart phones.
Remote client connections
52
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Clientinformation
security
Remoteclient
connections
© 2009 Tieto Corporation
• Centralised client virus, spy-ware and ad-ware protection
• Automated fingerprint file updates fromTieto Service Centre with recovery andclean-up support
• Personal firewall for mobile laptop users• Hard disk data encryption• Proactive information security scans
• Security and browser setting• Gatekeeper services when
connected to enterprise network• Security products installed and
operational
Client information security
53
Security Operations
PlatformSecurity
End-pointSecurity
BoundaryProtection
IdentityManagement
Remoteclient
connections
Clientinformation
security
© 2009 Tieto Corporation
Service governance
54
A governance model which improves service value, manages the servicelifecycle and service performance, costs and quality
Tieto Service Governance model Service Governance organisation
SVALeadership team
SLAManagement team
ITIL Delivery teamOperational governanceOptimising operations
Tactical governanceEnsuring performance
Strategic governanceImproving value
© 2009 Tieto Corporation
Contents
55
3
2
4
1
Value proposition
Informationsecurity services
Benefits
Business environment
© 2009 Tieto Corporation
Tieto as Managed Security Services Provider(MSSP)
Manage proactivelyvulnerabilities and increaseyour information securityservice responsiveness
Operate 24 / 7 yourinformation security
platform from centralisedSecurity Desk
Wide range ofindependent consultancyservices to protect your
enterprise businesssystems and data
Identify and managethreats and compliancy
issues, usinginformation security
policies
Changing perspectives
Roman SulitskySales Executive,Tieto, MS [email protected]