Privacy A Corporate Responsibility

Ronald Ross, CEO

Privacy A Corporate Responsibility

– How bad it gets?– Social and economic implications– Legislations– Challenges– MSS and privacy– Conclusion

Refreshing Statistics• The U.S. Federal Trade Commision’s Hotline

received 445 phone calls per week in November of 1999

• By June 2001 the number rose to 1800 calls per week

445

1800

0

200

400

600

800

1000

1200

1400

1600

1800

Ca

lls

pe

r w

ee

k

Stolen Identity Dynamics,U.S.

Year20011999

Categories of Identity Theft

• Credit Card fraud

• Unauthorized Phone or Utility Services

• Bank Fraud

• Fraudulent Loans

• Government Documents or Benefits

• Other Identity Theft

• Multiple Types

Sample contacts received

326

24

736 7

Identity theft

Identity verification

Sales

Loss of Card

Problem with SSN

More Statistics

Source: U.S. Office of the Inspector General, August 1999

Canadians Accessing the Internet

23%

31%

37%

49%

57%

0%

10%

20%

30%

40%

50%

60%

Canadians Accessing the Internet

Year

20001999199819971996

Source: Industry Canada

53%

94%

22%

69%

14%

44%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Canadian BusinessConnected to the

Internet

Canadian BusinessWith Websites

Canadian Businessto Procure Goods

Canadian Private Sector vs Public, 1999 Statistics

Private

Public

Use of the Internet by Sectors

Source: Industry Canada

Major Business Obsticales for E-commerce

42%

40%

31%

29%

0% 10% 20% 30% 40% 50%

Security Concerns

Privacy Concerns

IT DevelopmentCosts

IT Support Costs

Barriers to E-Commerce Development

Source: Deloitte and Touche

E-Commerce Consumer Barriers

40%

23%

60%

0% 10% 20% 30% 40% 50% 60% 70%

Security Concerns

No Need

Other

Source: Ekos Research Associates

Privacy Legislations CANADA:

Personal Information Protection and Electronic Document Act, April 13, 2000

U.S. : Health Insurance Portability and Accountability, 1996 Children’s Online Privacy Protection Act, 1998 Gramm-Leach-Bliley Act for the banking industry, 1999

Europe: Data Protection Directive, 1995 Telecommunications Directive, 1997

Australia: The Privacy Amendment Act, 2000

Japan: Guidelines Concerning the Protection of Personal Information Associated with Electronic

Computer Data Processing in the Private Sector, 1989

Most Recent Developments

U.S.: Federal Trade Commission will hold a workshop in December 2001 to assist

companies with writing privacy policies that comply with Gramm-Leach-Bliley Act October, 2001 - California Creates Identity Theft Law, Senate Bill 168

Europe: Anti Spam legislation Echelon report accepted

IT Security and Privacy are closely related Without proper security and security policies, the privacy

cannot be enforced Technology is just an enabler to protect the private

information People are managing the technologies and risks

Security and Privacy

Complexity of the systems, including the OS. Microsoft Windows 2000 estimated to have 35-40 million lines of codes

Network configuration errors Shortage of qualified IT security personnel and turnover Costly to maintain in-house Lack of funding Human factor

Challenges

Compliancy with the Privacy Act:

Basic Questions Do you have a Security policy in place? Do you enforce your Security policy? Do you encrypt all private and sensitive data? Do you monitor any unauthorized access to private information? How the cookies are handled in your organization? Who can

access the cookies?

How JETNET Can Help You

A Brief Introduction to JETNET

• Founded in 1998 in Ottawa as a “JetForm Affiliate”– Design of International Deployment of VPN/FW

• First mover in “Managed Security Services”• Recognized as a “Pioneer” by TeleManagement • Ottawa, Toronto Locations• 7/24 Internetworking Operations Centre (IOC) • JETNET is Canada’s leading Managed Security

Services Provider– Impressive Customer List– Patent pending technology and service delivery

JETNET Technology Partnerships

• Partnerships with the leaders in the security market

• Best of breed technology offering

We Offer to You...• Focus

– Our only offering is MSS (Has been for the last 3 years)

• Track Record– “Blue Chip” Customers, Systems, People– Trust factor/Relationship has been established and maintained

• Mature Offering– 3 Year design and development– Process Driven and extensive expertise– Investment in Infrastructure has been made

• Annuity, High Leverage Model in a High Growth Market– Ability to compensate your team and deliver

• Continued Support– Employees, Customers and Investors

JETNET Services Managed Firewall

Managed VPN Branch

Managed VPN – Remote Access

Managed Radius Authentication Service

Managed Authentication – VPN

Managed Authentication – Web

Bundled Security Service – FW, VPN, FW/VPN

Professional Services

Vulnerability assessment services

MMRH Service OfferingOPERATIONAL

SUPPORT

VALUE PROPOSITION (7x24)

Management

Conduct moves/adds/changes

Provide access to technical expertise

Supply regular backup of device configuration file

Apply vendor updates and patches necessary to ensure operational stability and adherence to industry security standards

Monitoring

Vigilant monitoring for device health, performance, availability, capacity and security compliance

Timely response to selective conditions

Reporting

Supply third party device health, performance, availability, capacity and security compliance reports

Reports available for all Managed Devices

Help Desk

Provide access to technical expertise and support via single point of contact

Notify customer in the event of an operational exception

Liaise with the respective maintenance and support vendors in the event of an operational exception

- Coverage by countries

JETNET Global Coverage

JETNET’s Technology Can Help To Safeguard Your Network

Security Activity Manager Collection Agent or SCA is an agent on a dedicated HW

SCA can securely track different events and log files within the LAN’s DMZ area

Top 10 Web sites reports Top 25 Users In-house developed or third party applications for

monitoring privacy compliance can be deployed and alerts can be generated in a real-time

$629,241

$1,660,979

$0

$200,000

$400,000

$600,000

$800,000

$1,000,000

$1,200,000

$1,400,000

$1,600,000

$1,800,000

Co

st,

$

JETNET Solution vs In-House Implementation

JETNET In-house

$629,241

$2,319,083

$0

$500,000

$1,000,000

$1,500,000

$2,000,000

$2,500,000

Co

st,

$

JETNET Solution vs Full In-House Implementation

JETNET In-house

Business Models Comparison

JETNET – Customer Data Flow

VPN Device

VPN GW

JETNET MonitoringCustomer Deployment

JETNET SCA

JETNET Intelligence

JETNET IOC SAM

E-mail

Phone, pager

Customer Feedback

FW

IDS

SCA Deployment

Monitoring The Privacy Act Compliance

Privacy compliance audits Recommendations/implementation for improvement, based on

the results of audits Proactive Managed Security Services – protect the networks Managed applications inside the customer network (SCA) to

monitor any unauthorized behavior and notify the customer

“Technological advances have also facilitated ’identity theft,’ the availability and misuse of electronic account and personal information. Identity theft poses significant risks to financial institutions and individuals alike. The Internet is also engendering other bank-related frauds.”

Conclusion

Statement of Charles L. Owens; Chief, Financial Crimes Section, FBI; in a hearing on Financial Instrument Fraud held by the Subcommittee on Financial Services and Technology; Committee on Banking, Housing, and Urban Affairs; U.S. Senate; Sept. 16, 1997.

Thank You