SlideShare uma empresa Scribd logo
Security
20/20
Chapter 1
Preparing today for tomorrow’s threats
I.1 Outlook
I.2 Threats
I.3 Innovation
I.4 Risk management
I.5 Regulation
I.6 Strategies
I.7 References
Outlook
I.1 Outlook
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
Page 3
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system1
.
Page 4
I.1 Outlook
Security now, by necessity, must protect all aspects of the enterprise, from
the data center to the desktop and beyond the network edge. Seemingly
commonplace, yet still nascent, innovations such as cloud services and the
bring-your-own-device (BYOD) trend have only accelerated the need for
relevant security at all points in the information lifecycle.
“The Internet of Things is going to allow us to be more connected and very
productive,” says Art Gilliland, senior vice president, Software Enterprise
Security Products, HP. “But it also creates more areas for adversaries to
compromise the environment. Any device can be the attack point or the thing
that is attacking.” Over the next decade, this reality is going to challenge our
IT environments, our consumer lifestyles and the security industry at large.
“We have very intelligent, highly motivated antagonists who are determined
to cause disruption. We don’t think that’s ever going to go away,” says Rebecca
Lawson, director, Worldwide Enterprise Solutions Marketing, HP.
Enterprises need to adopt a different approach to security. The game is no
longer about locking down the network and blocking every threat. To compete
against adversaries who are increasingly sophisticated and well-funded —
and in many cases, unknown — companies have to manage the risk that is
inherent in doing business in a connected world.
Page 5
“Any device can be the attack point or the thing that is attacking,” Gilliland says.
In 2020, companies and individuals alike will need to approach security
from a holistic mindset as threats to corporate, government and personal
information increase. Security professionals will find themselves answering
to CEOs and corporate boards as their policies, processes and vulnerabilities
become companywide priorities.
In order to reduce technical debt downstream and decrease unplanned
downtime, intrusions and business disruption, enterprises will need to
embrace a three-step approach to security:
1.	 Build it in.
2.	 Make it intelligent.
3.	 Protect what matters.
“People do not have a good handle on today’s threats. Pretty much every
corporation is suffering breaches, and when they are even aware of what is
happening, they are unwilling to talk about it,” says Martin Sadler, director,
Cloud and Security, HP Labs. “We do not have today’s threats under control,
and we are going to have to work hard to keep it from getting worse.”
Our goal in this chapter is to shed some light on the most likely threats
enterprises will face in 2020 and what they can do now to protect their
information and networks while enabling agility and privacy. The threats are
very real, and they are very damaging. But enterprises can look at them as
catalysts for positive change.
I.1 Outlook Page 6
“We do not have today’s threats
under control, and we are going
to have to work hard to keep it
from getting worse.”
Martin Sadler, director, Cloud and Security, HP Labs
twitter: @hplabs
“Every corporation is suffering
breaches, and they are
unwilling to talk about it.”
I.1 Outlook Page 7
Martin Sadler, director, Cloud and Security, HP Labs
2005 2006 2007 2009 2010 2011 2012
Driver’s license and credit and debit card
numbers of more than 100 million of retailer
TJX Companies’ customers
26.5 million
veterans’
private records
by the U.S.
Department of
Veteran’s
Affairs
Personal data from as
many as 101.6 million
user accounts by Sony
Personal data of 35 milllion
users of The Valve Corp.’s
Steam gaming cloud service
130 million credit and
debit card numbers from
card-processing company
Heartland Payment Systems
40 million
credit card
numbers from
payment
processor
CardSystems
Financial
information of 8.5
million customers
of Fidelity
National
Information
Services
12.5 million unencrypted customer records by the
Bank of New York
Financial informa-
tion of more than
17 million
Countrywide
Financial Corp.
customers
Detailed records of
more than 76 million
veterans by the U.S.
Military
Source: Privacy Rights Clearinghouse Chronology of Data Breaches, www. privacyrights.org
2008
Top 10 data losses from U.S. security breaches, 2005-2012
The majority of major security breaches resulted from unencrypted data or missing hardware.
OutlookI.1 Page 8
Page 9I.1 Outlook
Discussion hub
Doyoubelieveenterprisesaregetting
smarter about enterprise security?
