© 2013 IBM Corporation

Welcome and introduction

to the conferencePeter EllegaardCountry Manager Cloud & Smart Infrastructure Denmark (Tivoli)

May 28th 2013Lokomotivværkstedet Copenhagen

2

The Venue

Lokomotivværkstedet +100 years old listed building Danish railway history Lokomotiv maintenance 9.000 m2

One of few possible places Nordic event More than 500 attendees 5 tracks Exhibition hall Dinner / Lasse Rimmer 1:1 meetings 4 User Group meetings

New experience Virtual space division Headphones needed Leave headphones on chair

3

Cloud & Smarter Infrastructure (Tivoli)

Tivoli®

4

Visibility

Control

Automation

to see and understandyour business in real time

to transform and adaptwhile limiting risk & cost

to achieve greater efficiency and agility

Turning Opportunities Into Outcomes

Business

IT

5

What Is Driving new Opportunities and IT Demand

Explosion of Mobile Devices

Infrastructure OptimizationCloud Computing

Growth of Social Media

Advanced Predictive Analytics

Real-time Sensor DataCyber Security

Business Optimization

+Big Data

Business Optimization

+Big Data

6

The 5 main tracks

7

Agenda Morning

© 2013 IBM Corporation© 2013 IBM Corporation

Turning Opportunities into OutcomesMoe Abdula, Vice President, IBM SmartCloud Foundation Portfolio Strategy

9

Internet of information

Internet of engagement

Internet of “things”

200 BILLION

100 BILLION

50 BILLION

INTERMITTENTLY CONNECTED DEVICES AND PEOPLE2000 2020 2010

The convergence of technology is transforming the world into an Internet of things…

10

Fuels investments in

innovation

Drives need for continuous

optimizationOptimization Innovation

The ability to balance Optimization and Innovation will be critical to success…

10

11

41%experience

development delays

34%experience

deployment delays

45%experience

production delays

Source : A commissioned study conducted by Forrester Consulting on behalf of IBM, 4Q2011

However, organizations are challenged in Optimizing product & service delivery, and in turn, driving Innovation….

11

Business OperationsDevelopmentCustomers

12

An open, and holistic approach to managing the delivery of products & services across smarter infrastructures is needed…

12

13

IBM provides an open, and holistic approach to managing the delivery of products & services across smarter infrastructures…

14

Cloud Computing: A Next Generation Cloud Architecture

Built upon a Cloud standards architecture

Patterns of Expertise

Workload Optimization

Dynamically Orchestrated Services

15

Cloud Orchestration

Services • Storage • Network

Cloud Service Management

Images • Patches • Threats

Cloud Service Delivery

Visibility • Control • Automation

Open Service Lifecycle Collaboration

Intelligent Cloud Workloads

Virtualization

Computing Resources

Cloud Computing: Extending value & optimizing investments…

16

An integrated set of capabilities for enabling private/hybrid clouds andthe virtualization, automation and management of service delivery

Cloud Computing: IBM SmartCloud Foundation

Virtualized Standardized Automated

Infrastructure as a Service Capabilities

Infrastructure UsagePerformanceManagement Security

Platform as a Service Capabilities

Lifecycle Resources Environments Management Integration

Resilient to the velocity of changing business needs

Enables choice & flexibility in hybrid environments

Provides enterprise-class, workload-aware services

Built-in analytics for improved insight and decision making

16

17

Cloud Computing: Flexibility in consuming & integrating hybrid clouds…

Evolve existing infrastructure

to Cloud

Accelerate adoption with

expert integrated systems

Immediate access to a managed platform

Enterprise

Hosted private cloud

17

18

Cloud Computing: Client Case Studies

Technical University of Munich Cloud Platform, Orchestration & Monitoring

• Reduced manual workload by about 40% and provisioning time for SAP systems from 3 days to less than ½ day.

• Replaced 150 servers with just four IBM systems, cutting 13 full racks to only four half-full racks.

• Reduced energy consumption by 80% for the SAP application landscape. Data storage reduction by 40%.

