Unleashing the Power of Information · • Many traditional ISVs are transitioning their model to SaaS (e.g., Adobe, Autodesk, Aspentech) • SaaS continues to be near the top of

Unleashing the Power of Information

Cyber Security Strategies for Corporate CanadaTom Jenkins Strathrobyn Dinner

Chairman, CFC Foundation @RCMI

OpenText Corporation February 10, 2015

OpenText Confidential. ©2015 All Rights Reserved. 2

Security Matters


Digital Information

Private Information

Public Information

Firewall

Corporate Consumer

Slide


Only 4% of Web content (~8 billion pages)is available via search engines like Google

The Public Web

Source: The Deep Web: Semantic Search Takes Innovation to New Depths

The Deep Web

The Deep WebApproximately 96% of the digital

universe is on Deep Web sites protected by passwords

10Zettabytes

10 Zettabyte = 1000000000000000000000000


Built the Original Internet Archive

Jerry Yang CEO of Yahoo and Tom Jenkins CEO of Open Text launch in 1995.

based on university research



Built Archives Which Became the “Deep Web” Inside Corporations

Copyright © Open Text Corporation. All rights reserved.


Wrote a new book on Big Data and the Hidden Web inside the Firewall

Tom Jenkins

A guide book on building Enterprise Applications inside the firewall

Available on Amazon or Apple or www.opentext.com


Managing Information is Key

• 80% of data is unstructured• Content is doubling every 90 days• Mounting regulatory pressures• Business processes are broken• No single source of truth• More and more applications

Information is the New Currency


It Has Never Been So Disruptive

• SaaS has become the preferred way of consuming software for enterprises

• Many traditional ISVs are transitioning their model to SaaS (e.g., Adobe, Autodesk, Aspentech)

• SaaS continues to be near the top of acquirers’ wish lists

• $32B of software, services and infrastructure to be spent on big data by 2017

• Information management and analytics software expected to see most growth

• Hadoop beginning to garner mainstream adoption

• Device landscape is more complicated than ever before

• Multiple operating systems in use and BYOD disrupting traditional IT

• Customers expect information and services to be available on any device, at their time of need

• Governance, Risk & Compliance to become a $10B market by 2018

• The threat landscape is evolving as perpetrators are less known, attacks are more often multi-stage, hard to discover, and highly targeted

• Large enterprises such as Thomson Reuters, IBM, Oracle have entered space through M&A as they see potential opportunity

• From Big Data to Cloud Computing, more than half of executives (52%) see digital technologies significantly transforming their industry

• Digital disruption is accelerating business processes, for a fraction of the cost, drawing from a larger, more social network of ideas

• Social technologies continue to push further into the enterprises as more and more use cases are being discovered

• $8.9 Trillion in IoT related revenue expected by 2020 across verticals

• Highly strategic opportunity that is getting interest from many large IT enterprises

• Digital home, telematics, connected car all early-stage, tangible examples of IoT

Cloud Big Data Mobile

Security Digital Internet of Things

Source: IDC, Gartner


Amount of Data is Growing Everywhere

90% of world’s data generatedover the last 2 years

Mobile data traffic will grow 13Xby 2017

More information createdthan from 0 AD-2003

15 of 17 U.S. sectors have more data per company than Library of Congress

20,000 TB processedevery day

1M transactionsevery hour

144,000 hours of video uploadedevery day

2.5M shared pieces of contentevery minute

My Average Information Day

500 Emails 5 Faxes 100 Documents 50 Images 40 Social Interactions 10 Contracts 10 Videos

An average 700 objects per day @ 350 days work per year =

250,000@ 8,000 employees =

1.9 Billionobjects


The Cost of Security Breaches

18% Increase in average

financial losses associated with security incidents from 2012 to

2013

~$1MAverage payout

$21BLosses related to identity

theft in 2012 in the US

$84M Total payout for all 88

claims

$2BEstimated total annual

losses to phishing

$20M Largest claim payout

$8.9BAverage annualized cost

for 56 benchmarked organizations of cyber

breaches

$2,560Smallest claim payout

Source: Information Security Forum (ISF), ‘Threat Horizon 2016’, 2014


The World’s Biggest Data Breaches


In the NewsChinese hackers used malware, tempting emails, andpassword theft to worm their way into National ResearchCouncil computers in pursuit of valuable scientific and tradesecrets. The attack prompted a shut down of thegovernment research council’s computer network in July,2014.