Join the conversation
Share your thoughts and help pave the path.
“Biometrics is flawed. Identity as
implemented in enterprise applications
doesn’t necessarily align with how identity
works in the real world.”
— James McGovern
“Identity theft will become much harder to pull off
convincingly in this age of connectedness; as soon
as someone starts misusing your identity you’re
bound to be notified some way or another.”
— Horia Slusanschi
Threats
Page 11I.2
Combine global technology trends with the emergence of organized cybercrime,
add the universal mandate for businesses to make money, and you have an
unwinnable game for the enterprise.
Here are some emerging trends and top concerns:
Connected societies:
Technology is having a greater influence on society, as seen by the Arab Spring
of 2011. And many anticipate that an additional 1 billion people will be online by
2020, with a significant percentage of them from developing countries. “At some
point in the near future we will end up with more people having access to the
Internet than access to clean water,” Sadler notes. “If you equip people to be a
part of this global communications infrastructure when their other needs are not
being met, they will turn to the Internet to get access to what they need.”
As a result, kinetic warfare or cyberterrorism has the potential to be an
effective means for emerging countries to challenge the developed world on
an increasingly level technology playing field. “It is important to think beyond
software and system vulnerabilities and understand the wider backdrop that is
likely to shape online activity,” Sadler says.
Medical device as vulnerability:
Physical security is coming under scrutiny as an increasing number of implanted
electronic devices such as insulin pumps and pacemakers are being exposed
as vulnerable to hacking. Routinely monitored and interconnected with other
devices over wireless networks, they are raising red flags in the security and
medical communities as the newest vulnerability due to a lack of regulation
and industry oversight. Imagine being held for ransom by someone you never
see, who forces you to drain your bank account in exchange for keeping your
pacemaker running. A vulnerability was recently reported that could make just
this type of scenario a reality2
.
The increase in machine-to-machine interactions:
As cities adopt smart grid technologies and buildings become more “intelligent,”
breaches in security of these interconnected systems will have a cascading
effect. Network grids that control traffic lights, railroad crossings and toll
bridges, for instance, could become prime targets for terrorists or hackers
looking to extort money from governments or individuals.
Our desire to be mobile:
Mobile devices, from smartphones and tablets to laptops and ultrabooks, have
become primary sources of communication and information. As a result,
Threats
I.2 Threats
web-based applications are proliferating. But how many of them are secure?
“Web applications are becoming the preferred method of attacks because
they often have vulnerabilities that can be exploited,” Lawson says. “Everyone
wants to have a cool web app but they don’t know the potential risks and
liabilities based on how that app interacts with other apps. These days,
security is still, too often, an afterthought”.
The increase of cloud services:
As companies move more of their infrastructure and their data to the cloud,
adversaries will be able to take advantage of the trend. “In theory, the
cloud services model strengthens security because data will be handled by
companies with whole teams that think about nothing but security. But we’re
not there yet,” says Joseph Menn, author of Fatal System Error: The Hunt for
the New Crime Lords Who are Bringing Down the Internet and an investigative
reporter with Reuters specializing in cyber security.
The growing importance of Big Data:
For large organizations, keeping up with both the volume and the velocity of
information is a huge undertaking. Attackers can exploit immense, distributed
Big Data systems, which often have limited security controls, and gain access
to tremendous amounts of information at once.
Page 13
Exploiting the weakest link
The majority of corporate security spending traditionally has been focused on
infrastructure security. However, threats exploit the weakest areas, and for
many organizations that weakest area has become the application layer.
“For several decades people have been paying attention to network
infrastructure security but not application security,” says John Diamant,
secure product development strategist and distinguished technologist, HP.
“It’s a house-of-cards situation: Because security is a weakest-link problem
and applications are filled with vulnerabilities, a company can have plenty of
network-based security but still be exposed.”
What’s more, a disparity exists between the amount of money spent on
application security compared to infrastructure and network security, with
only 10 percent of the average enterprise security budget spent on application
security. However, Diamant notes, more than 70 percent of successful attacks
were carried out at the application level3
. “Application security is one threat
that is seriously under-represented. And it’s one that’s not being well enough
addressed,” he says. The lack of spending on securing applications and code
is creating a mountain of technical debt for which network and infrastructure
security alone cannot compensate.