Aetna Cloud DevOps and Orchestration

• DevOps enables better, faster product development via self-service automation

• Anytime, anywhere access to healthcare services for clients using mobile & cloud

• Removed siloes by creating single role of cloud engineer that spans domains.

18

19

IBM provides an open, and holistic approach to managing the delivery of products & service across smarter infrastructures….

20

Enterprise Mobility: Why take an integrated approach?

Speed time to deployment of enterprise mobile apps and updates, while improving quality

Improve WiFi network management for greater reliability, employee productivity, and minimize business interruptions

Enhance end-to-end security to help prevent loss of intellectual property and regulated data

Less total infrastructure for lower hardware, admin costs

Reduce help desk calls, device replacement costs

20

21

Enterprise Mobility: Manage and secure all your devices

Endpoint Management

SystemsManagement

Security Management

Common agent

Unified console

Single management

server

Managed = Secure

Desktops, Laptops, & Servers

Smartphones & Tablets

Purpose-specific Endpoints

Implement BYOD withconfidence

Secure sensitive data, regardless of device

Handle multi-platform complexities with ease

21

22

Enterprise Mobility: The Industry’s Most Comprehensive Mobile Portfolio

The Broadest Portfolio of Mobile Solutions

The Deepest Set of Services Expertise

New Industry Partnerships and Resources for Developers

22

23

23

Enterprise Mobility: Client Case Studies

CenterBeamUnified Mobile, Desktop, and Server Management

• Can now support PCs, Macs, servers, and virtually every flavor of mobile device, increasing compliance over 20% to 98%

• Now manage 20,000 endpoints across 49 countries and six continents, a 10x increase, with just one engineer

• Mitigating client risk with strengthened endpoint security

North American Public UtilityMobile device and Endpoint Management

• Support 20,000 mobile devices - corporate and employee owned - with mixed platform and OS versions

• Add mobile devices in just days, while adhering to internal security policies and external regulations.

• Solution is scalable to 250,000 endpoints without adding infrastructure

24

IBM provides an open, and holistic approach to managing the delivery of products & service across smarter infrastructures….

25

Smarter Physical Infrastructure: Instrumented, Interconnected, Intelligent

A comprehensive set of integrated enterprise capabilities that help organizations to keep plants, facilities, data centers, or cities operating effectively.

• Dashboard views of service health• Predictive analytics & reporting• Mobile workforce support• Asset, work and inventory management

• Complex & embedded systems

• IT & Enterprise assets

• Facilities & real estate• Event filtering and correlation• Process & workflow automation,

and rules management• Enterprise content management

Process Automation

Facilities andReal Estate

EnterpriseAssets

Complex and Embedded Systems

Analytics Mobility

25

26

26

Facilities & Real Estate

Transportation & Fleet

Linear Assets

Plant & Production

IT & Network Equipment

Smarter Physical Infrastructure: End-to-end asset management

26

27

27

Smarter Physical Infrastructure: Client Case Studies

Halifax International Airport Authority Preventative Asset Monitoring, Management & Reporting

• Corrective maintenance on assets reduced from 80 percent to only 10 percent

• Number of work orders the service department can handle increased from 450 to 1,000, a 55 percent increase

• Airport is better prepared for weather events and track costs more effectively; Improved regulatory reporting.

Akita CityPredictive Facilities & Energy Management

• Real-time sensors, & 3D color-coded views allow city to predict energy use, and immediately reduce consumption to meet targets.

• Expected 6 percent reduction in energy consumption through better visibility and control over city facilities’ energy usage

• Improve preventive maintenance, and compliance with Revised Energy Saving Law.

INSERT

LOGO

28

IBM provides an open, and holistic approach to managing the delivery of products & service across smarter infrastructures….

