Upload
jewel-cummings
View
215
Download
1
Embed Size (px)
Citation preview
StorTech Security • Regulatory compliance provides the business
foundation for security • Organisations need to tackle all security
challenges from a business perspective• Security & storage must be managed end-to-end• Answering the “who, what, where, when & how”
of information systems ensures compliance and improves operational efficiency
2007 Security Business Drivers
• Complexity, Compliance, Cost– Solutions need to balance IT Risk, Cost &
Performance– Security needs to fit business needs
• The rise of the “Malicious Insider”• Physical & Digital Convergence• Targeted application threats – AJAX, VOIP• Poisoned Websites• Zero-Day Exploits
StorTech’s Security Engagement• Survey
– Check internal policies against compliance best practice– Assess vulnerabilities and threats across the entire network– Provide a vulnerability assessment report– Recommend remedial priorities– Produce remedial plan
• Solve– Comprehensive, multi-vendor solutions– Standalone or integrated offerings– Market-leading technologies
• Support– Full maintenance options– Ongoing vulnerability & compliance assessments
Solve
Support
Survey
Compliance
• Regulations, like the World Cup, are coming here• Standards/regulations are good
– Increase business benefit– Decrease risk– Open up business opportunities– Ready for the future
• Why reinvent the wheel?PCI
Requirements Regulatory
Data Protection
Data Retention/Corp Gov
National Security
Legal Framework
IPR Protection
Who?
What?
Where?
When?
How?
But, All Regulations are the Same..
Real World Events
Identity Theft
Financial Scandals
Terrorist Threats
Electronic Commerce
SA Constitution
Information“At Rest”
Information“On the Move”
It All Starts With Identity……
Who?
What?
Corporate Governance
Where?
When?
How?
When?
How?
Where?
What?
Who? – Strong Identity Management
Centralised User Management
Reduced or Single Sign-On
Multi-Function Devices
A single management console for all users.
Centralised access management to applications,
devices and locations.
Full audit trail for compliance.
Easy addition and removal of users.
Centralised user control for all access.
Identity Management system deals with password resets.
Single authentication method can unlock all user access.
Additional services can be added.
Increases the business value of Strong Authentication.
What? - Perimeter Security
Anti-Virus Anti-Spam
Encryption
Secure BackUp & Disaster Recovery
Reduced Infection = Reduced Downtime
Customer Protection Ensured
60% Reduction of Messaging Traffic
Reduced Storage Overhead Faster Messaging =
Increased Business Efficiency
Secrecy & Non-Repudiation = More Electronic Use for Paper-Based Transactions
Secure Electronic Transactions = Better Customer Experience
Increased Availability = Reduced Downtime Ensured Compliance = Good Business Practice
Where? - End-Point Compliance
Appliance Identification
Centralised Management
Policy Adherance
Securely identifying the user is pointless
if the remote device is insecure.
Centrally managing end-points enables your business to allow
more services remotely.
More remote services increases overall efficiency.
Increased efficiency gives a better customer experience.
Users have different levels of access according to the device
they are logging on from.
Policy-based access according to business rules.
Dictates the level of security for full remote access.
Where? – Mobile Security
Smartphones & PDA’s
Centralised Management
Policy Adherance
Phones, PDA’s and other devices are increasingly powerful and
being used as business tools. They represent similar risks to
businesses as traditional laptops and PC’s. They need to be
protected in the same way.
Mobile Security is managed centrally. This is both from a device
management perspective as well as the deployment of client
software. The system treats phones and remote devices in the
same way as any remote computer.
Users have different levels of access according to the device
they are logging on from and the risk associated with that
device.
When? - Time-Based Info Management
Digital Verification
Data Retention & Control
Corporate Governance
Digital signatures ensure that electronic transactions are secret,
secure and tamper-proof.
Ensuring secure electronic transactions means trusted
electronic business.
Defining the correct business policies means IP can be retained,
leveraged and managed efficiently.
Controlled destruction of expired data limits exponential storage
growth.
Defining good internal business policies limits an organisation’s
exposure to expensive litigation.
Clearly defining employee roles based on compliance ensures
greater operational efficiency.
Secure Information Blueprint
Symantec NetBackup/Backup Exec
Symantec Cluster ServerStorageTek Disk & Tape
Inte
rnet
Microsoft Exchange
Messaging Security (Groupware)
Storage ManagementRecovery and Availability
Information Archiving
Messaging Security (SMTP)
Symantec Storage FoundationSymantec
CommandCentralSun GSM
Symantec Enterprise Vault
Symantec Mail Security/Symantec IM Manager
Symantec Mail Security Software/Appliances/Hosted
IBM Notes/Domino
SMTP TrafficMTA
Identity Management
RSA SecurID & Auth. ManagerSymantec Sygate
Sun IDM
Managed Security Services
• In Partnership with Symantec– 1st & 2nd line support by StorTech locally, 3rd line by Symantec
Global SOC’s• Managed Perimeter Security
– AV, Anti-Spam, IDS, IPS• Managed Identity
– Strong authentication, IDM• Secure Incident & Event Management
– Management of user log files to detect & manage additional security threats
– Reduction of false/positives– Greater efficiency for patch management– Tiered relevance for alerts according to the specific organisation