What do think will be the biggest threats to enterprise
security in 2020?
Art Gilliland, senior vice president, Software Enterprise Security Products, HP
Listen Now
I.2 Threats
“Application security is one threat that is seriously underrepresented,” Diamant points out.
The power of nation-states
The motivations behind cyberattacks also have changed. Hackers are getting
paid handsomely for zero-day exploits, as nation-states and organized-crime
rings fund an emerging cybercriminal market. “There’s an active adversary out
there, trying to get around defenses and out-innovate the security controls you
put in place,” Gilliland says. “The wealth of an entire marketplace is funding an
attack against a single entity.”
Meanwhile, the amount of time between when sophisticated attacks using
cutting-edge technology occur and when corporations see that technology
materialize on their own networks is shrinking. What starts off as a bespoke
attack rapidly becomes industrialized because it can be replicated to be used
against any number of available targets.
“The bad guys are using more sophisticated technology and even developing
their own supply chains,” Sadler notes. “If you want to know who the users of
leading-edge technology are, it’s the people attacking our organizations.”
Page 15I.2 Threats
“Security is a weakest-link problem and
applications are filled with vulnerabilities,
so a company can have plenty of network-
based security but still be exposed.”
John Diamant, secure product development strategist and distinguished technologist, HP
Page 16I.2 Threats
1 Privacy Rights Clearinghouse Chronology of Data Breaches, www. privacyrights.org
2 Ponemon Institute, 2012 Cost of Cyber Crime Study, sponsored by HP Enterprise Security
3 Ponemon Institute, 2012 Cost of Cyber Crime Study, sponsored by HP Enterprise Security
4 Verizon RISK Team, 2012 Data Breach Investigations Report
5 Gartner, Forecast Overview: Security Infrastructure, Worldwide, 2010-2016, 2Q12 Update, August 2012
The rising incidence of data breaches
Both the cost and the frequency of security events are increasing.
Only 765 of 356 million
data breaches between
2005 and 2012 were
made public1
Cybercrime in 2012 was
estimated to cost an average
$8.9 million per organization2
The number of successful
cyberattacks per week more than
doubled from 2011 to 20123
Worldwide security spending should
reach $60 billion in 2012, up 8.4
percent from $55 billion in 2011.
Gartner expects this trajectory to
continue, reaching $86 billion in 20165
Cost
Time
Hacking was a factor
in 81 percent of data
breaches and in 99
percent of data loss4
Sources:
Page 17I.2 Threats
Discussion hub
What threats do you believe will shape
the security landscape in 2020?
Join the conversation
Share your thoughts and help pave the path.
“Security threats follow value. Will there
be anything significantly more valuable in
2020 that we don’t already value today?”
— Horia Slușanschi
“Malicious QRcodes: The ability to place a sticker
over a legitimate code with one that takes you to a
malware site is cropping up more and more. This is
an example of convenience overwhelming security.”
— Charles Bess
Innovation: Holding
threats at bay
I.3
To compete against threats, enterprises must look beyond the all-but-
vanished “network perimeter” and focus on securing applications and
data while understanding identity and access for users as they move from
corporate to hostile networks at will. As threats become more ubiquitous,
organized and directed, companies must remain constantly vigilant.
“We have to build better technologies to authenticate and understand who
users are, what users should have access to or not and what data matters
or doesn’t matter — and put controls directly on the information,” Gilliland
explains. “There are components of that technology that exist today, but
it has to become more sophisticated and more accurate.”
Smart systems
To stay ahead of the bad guys, companies will need to rely more on “smart
systems” (discussed in the Introduction to Enterprise 20/20), which should be
able to recognize anomalies in a workflow and emit an alert before proceeding
with the new request.
Innovation
I.3 Innovation
“By the time people are involved in defending against an attack, it’s too late,”
Sadler says. “We want systems that protect themselves — to have multiple
layers of defense in much the same way the human body defends itself, and to
act autonomously.”