29

Security Intelligence,Analytics and GRC

Ap

plic

atio

ns

Peo

ple

Dat

a

Infr

astr

uct

ure

Mobile Security

Cloud Security

Security Intelligence with

Big Data

Security Intelligence: Across big data, mobile & cloud

33

Security Intelligence: Client Case Studies

BlueCross BlueShield of North CarolinaSecuring Big Data

• Directly supports HIPAA compliance by controlling access to client member data

• Saves 5,000 hours of staff time by removing manual steps and automating security processes

Flemish GovernmentSecuring Digital services

• Authentication flexibility ensures compatibility with future access requirements including cloud and mobile services

• Significantly reduces the time and cost to introduce new applications across100 government sites

• Provides six million citizens with seamless access to all Authorities’ services with context-aware digital identities

INSERT

LOGO

33

34

OSL C Specs Linked Data

AUTOMATIONVISIBILITYCONTROL

Reporting

RegistrySecurity

Dashboarding

Administration

Open Interoperability

Services

Only IBM provides a holistic approach that enables Visibility, Control & Automation across smarter infrastructures…

unnecessary risk and cost

outcomes from limited investments

with agility to changing landscapes

ReduceAchieveReact

34

© 2013 IBM Corporation

Bring Your Own Disaster -The Security Risk and Challenges of BYOD (From a hacker’s perspective)Martin Overton, Ethical Hacker, IBM Security ServicesLead and Senior Security Consultant, Cyber Security Intelligence and Response Team

May 28th 2013Lokomotivværkstedet Copenhagen

36

Agenda

What is BYOD?GrowthThreatscapeIssues and ProblemsSolutionsConslusions

37

What is BYOD an Why Should You Care?

“BYOD is a phrase that has become widely adopted to refer to employees who bring their own computing devices – such as smartphones, laptops and PDAs – to the workplace for use and connectivity on the corporate network.” - Source: http://www.webopedia.com/TERM/B/BYOD.html

Source: Intel (1. Gartner, 2. ReadWrite.com Survey)

38

2,641,350The Average Company Faces Per Week

Security Attacks1. Health & Social Services2. Transportation3. Hospitality4. Finance & Insurance5. Manufacturing6. Real Estate7. Mining, Oil & Gas

Top 7 Most ATTACKED Industries

62Security IncidentsThe Average Company Experiences Per Week

1. End user didn’t think before clicking2. Weak password / default password in use3. Insecure configuration4. Use of legacy hardware or software5. Lack of basic network security protection or segmentation

Top 5 reasons WHY attacks were possible

Did you know...

Malicious Code

Sustained Probe or Scan

Unauthorized Access

Low-and-Slow Attack

Access/Credentials Abuse

Denial of Service

What IBM SeesCategories of Attack

39

Number of vulnerabilities increase radically with emergence of new business models and technologies.

Mobility

Employees, customers, contractors, outsourcers

Bring your own IT

Social business

Cloud and virtualization

1 trillion connected objects (cars,

appliances, cameras)

30 billion RFID1 tags (products,

passports, buildings and

animals)

1 billion workers will be remote or

mobile

1 billion mobile Internet users

30 percent growth of 3G devices33 percent of all new business

software spending will be Software as a Service

Source: IBM X-Force® Trend Report, 2011

Exponentially growing and interconnecteddigital universe

Adopting new business models and embracing new technologies

40

To stay ahead focus on disrupting the attackers capability, timeline and impact

Security Risk Management is the application of control to detect and block the threat, to detect and fix a vulnerability, or to respond to incidents (impacts) when all else fails.

Threat

Can exploit

Vulnerability Impact

(Weakness)(Actor) (Loss)

And cause

Security risk exists when …

“The more the environment changes, the more the opportunities exist for risk.”

41

In IBM’s recent 2012 Chief Information Security Officer Study, security leaders shared their views on how the landscape is changing.

Source: IBM 2012 CISO Assessment http://www.ibm.com/smarterplanet/us/en/business_resilience_management/article/security_essentials.html

Nearly two-thirds say senior executives are paying

more attention to security issues.

Two-thirds expect

to spend more on security over the next two years.

External threats

are rated as a bigger challenge than internal threats, new technology or compliance.