Infiltrators used complex techniques to infiltrate the counciland establish a foothold within its networks.

NRC Hacked Jim Bronskill, Cdn Press. December 13, 2014

Sony BreachedIn November 2014, Sony's internal computer systemwas hacked by a group called the Guardians ofPeace, who warned that if Sony publicly released thefilm, “The Interview”, secret data would be shown tothe world and that additional attacks would continue.

A number of as-yet unreleased films have been madeavailable for illegal download. Salaries and socialsecurity numbers of thousands of Sony employeeswere also leaked online.

Jane Wakefield, BBC. December 18, 2014

In February 2015, Anthem revealed that its databaseswere hacked, potentially exposing personalinformation of about 80 million of its customers andemployees. Cyber attackers executed a verysophisticated attack to gain access to one of Anthem’sIT systems.

Names, birthdays, social security numbers, streetaddresses, email addresses and employment datawere breached.

Anthem Hacked Li Anne Wong, CNBC. February 4, 2015


Cyber Crime2%

Hacktivism14%

Cyber Espionage

28%

Cyber War56%

Government30%

Industry28%

Individuals11%

Education5% Law

Enforcement4%

News6%

Organizations4%

Health3%

Finance6%

Other3%

Source: hackmageddon.com. August 2014

Motivations for Cyber Attacks

Targets for Cyber Attacks

Diverse Motivations. Diverse Targets.


Data Zones and Sovereignty

70% of businesses would trade cloud performance for increased data

control*

*InformationWeek


Key Macro Cyber ThemesTheme Learnings / Impact

Snowden Increased public distrust, renewed customer focus on data sovereignty.

Data Breach The new normal. Target and Home Depot have taught us while compliance is necessary, it’s not enough.

Cyber Response While prevention must be a priority, so must company wide cyber response and market facing preparedness.

Nation State ActorsHave capabilities unmatched by commercial security –public/private collaboration with government is critical to effective technical protection.

Shareholders / Market

Cyber breach directly impacts brand, share price and company bottom line. Preventing breach has proven in all cases to be more cost effective.


Four Types of Risk Mitigation

Risk Acceptance• Cost of avoidance or limitation

outweighs cost of risk• Does not reduce effects

Risk Limitation• Most common middle-ground• Accepting failure will occur,

while ensuring time to recovery / loss is minimal

Risk Transference• Handling off risk to a willing 3rd party• Outsourcing operations or

purchasing insurance, etc

Risk Avoidance• Actions to avoid any exposure

to risk whatsoever• Most expensive


Digital Disruption is Stronger and FasterW

eb D

isrup

tion

Digital Disruption“A 2014 survey of 1,243 global business executives found that 93 percent believe that digital will disrupt their business as early as within the next 12 months.” - Forrester


Market Leaders are Transforming their Businesses

Wang, R.,. ” The Building Blocks of Successful Corporate IT”, Harvard Business Review, August 8, 2013, http://blogs.hbr.org/2013/08/the-building-blocks-of-success/ (accessed September 2014).


Digital Leaders are more Profitable

Digital leaders are 26% more profitable than their competitors*

*Gapgemini Consulting and the MIT Center for Digital Business, “The Digital Advantage: How digital leaders outperform their peers in every industry, 2012

Digi

tal I

nten

sity

Transformation Management Intensity


Time

Client Server

Internet

Cloud

Digital

Y2K

Dis

rupt

ion

©℠

Disr

uptio

n

Connected (people, devices, organizations)

The Digital Enterprise:Re-conceptualize The Future


The Corporate Challenge

MissionRisk


Yet , access to Facebook, Twitter,

and YouTube is barred in 45% of

organizations


Digital Natives: They grew up differently!