Along with smart systems, current technologies such as virtualization are
helping mitigate some of the opportunities for attack by removing the ability
for direct communication with critical systems. By using a higher level of
abstraction in the way we configure our storage, networking and processing,
we can better guarantee that security is being enforced and preventing
potential attacks.
Application lifecycle and security
Many of the issues surrounding application security can be significantly
reduced if developers take a lifecycle approach to security and develop the
application with the benefit of protecting it from cradle to grave. The idea is
based on the concept of Total Quality Management (TQM), which W. Edwards
Deming introduced in the 1950s. In the United States, TQM made its way into
manufacturing in the 1970s and into IT software quality assurance in the
1980s, a time when software security was far from an issue.
Page 21
Today, however, companies are recognizing the need to architect and build
security into applications from the start, which is no trivial task. “It has taken
us a long time to learn the lessons from Deming,” Diamant says.
“By the time people are involved
in defending against an attack,
it’s too late.”
Martin Sadler, director, Cloud and Security, HP Labs
twitter: @hplabs
I.3 Innovation Page 22
Source: HP Comprehensive Applications Threat Analysis (CATA), September 2012
Extending security assurance to meet today’s realities
Organizations cannot afford to be reactive in the current threat-filled environment
In post-release
phase
Patching
In testing
phase
Integration and
penetration testing
In development
phase
Code reviews
In requirements
phase
Architecture
and design
Returnoninvestment
Historical evolution in security assurance maturity
ProactiveReactive
Page 23Innovation
Discussion hub
How can organizations like those in healthcare
turn the tides against security breaches?
Join the conversation
Share your thoughts and help pave the path.
“Security protocols will adjust, seek out and
quarantine perceived threats before the
system is compromised.”
— Albert Vargas
“A triage approach could focus the scarce
resources of security teams on areas that
need attention.”
— Charles Bess
I.3
Risk management
I.4 Risk management
Most enterprises walk a fine line between agility and security. The simplistic
view is that a company can have either one or the other. However, the two are
not mutually exclusive. Gilliland explains that migrating to a security approach
that protects users and their information instead of the infrastructure and its
devices can help enterprises be more agile.
“If you try to control only the infrastructure, it stops you from adopting new
platforms and from moving and sharing information more freely. Once you
can protect the data, you can actually be more flexible,” says Gilliland.
To achieve the right balance, companies must make security part of the
foundation of every technical design process — and understand the business
risks they are taking when they make security decisions.
Technologies that focus on mitigating attacks can help an enterprise reduce
vulnerability. Solutions that use threat research and correlation of security
events and vulnerabilities with contextual data to deliver security intelligence
across IT operations, infrastructure and applications will be even more critical
as hackers look for new ways to make their attacks more targeted and more
destructive. Enterprises need visibility across the entire organization in order
to see where there may be threats.
In the shorter term, Larry Ponemon, chairman and founder of security research
think tank Ponemon Institute, believes a new generation of tools will alleviate
many of the problems caused by simple human laziness. “We get lazy and
don’t change passwords, and as a result tools are ineffective,” he notes.
“I think we will see more solutions that make security invisible to the user and
under-the-system-level technologies. Call it ‘security with convenience’.”
Above all, executives need to adopt a risk-management mindset to security
policy. “You may have stopped the adversary 5,000 times, but that one breach
creates a perception of negligence,” Gilliland warns. He urges enterprises to
create the infrastructure, toolsets, processes and controls to minimize damage
when the inevitable breach occurs.
Page 25
What role will nation-states play in the evolving
threat landscape?
Art Gilliland, senior vice president, Software Enterprise Security Products, HP
Listen Now
Page 26I.4
Art Gilliland, senior vice president, Software Enterprise Security Products, HP
“You may have stopped the adversary
5,000 times, but that one breach
creates a perception of negligence.”
Risk management
I.4 Risk management Page 27
Source: HP Comprehensive Applications Threat Analysis (CATA), September 2012
End-to-end security is key
to stemming breaches
Because targets are so widespread, companies
must secure the entire organization
Before
Data center
security
Endpoint security
Network security
Application
security
Mobile security
Page 28I.4 Risk management
Discussion hub
By 2020, will government entities play a
larger role in protecting citizens online?