More than one-half say

mobile security is their greatest near-

term technology concern.

42

Motivation and Sophistication is Evolving Rapidly

Attackers have more resources

Off-the-shelf tools are available for sale

They will keep trying until they get in

43

The new security landscape - Sophisticated attackers are a primary concern

Threat Profile TypeShare

of IncidentsAttack Type

Advanced threat / mercenary

National governments

Terrorist cellsCrime Cartels

23%

Espionage Intellectual property theft Systems disruption Financial Crime

Malicious Insiders

EmployeesContractorsOutsourcers

15%

Financial Crime Intellectual Property Theft Unauthorized Access/

Hacktivist Social Activists 7%

Systems disruption Web defacement Information Disclosure

OpportunistWorm and virus writers

“Script Kiddies”49%

Malware propagation Unauthorized Access Web defacement

Po

ten

tia

l Im

pa

ct

Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure Protection Cybersecurity, GAO-05-434; IBM CyberSecurity Intelligence & Response Team, Sep 2012

44

Threat Convergence Replacing Threat Evolution

Threat Evolution:– A flat world has brought about

an unprecedented amount of

criminals and cons

– Attackers keep ROI in mind

as well, and constantly evolve

their wares in order to re-

purpose it for the next flood of

attacks

– High profile vulnerabilities will

still be the vehicles for new

attacks, however, the low and

slow attack vectors cannot be

ignored

– The economics of exploitation

must be taken into

consideration to better

prioritize risk

45

Adversary compromises endpoint used by a systems administrator with undetectable malware.

– The malware has two components: 1) A keystroke logger to capture credentials 2) Command and control capability

Here is the anatomy of a targeted attack. With credentials and command and control

malware, adversary impersonates the Sys Admin to gain privileged access to systems and data.

Data is stolen, and production systems are further compromised.

1Advanced persistent threat (APT)

People

Endpoints

Applications

Infrastructure

Data

Privileged user

Employees

Contractors

Consultants

Suppliers

Customers

Web applications Mobile apps

Unstructured At rest In motionStructured

Customer environment

System applications

APT1 and hacker, or activist

46Source: Intel

47

BYOD Problems

Organisation Level Issues:– Un-trusted devices on your network.– No idea if the device has been hacked or infected.– Who owns the data? The device owner or you?– How can you stop an (ex-)employee leaving with your intellectual property or

customer data?– What happens when a security breach occurs?– Are you going to insist on Whole Disk Encryption?– Patches, security software, so many different vendors, Operating Systems and

versions to contend with… Personal Issues (Device Owner):

– Your device may get seized (confiscated) as part of an investigation.– Privacy issues; your personal data on your personal device may be reviewed.– What happens when the device fails or gets stolen? Who’s responsible for fixing or

replacing it?

48

IBM is well qualified to secure the enterprise.

Major employee sites

Customer fulfillmentManufacturing

Employee Service Centers

IBM Research CentersIBM Internal Data Centers

2,000-plus major sites 170-plus countries

400,000-plus employees About 200,000-plus

contractors

One of the largest and most complex internal IT infrastructures in the world 800,000-plus traditional endpoints About 50 percent of employees are

mobile

49

Suggestions and Solutions

Ensure that security best practices are followed Use Whole-Disk-Encryption to protect data Ensure staff understand their responsibilities and the risks of BYOD Enforce security controls as well as patching Enforce the use of strong passwords/passphrases Educate staff about social engineering (phishing, scams, etc.) Partner with a vendor that can ensure end to end security of your

infrastructure as a whole, not just BYOD Use the IBM 10 point guide (next slide) to assist you Remember that security is, and always will be, a journey and not a

destination…..Their is NO silver bullet and no 100% security

50

Manage incidents with intelligence2

IBM uses a ten essential practice approach to better manage IT Risk and protect client reputations

