StorTech Security • Regulatory compliance provides the business

foundation for security • Organisations need to tackle all security

challenges from a business perspective• Security & storage must be managed end-to-end• Answering the “who, what, where, when & how”

of information systems ensures compliance and improves operational efficiency

2007 Security Business Drivers

• Complexity, Compliance, Cost– Solutions need to balance IT Risk, Cost &

Performance– Security needs to fit business needs

• The rise of the “Malicious Insider”• Physical & Digital Convergence• Targeted application threats – AJAX, VOIP• Poisoned Websites• Zero-Day Exploits

StorTech’s Security Engagement• Survey

– Check internal policies against compliance best practice– Assess vulnerabilities and threats across the entire network– Provide a vulnerability assessment report– Recommend remedial priorities– Produce remedial plan

• Solve– Comprehensive, multi-vendor solutions– Standalone or integrated offerings– Market-leading technologies

• Support– Full maintenance options– Ongoing vulnerability & compliance assessments

Solve

Support

Survey

Compliance

• Regulations, like the World Cup, are coming here• Standards/regulations are good

– Increase business benefit– Decrease risk– Open up business opportunities– Ready for the future

• Why reinvent the wheel?PCI

Requirements Regulatory

Data Protection

Data Retention/Corp Gov

National Security

Legal Framework

IPR Protection

Who?

What?

Where?

When?

How?

But, All Regulations are the Same..

Real World Events

Identity Theft

Financial Scandals

Terrorist Threats

Electronic Commerce

SA Constitution

Information“At Rest”

Information“On the Move”

It All Starts With Identity……

Who?

What?

Corporate Governance

Where?

When?

How?

When?

How?

Where?

What?

Who? – Strong Identity Management

Centralised User Management

Reduced or Single Sign-On

Multi-Function Devices

A single management console for all users.

Centralised access management to applications,

devices and locations.

Full audit trail for compliance.

Easy addition and removal of users.

Centralised user control for all access.

Identity Management system deals with password resets.

Single authentication method can unlock all user access.

Additional services can be added.

Increases the business value of Strong Authentication.

What? - Perimeter Security

Anti-Virus Anti-Spam

Encryption

Secure BackUp & Disaster Recovery

Reduced Infection = Reduced Downtime

Customer Protection Ensured

60% Reduction of Messaging Traffic

Reduced Storage Overhead Faster Messaging =

Increased Business Efficiency

Secrecy & Non-Repudiation = More Electronic Use for Paper-Based Transactions

Secure Electronic Transactions = Better Customer Experience

Increased Availability = Reduced Downtime Ensured Compliance = Good Business Practice

Where? - End-Point Compliance

Appliance Identification

Centralised Management

Policy Adherance

Securely identifying the user is pointless

if the remote device is insecure.

Centrally managing end-points enables your business to allow

more services remotely.

More remote services increases overall efficiency.

Increased efficiency gives a better customer experience.

Users have different levels of access according to the device

they are logging on from.

Policy-based access according to business rules.

Dictates the level of security for full remote access.

Where? – Mobile Security

Smartphones & PDA’s

Centralised Management

Policy Adherance

Phones, PDA’s and other devices are increasingly powerful and

being used as business tools. They represent similar risks to

businesses as traditional laptops and PC’s. They need to be

protected in the same way.

Mobile Security is managed centrally. This is both from a device

management perspective as well as the deployment of client

software. The system treats phones and remote devices in the

same way as any remote computer.

Users have different levels of access according to the device

they are logging on from and the risk associated with that

device.

When? - Time-Based Info Management

Digital Verification

Data Retention & Control

Corporate Governance

Digital signatures ensure that electronic transactions are secret,

secure and tamper-proof.

Ensuring secure electronic transactions means trusted

electronic business.

Defining the correct business policies means IP can be retained,

leveraged and managed efficiently.

Controlled destruction of expired data limits exponential storage

growth.

Defining good internal business policies limits an organisation’s

exposure to expensive litigation.

Clearly defining employee roles based on compliance ensures

greater operational efficiency.

Secure Information Blueprint

Symantec NetBackup/Backup Exec

Symantec Cluster ServerStorageTek Disk & Tape

Inte

rnet

Microsoft Exchange

Messaging Security (Groupware)

Storage ManagementRecovery and Availability

Information Archiving

Messaging Security (SMTP)

Symantec Storage FoundationSymantec

CommandCentralSun GSM

Symantec Enterprise Vault

Symantec Mail Security/Symantec IM Manager

Symantec Mail Security Software/Appliances/Hosted

IBM Notes/Domino

SMTP TrafficMTA

Identity Management

RSA SecurID & Auth. ManagerSymantec Sygate

Sun IDM

Managed Security Services

• In Partnership with Symantec– 1st & 2nd line support by StorTech locally, 3rd line by Symantec

Global SOC’s• Managed Perimeter Security

– AV, Anti-Spam, IDS, IPS• Managed Identity

– Strong authentication, IDM• Secure Incident & Event Management

– Management of user log files to detect & manage additional security threats

– Reduction of false/positives– Greater efficiency for patch management– Tiered relevance for alerts according to the specific organisation