Join the conversation
Share your thoughts and help pave the path.
“The real issue is how much privacy individuals
are willing to give up in order to have more
security and how much trust they have in the
government to behave benevolently.”
— Kevin Light
“The economies of global corporate entities in
many cases will be greater than the GDP of
many countries, and it is this citizenship that
will be earmarked for protection.”
— Manjit
Regulation
I.5
In the last decade, after a number of high-profile network breaches, state and
federal authorities in the United States have enacted stringent legislation to
protect user data, such as the payment-card industry’s Data Security Standard,
healthcare’s Health Insurance Portability and Accountability Act (HIPAA) and
financial services’ Gramm-Leach-Bliley Act. Government requirements and
frameworks have raised awareness of security issues, making it a punishable
offense to willingly — and, in some cases, even unwillingly — expose sensitive
personal information. Whether we will be more secure with these new laws in
place is a subject of much debate.
Some argue that government involvement is essential to protecting individual
entities against the military intelligence of nation-states, while others believe
self-regulation with properly aligned incentives will prove more effective. It’s
important to think about who pays for the cost of security today.
“The economic drivers make it challenging,” Diamant explains. “If the decision-
makers aren’t feeling the direct impact of a breach, companies don’t include
the optimal amount of security.”
Gilliland suggests governments have a role to play in protecting consumers,
but companies won’t win by providing the minimum level of security.
“Regulatory requirements set a bar above which everyone must be,” Gilliland
Regulation
Page 31I.5 Regulation
explains. “But you’re competing against an adversary that is looking for
weakness. So if you are aspiring to the low bar, you’re in trouble. We need
to create an ROI model that helps executives truly understand what it takes
to be secure.”
Information stewards
Sadler says research is taking the view that security is about stewardship.
“Our first role is to protect the Internet for everybody,” he says. “We will all be
looking after other people’s information. You expect me (as a company) to use
your information but not misuse that information. If we put homes online in
future smart cities, we will want the service providers to use the information
we’ve given them, but for the purposes we expect. The industry is going
through a period of feeling our way through what is acceptable use and
what is not.”
And when we come under attack, Sadler says, we need to share the nature of
that attack in real time with others around us, to better protect everyone. The
security operations center of 2020 will be federated with partners, suppliers,
customers and even competitors. It will not just be looking inwardly at what is
happening on the corporate network.
“It’s about stewardship — our first
role is to protect the Internet
for everybody.”
Martin Sadler, director, Cloud and Security, HP Labs
twitter: @hplabs
Page 32I.5 Regulation
United States United Kingdom Germany Russia IndonesiaItaly India TaiwanChinaBrazil
Source: Symantec, Internet Security Threat Report: 2011
Note: Categories of activity include malicious code, spam zombies, phishing hosts, bot-infected computers, network attack origins and Web-based attack origins.
Top 10 international sources of malicious activity
These countries hosted the most offending IP addresses in 2011.
Page 33I.5 Regulation
Discussion hub
What can be done to ensure government
has a say without stifling innovation?
Join the conversation
Share your thoughts and help pave the path.
“Although portrayed as scary in movies, global
monitoring could increase our feeling of
security if we can prevent misuse of that info.”
— Bastiaan van der Water
“Certain governments will also be the
attackers, claiming the intent to protect
us. Who will protect us from governments
going too far?”
— Patrick Demichel
Strategies
Innovation can be a tremendous driver in keeping networks and data secure.
But it will never be enough. To prepare now for the threats of tomorrow,
companies must take a holistic, grassroots approach to security. In order
to embrace the kind of transformation that is required to be resilient and
defensible in 2020, enterprises must start building security into their cultures.
“Companies must reach out to all their stakeholders and make them aware
that damage can happen anywhere in an organization. It needs be a cultural
norm around which employees are educated,” Lawson says. And having a
breach management plan is critical to dealing with the inevitable. “Companies
no longer get a black eye for a breach, they get a black eye for fumbling after
the breach,” she adds.
Who will be responsible for driving this kind of change? “The role of the chief
information security officer is more important than most people realize,” Menn
explains. “This is a battle of ecosystems, and it has to be taken seriously at the
highest levels.”