Risk-aware culture and management1

Defend mobile and social space3

Security-rich services, by design4

Automatic security “hygiene”5

Control network access 6

Address cloud and complexity 7Manage third-party compliance 8

Secure data, protect privacy 9

Manage the identity lifecycle 10

Maturity-based approach

Proactive

Au

tom

ate

dM

an

ua l

Reactive

ProficientBasic

Optimized

Securityintelligence

Learn more about IBM’s Ten Security Essential Practicesibm.com/smarter/cai/security 

51

Expertise: Unmatched global coverage and security awareness

20,000+ devices under contract 4,000+ MSS clients worldwide 13B+ events managed per day 3,000+ security patents 133 monitored countries (MSS)

World Wide Managed Security Services Coverage

Security Operations Centers

Security Research Centers

Security Solution Development Centers

Institute for Advanced Security Branches

IBM Research

52

Conclusions…

BYOD is a double-edged sword…– Brings great cost savings and power to organisations– However, this quote covers the issues well “With great power comes great

responsibility”*– That responsibility is shared between the device owner and the organisation; both

have to have security in mind at all times…– Failure to do so will lead to loss of confidential data or intellectual property (or

both) BYOD is a real game changer…

– The owner of the device is more likely to treat is with more care if it is their own…– The cost savings could be immense, just on the hardware side alone

BYOD is here and it isn’t going away…– So deal with it, don’t dismiss it as a passing fad…– Secure all devices, stop unsecured devices from accessing your network until

they are secured and match your security policy and standards…

* Who is this quote attributed to?

© 2013 IBM Corporation

Introduction to the IBM and Business Partner exhibitionPeter EllegaardCountry Manager Cloud & Smart Infrastructure Denmark (Tivoli)

May 28th 2013Lokomotivværkstedet Copenhagen

54

The virtual space division

Main session – Keynote

Exhibition area – Lunch - Refreshments

55

Exhibition area

56

Exhibition area

57

Exhibition area

58

May 28th 2013Lokomotivværkstedet Copenhagen

59

Smarter Physical Infrastructure

Bus

ines

s P

artn

ers

& I

BM

Exh

ibiti

on S

tand

s

60

Storage Management

Bus

ines

s P

artn

ers

& I

BM

Exh

ibiti

on S

tand

s

61

IT Optimization and Service Management

Bus

ines

s P

artn

ers

& I

BM

Exh

ibiti

on S

tand

s

62

Mobility in the Enterprise

Bus

ines

s P

artn

ers

& I

BM

Exh

ibiti

on S

tand

s

63

Security

Bus

ines

s P

artn

ers

& I

BM

Exh

ibiti

on S

tand

s

64

Planed events – go to registration

Smarter Business 2013 Denmark• Join the largest IBM event this year• Mark your calendar Oct 8th - Bella Center Copenhagen• SW business solutions from IBM and Business Partners• Keynote: Bruce Dickinson, Lead singer in Iron Maiden

Entrepreneur, Author and inspiring speaker

C&SI (Tivoli) Austin & Silicon Valley Study tour• Visit IBM Briefing centers in Austin TX & San Jose CA• IT Managers and IT decision makers• Mark your calendar Nov 5th - 10th • Service Management, Storage Management and Mobility - SW solutions• Pure Systems and Storage - HW Solutions• Hotel and flight expected to be DKK 15.000

65

User Group meetings at Pulse Comes to You

Check the agenda for tomorrow

Tivoli User Group meeting Host: Hans Peder Thomsen

European IBM Security User Group meeting Host: Sven-Erik Vestergaard

Maximo & SmartCloud Control Desk User Group meeting Host: Jens Cajus Petersen

TSM User Group meeting Host: Marianne Husted Larsen

User Groups – May 29th

66

Evaluation

Special Danish Licorice by Johan Bülow for filling the evaluation form

Networking by scanning CR code

NameCompanyTitlePhone numbere-mail

67

The virtual space division

Exhibition area – Lunch - refreshmentsExhibition area – Lunch - Refreshments

1:1 Meetings Dinner tonight

68

Agenda today

69

May 28th 2013Lokomotivværkstedet Copenhagen