Radio

TV

SmartPhone

http://www.washingtonpost.com/wp-srv/photo/postphotos/style/2005-03-10/8.htm

http://www.washingtonpost.com/wp-srv/photo/postphotos/style/2005-03-10/8.htm

http://images.google.ca/imgres?imgurl=http://www.copyblogger.com/images/logo_facebook.jpg&imgrefurl=http://www.copyblogger.com/facebook-application-marketing/&usg=___n_JvidbiDtnshHS9X-XKT9WYSQ=&h=176&w=468&sz=13&hl=en&start=7&tbnid=aGntek1MwLEJ7M:&tbnh=48&tbnw=128&prev=/images?q=facebook+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://www.copyblogger.com/images/logo_facebook.jpg&imgrefurl=http://www.copyblogger.com/facebook-application-marketing/&usg=___n_JvidbiDtnshHS9X-XKT9WYSQ=&h=176&w=468&sz=13&hl=en&start=7&tbnid=aGntek1MwLEJ7M:&tbnh=48&tbnw=128&prev=/images?q=facebook+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://ecsyouth.files.wordpress.com/2008/01/wr08-myspace-logo-duck-and-gorilla.jpg&imgrefurl=http://ecsyouth.wordpress.com/2008/01/21/winter-retreat-2008/&usg=__z1xa2xqxmmdfaIFKdKNBcB72fW0=&h=350&w=1528&sz=187&hl=en&start=14&tbnid=C2mFgbkcZKNSVM:&tbnh=34&tbnw=150&prev=/images?q=myspace+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://ecsyouth.files.wordpress.com/2008/01/wr08-myspace-logo-duck-and-gorilla.jpg&imgrefurl=http://ecsyouth.wordpress.com/2008/01/21/winter-retreat-2008/&usg=__z1xa2xqxmmdfaIFKdKNBcB72fW0=&h=350&w=1528&sz=187&hl=en&start=14&tbnid=C2mFgbkcZKNSVM:&tbnh=34&tbnw=150&prev=/images?q=myspace+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://www.goalline.ca/images/youtube_logo.jpg&imgrefurl=http://www.goalline.ca/main/news.php?show=all&usg=__KTxx9z0sbE9Kr9Ev834eQBEBcc8=&h=310&w=413&sz=17&hl=en&start=7&tbnid=P5L3xns34LJS0M:&tbnh=94&tbnw=125&prev=/images?q=youtube&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://www.goalline.ca/images/youtube_logo.jpg&imgrefurl=http://www.goalline.ca/main/news.php?show=all&usg=__KTxx9z0sbE9Kr9Ev834eQBEBcc8=&h=310&w=413&sz=17&hl=en&start=7&tbnid=P5L3xns34LJS0M:&tbnh=94&tbnw=125&prev=/images?q=youtube&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://www.labnol.org/assets/images/GoogleDevelopingGMailOfflineVersionUsing_B248/googlegmaillogo.jpg&imgrefurl=http://labnol.blogspot.com/2007/09/google-developing-gmail-offline-version.html&usg=__31b_JSG5GO471Jy3u6J9bZYRXf8=&h=206&w=458&sz=21&hl=en&start=4&tbnid=oa7JjM_etW8TkM:&tbnh=58&tbnw=128&prev=/images?q=gmail+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://www.labnol.org/assets/images/GoogleDevelopingGMailOfflineVersionUsing_B248/googlegmaillogo.jpg&imgrefurl=http://labnol.blogspot.com/2007/09/google-developing-gmail-offline-version.html&usg=__31b_JSG5GO471Jy3u6J9bZYRXf8=&h=206&w=458&sz=21&hl=en&start=4&tbnid=oa7JjM_etW8TkM:&tbnh=58&tbnw=128&prev=/images?q=gmail+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://www.pixelicia.com/wp-content/uploads/2008/04/flickr-logo.jpg&imgrefurl=http://bit330f08.wikidot.com/blog:image-search:google-v-s-flickr&usg=__U0RVXzgAcC39f9dv6Im1G_iBDcA=&h=196&w=500&sz=12&hl=en&start=4&tbnid=p99FFGDhXindAM:&tbnh=51&tbnw=130&prev=/images?q=flickr+logo&gbv=2&hl=en&sa=X