I.6 Strategies
Page 36
Technology a major driver
For many companies, the use of smart technologies already has begun, with
more organizations bringing integrated and context-aware systems into
their infrastructures to help protect their data. “Luckily, smart systems
implementation is not a Big Bang thing where you have to get everything in
place to make it work. It’s more a collection of separate pieces that help a lot,
and the more we have the better we will be,” Sadler says.
Ponemon has high hopes for security in 2020. “We will see more interoperability
across security technology than we have today,” he predicts. “Today there are
literally hundreds of categories of security devices and a lot of them overlap, so
it’s difficult for a company to know what it needs. The industry needs to come
up with fewer categories and more interoperability.”
Also, he believes more people will be educated about security, acquiring more
skill and a higher security intelligence, which alone may mitigate a good number
of security issues.
Menn explains that, in the short term, security companies are going back to the
drawing board and tying security down to the chip level. They also are
Page 37
supporting more business rules in their products, which will allow customers
to limit the functionality of an application so that certain features might have
to be turned on or off depending on the user’s circumstances.
Long-term, Menn believes we will need a new Internet for financial
transactions and sensitive information. “I don’t think TCP/IP can be made
secure. The Internet was something in beta that escaped from the lab. It was
never supposed to be used for banking and government secrets.”
By 2020, many hope the evolution of security technologies and safeguards
may finally outpace the threats they have been designed to protect against.
Others are frank and anticipate continuing difficulties stemming the swelling
tide of attacks. But all agree that the key is in starting today.
“I don’t think TCP/IP can be
made secure. The Internet was
something in beta that escaped
from the lab.”
Joseph Menn, author, investigative reporter with Reuters
Twitter: @josephmenn
I.6 Strategies
(Photo credit: Doug Piburn)
Page 38I.6 Strategies
Discussion hub
How will technology change the way
enterprises approach security in 2020?
Join the conversation
Share your thoughts and help pave the path.
“The rise of social media helps to link humans
into various digital ‘tribes.’ Such groups or
humans will become more resilient to various
forms of electronic attack.”
— Horia Slușanschis
“BYOD will be widely spread and both
applications and corporate data will be
virtually stored in the cloud. Professionals
will carry their offices in their pockets for
use anywhere at any time.”
— Bo Carlsson
1
Steve Henn, “Could the New Air Traffic Control System Be Hacked?,” NPR.org,
August 14, 2012
2
Homeland Security News Wire, “Pacemakers, other implanted devices,
vulnerable to lethal attacks,” November 28, 2012
3
Microsoft, Microsoft Security Intelligence Report, Volume 12, 2012, page 40
I.7 References
The views set forth in this publication are not necessarily those of Hewlett-Packard Company or its affiliates (HP), but are the collective views of contributors to this publication, some of which have been curated by HP. Because the
content of this publication is future-looking, it, by definition, makes certain presuppositions and assumptions, some or all of which may or may not be realized.
Page 1
Mobility
20/20
Chapter 2
Looking toward the era when everyone
— and everything — is connected
II.1 Outlook
II.2 The personal cloud
II.3 Bigger data
II.4 Managing what you can’t secure
II.5 Assessing enterprise mobility
II.6 Your mobility dream team
II.7 References
Outlook
Depending on which prediction you read, each person, worldwide, may
be using as many as nine mobile devices by 2020. We are already deeply
attached to these devices: Smartphones currently outship PCs1
, and in a recent
Time Mobility Poll, 66 percent of respondents said they’d rather take their
mobile device to work than bring lunch.2
The interconnected world of the next decade will rely heavily on public, private and
personal clouds. These clouds are expected to serve up an engaging experience
tailored to every user’s habits and current context. When you contact any
service provider — a credit card company, say — you may not have to repeat
your basic information ever again. The providers will just know.
“Mobile and cloud are two ends of the same thing, a totally new platform
for business and consumer service innovation,” says Frank Gens, senior vice
president and chief analyst at IDC. “Mobile devices are redefining and stretching
the edge beyond where the PC took us. Cloud is redefining the core and is much
simpler to deploy and use.”
