© PAC 2015

Open Source at the core of Cyber Security innovation

Mathieu Poujol Principal Consultant PAC – a CXP Group Company

September, 2016

© PAC

Why are we speaking a lot about Cyber Security those days?

2015 2

With is very day more value and criticality in the IT systems

PAC Horizons - Paris Edition - 21 Janvier 2016

The Digital Transformation

Big Data Co-innovation Collaboration Cloud As a service model

For business systems that are more and more open

…

© PAC

Cyber security is a critical catalyst of the digital transformation

3 2016

“People ask me all the time, 'What keeps you up at night?' And I say, 'Spicy Mexican food, weapons of mass destruction, and cyber attacks.’

Dutch Ruppersberger US House of Representatives

67% of European firms have Had a cyber breach in the last year, 100% reported a breach at some time in the past

V.High High Med

23%

Low

Breach severity

9%

35% 34%

WHY?

It’s serious It will happen

© PAC

17%

17%

21%

22%

40%

31%

32%

26%

29%

28%

31%

32%

26%

27%

16%

16%

15%

20%

16%

11%

6%

4%

6%

5%

4%

0% 20% 40% 60% 80% 100%

Internet of Things (IoT) / machine to machine (M2M)

Digital workplace / UCC

Cloud computing

Analytics (big data & BI)

IT / cyber security

How do you rate the topics on your IT agenda?

Very important Important Partly important Less important Not important

© P

AC

- a

CX

P G

roup

Com

pany

, 201

5

Shares in percentage of all companies surveyed, n = 2927

So it is at the top of the IT agenda

PAC Horizons - Paris Edition - 21 Janvier 2016 4 2015

Survey realised by PAC in 2016 with 150 Cyber Security decision makers

© PAC

Cyber security in the digital age: from the fortress to the airport

PAC Horizons – London Edition – 13 April 2016 5 2016

•  Perimeter-based security •  Minimal and controlled end points •  Non flux / ecosystem based

businesses •  Segmented approach •  Company based

•  Security in depth, multi-layered •  Protection of critical data /processes •  Adaptable to digital demands, IoT,

transformation etc. •  Holistic approach •  Collaborative approach

Ø  It is too complex, too much human interactions, too much attacks… Ø  “Traditional” approaches are too limited Why?

© PAC

How? Cyber Security’s paradigm shift

A big change in the market •  Technology shift, that will soon be mandatory •  Lower entry barriers & gives access to more powerful capacities to more

enterprises

It redefines competition

Behavioural & Contextual Analysis Machine learning Human enhancement

Artificial Intelligence Big Data

2015 PAC Horizons - Paris Edition - 21 Janvier 2016 6

© PAC

And don’t forget complexity

2015 PAC Horizons - Paris Edition - 21 Janvier 2016 7

Visibility Complexity

•  Your security level is equal to the security level of the weakest link

•  More links, more vulnerabilities

Holistic

•  You cannot protect what you don’t know and don’t manage

•  Cyber Security is a complete system, inside other systems

© PAC

A market that is at the same time mature and emerging •  The lack of competencies promotes automat ion,

industrialisation and optimisation •  An IT service intensive market, now and in the future as the

growth of the IT services remain higher

•  A strongly segmented market, with large dynamism differences between the segments:

•  Security Governance •  Data & Application Security •  ID & Access Management •  Infrastructures Security

Market characteristics

2015 PAC Horizons - Paris Edition - 21 Janvier 2016 8

© PAC

•  A specialist market •  A technology centric market, with companies that remain strongly technology oriented •  Many small local services and software providers •  Still well linked with reseller activities especially in the least advanced countries •  Many different players •  Governments have a strong influence

•  New players •  Consulting companies •  Start-ups betting on new technologies •  Defence, homeland security, electronics… •  Middleware generalist •  Data specialist

•  Consolidating market

•  Fragmented and siloed technologies and services •  Merger & Acquisitions

•  An innovative market •  That’s where open source and open innovation jump in

2015 PAC Horizons - Paris Edition - 21 Janvier 2016 9

As the result, an atypical market

© PAC

•  First, the Digital is quite fuelled by the OSS •  Social, Mobile, Analytics, Cloud, so does Cyber Security, often the second S at the

end of SMACS

•  Collaboration in Cyber Security is mandatory. The OSS is collaborative by design •  Project CHESS from the French IRT SystemX: more innovation with open innovation •  Cyber Security collaboration between intelligence agencies, universities, research

centres, companies, etc…

•  The new security paradigm is full of OSS •  Cloud/Big Data & Artificial Intelligence

•  Cyber Security is critical •  Control over the code is important for certain companies and for sovereignty issues •  The SIEM Prelude used by the French Army •  Code review

•  Cyber Security is also a mature market dominated by non European companies. •  The OSS permits the development of cyber security solutions based on an open

platform •  It lowers the entry barriers on a mature market

2015 10

The OSS and Cyber Security (1)

© PAC

•  The “open” part of the OSS could be a problem for certain usages

•  Pure OSS approaches tend to be not well adapted to certain business needs

•  Founding the development of marketable solutions remain problematic

2015 11

But it’s not the panacea (there is no panacea in IT…)

•  As for many new concept the solution is often around hybrid models that are able to take the best of the two worlds:

•  R&D and platform approach with the OSS •  Specific, stabilized and marketable solutions with the commercial

software model

© PAC

•  To resume what is this platform behind the crypto currencies that will not have existed without the OSS:

•  Totally based on the OSS platforms, •  A prime example of all its advantages for

Cyber Security •  A disruptive innovation that changes part of

Cyber Security approaches (like IAM), but also impact some businesses

2015 12

An example to summarize all of this: BlockChain

•  But it also has some limitations: •  Its openness make it unsuitable for some critical workloads •  The development of chains seems entropic •  Governance

•  Again the solution comes from hybrid approaches such as Hyperledger

•  A private permission based Blockchain •  Hosted by the Linux Foundation and supported by large

global corporations and many start-ups

•  Open Innovation in Cyber Security with the OSS

© PAC

PAC Horizons - Paris Edition - 21 Janvier 2016 13

MATHIEU POUJOL PRINCIPAL CONSULTANT M.POUJOL@PAC-ONLINE.COM +33 (0)6 85 42 77 56 84 +49 (0)171 222 37 72

PAC – Groupe CXP 8 avenue des Ternes 75017 Paris www.pac-online.com www.cxpgroup.com

Let’s stay in touch! www.pac-online.com/cybersecurity

2015