http://images.google.ca/imgres?imgurl=http://www.pixelicia.com/wp-content/uploads/2008/04/flickr-logo.jpg&imgrefurl=http://bit330f08.wikidot.com/blog:image-search:google-v-s-flickr&usg=__U0RVXzgAcC39f9dv6Im1G_iBDcA=&h=196&w=500&sz=12&hl=en&start=4&tbnid=p99FFGDhXindAM:&tbnh=51&tbnw=130&prev=/images?q=flickr+logo&gbv=2&hl=en&sa=X

http://images.google.ca/imgres?imgurl=http://z.about.com/d/browsers/1/0/O/8/-/-/aim_logo2.gif&imgrefurl=http://browsers.about.com/b/2007/09/27/big-trouble-with-aol-instant-messenger.htm&usg=__6RtY2Z0UzqzM6CYX5cvowwKL8YM=&h=119&w=150&sz=4&hl=en&start=3&tbnid=oph1gyDayfU_NM:&tbnh=76&tbnw=96&prev=/images?q=aol+instant+messenger+logo&gbv=2&hl=en

http://images.google.ca/imgres?imgurl=http://z.about.com/d/browsers/1/0/O/8/-/-/aim_logo2.gif&imgrefurl=http://browsers.about.com/b/2007/09/27/big-trouble-with-aol-instant-messenger.htm&usg=__6RtY2Z0UzqzM6CYX5cvowwKL8YM=&h=119&w=150&sz=4&hl=en&start=3&tbnid=oph1gyDayfU_NM:&tbnh=76&tbnw=96&prev=/images?q=aol+instant+messenger+logo&gbv=2&hl=en

OpenText Confidential. ©2015 All Rights Reserved. 26Copyright © 2009 Open Text Corporation. All rights

Slide 26

Digital Natives Are Different: 35 years and under

Creativity +

Memory –

Affinity –


Permission: Balancing Access with Security

Example: A keyword Search

No indication of existence

Indicates title of document

Allows view of document

Allows download of document

Allows modification of document

Allows uploading of document

Allows replacement of document


Impact of IOT

Billions of people generating petabytes hourly will be superceded by hundreds of billions of devices generating zetabytes in secondsHuge scale change


Governance Issues predicted

29


IOT

30


FlashCrash – Fiction becomes Reality

The May 6, 2010 Flash Crash[1] also known as The Crash of 2:45, the 2010 Flash Crash, or simply the Flash Crash, was a United States stock market crash on Thursday May 6, 2010 in which the Dow Jones Industrial Average plunged about 1000 points (about 9%) only to recover those losses within minutes.[2] It was the second largest point swing, 1,010.14 points, and the biggest one-day point decline, 998.5 points, on an intraday basis in Dow Jones Industrial Average history

1 second of machine nanosecond trading = 34 years of human trading!

31

http://en.wikipedia.org/wiki/Stock_market_crash

http://en.wikipedia.org/wiki/Dow_Jones_Industrial_Average

http://en.wikipedia.org/wiki/List_of_largest_daily_changes_in_the_Dow_Jones_Industrial_Average


Governance Issue Today

32





Further Reading…..

TomJenkins

Available on Amazon or Apple or www.opentext.com


Cyber Security

OpenText Confidential. ©2015 All Rights Reserved. 38Copyright © OpenText Corporation. All rights reserved.

Unleashing the Power of Information