Beyond the welcome reduction in complexity for IT, the cloud is expected to
become the experience engine of 2020, allowing mobile devices to serve up
experiences that take into account our habits, social circles, personal and
professional communities of interest and — of course — what we’re doing at
any given moment.
Page 4
Current statistics and predictions for the rise of mobility worldwide paint a
telling picture:
•• The global market for enterprise mobility is predicted to exceed $174 billion
by 2017.3
•• By 2020, IDC predicts that “third-platform technologies” (mobile, cloud,
social and Big Data) will comprise 80 percent of all IT spending, compared
with 20 percent in 2011.4
•• Kleiner Perkins Caulfield  Byers General Partner Mary Meeker reported in
December 2012 that mobile devices running iOS and Android account for 45
percent of browsing, compared to just 35 percent for Windows PCs.5
Mobile technologies are evolving with mind-blowing speed. As noted in the
Introduction to Enterprise 20/20, the connectedness of our 2020 world will
have a major impact on society as a whole, raising a number of questions:
•• How will mobility affect how we conduct business in 2020?
•• What will the global implication be of China and India becoming the largest
and second largest mobile broadband markets, respectively, in the next
four years?7
•• How will the sensor-filled Internet of Things (IoT) mature and what will
be the best way to tap into the potential of machine-to-machine (M2M)
communications?
•• How can enterprises derive value from the onslaught of Big Data — much
of it generated by the IoT — in 2020?
•• How can enterprises build mobile strategies and hire the right teams to
account for the consumerization of IT, the bring-your-own device (BYOD)
trend, security and application development and management?
Page 4OutlookII.1
There will be an estimated 50
billion devices connected to the
internet by 2020.6
Mobility also promises a broad spectrum of benefits — and virtually endless
scenarios in which users can engage with the world around them and service
providers can fine-tune offerings to meet individual needs. For example:
•• Wearable devices and mobile apps will help manage your health — and share
details with your doctor.
•• Your car will know how you drive, who’s in the car with you and how
you’re feeling.
•• Your favorite café or retail store will recognize you — along with why you’re
there — and send custom offers.
•• Your refrigerator and pantry will make sure your smartphone knows what
you need at the store — or go ahead and place the grocery order for you if
you’re too busy to shop.
•• Salespeople can use mobile devices to demo innovative products in
any industry.
•• You’ll be able to pay for public transit, file tax returns and report public
safety issues on the go, thanks to embedded biometric sensors and
yet-to-be-developed mobile innovations.
OutlookII.1
Page 6Page 6
Users will guide enterprise IT development in mobility. The challenge today,
of course, is “most IT pros didn’t grow up in this era,” says Paul Evans,
worldwide lead for Application Transformation Solutions at HP. “They are
trying to understand shorter development times, shorter refresh cycles and
better user experience where the bar is being constantly driven higher. It’s
challenging, but it’s got to be addressed to set the stage for 2020.”
Placing users at the center of a company’s mobility strategy cannot come at
the expense of the data security. And with sensors everywhere — even in our
bodies as transient electronics that dissolve into nothing when they’ve served
their purpose8
— no strategy is complete without a Big Data context.
Is user experience a nice-to-have or a requirement?
John McCarthy, vice president, principal analyst, Forrester Research
Watch now
Page 7
“The key word for mobility 2020
must be engagement.”
Paul Evans, worldwide lead, Application
Transformation Solutions, HP
Page 7
“The key word for mobility 2020 must be engagement,” says Evans. Your
opinion of the Facebook mobile app, for example, most likely has more to
do with your level of engagement in that social network than it does the
app’s functionality. You might rate the app 7 out of 10 on just its features or
usability. But if your sole criterion is engagement, it could earn a perfect.
And think how attached you’d become to certain apps if they used the cloud
as an engagement engine to touch other parts of your life.
OutlookII.1
What role will nation-states play in the evolving
threat landscape?
Art Gilliland, senior vice president, Software Enterprise Security Products, HP
Listen Now
Page 8Page 8
“Mobile and cloud are two ends
of the same thing, a totally
new platform for business and
consumer service innovation.”
OutlookII.1
Frank Gens, senior vice president and chief analyst, IDC
twitter: @fgens
Mobile devices: The experience engines of the future
Watch sensors in action as they cater to “Paolo’s” activities, habits and moods – even holding his hand as he prepares for a big dinner date
Explore the three Auras above to see examples of sensors at work.
Preparations: Devices bolster confidence Errands: Innovation eases shopping Dinner: Sensors remove stress
To trigger this augmented reality experience, download the Aurasma Android or iPhone app.
From the app, search for “HP Mobility.” Tap on the channel and then choose to Follow.
When finished, tap the Viewfinder icon (bottom center) and frame each image above with your device.
Outlook Page 9II.1
Page 10Page 10
Discussion hub
What are the greatest benefits that mobility
will bring to the enterprise by 2020?
Share your thoughts and help pave the path.
“I can imagine that augmented reality
concepts will be an integral part of the
internet in 2020, which will be primarily
used with mobile devices.”
— Dennis Kruegel
“The work week will change, and this will be
driven by the mobile technology.”
— Xani Gonzalez
OutlookII.1
Join the conversation
The personal cloud
Page 12
Futuristic mobile devices get a lot of attention in the media. But, Jeff Edlund,
CTO of HP’s Communications and Media Solutions division, takes issue with
the often-singular focus on the gadgets themselves. “We are not meeting the
primary need of the end user in regard to mobility,” Edlund says. “The process
of mobility should be completely invisible. Yet every device requires you to
think about how you’re going to connect. The end user still has to work too
hard to obtain this nirvanic notion of mobility.”
Mobile nirvana is, in fact, a world in which technologies are always engaging,
adapting and helping humans, thanks to intimate knowledge of our habits,
moods, locations and so on. We’re starting to see the trend manifest today, but
by 2020, the user must sit squarely at the center of everything. “Imagine if you
had, in the cloud, your own personal attendant, or avatar,” says Edlund. “This
avatar is intelligent, and it has the ability to communicate across the host of
devices in your mobile life. Regardless of what device you pick up, the avatar is
the entity that provides a seamless experience.”
II.2 The personal cloud
What creates the perfect storm of cloud and mobile?
John McCarthy, vice president, principal analyst, Forrester Research
Watch now
Add in the billions of sensors in everything from biomedical devices to smart
buildings and vehicles to the 2020 versions of the Nike+ FuelBand or Fitbit, and
a picture of the personal cloud emerges. Any mobile app on any given mobile
device should recognize any given user.
The collection, storage and analysis of all of this mobile- and sensor-
generated Big Data will allow companies in every industry to better serve
users. “The reason mobility plays such a key role (versus sitting at a desk using
Chrome) is there is a much richer source of current context data — we can
know where you are, what mood you’re in, if you’re in a hurry and so on,” says
Neil Miles, mobility solution manager, HP.
II.2
“The process of mobility should
be completely invisible.”
Jeff Edlund, CTO, Communications and Media Solutions, HP
Twitter: @jedlundhp
The personal cloud
Source: Cisco, “Internet of Things”, July 2011
The Internet of Things will experience a
continued growth spurt into the next decade
The number of connected devices will double every five years,
making the world’s population growth seem glacial in comparison
7.6Billion202020152010
World population
7.2Billion
World population
6.8Billion
World population
50Billion
Connected devices
25Billion
Connected devices
12.5Billion
Connected devices
Page 14II.2 The personal cloud
Page 15II.2
Discussion hub
When it comes to an engaging mobile experience, which is more
important, the design of the device itself or the applications?
Share your thoughts and help pave the path.
“When UX is embraced by a corporation as
an actual business strategy, your mobile
application will be actively promoted 
engaged with.”
— Albert Vargas
“I would say that user experience with computing
wins out and that is more all encompassing than
one or the other components.”
— Bryan Coapstick
The personal cloud
Join the conversation
Bigger data
In 2013, a fork that monitors how much you eat or a toothbrush that beams
reports about your oral hygiene to your dentist make for interesting water
cooler conversation.
But looking ahead to 2020, the benefits of the IoT and M2M communications
offer little without systems to collect, store and analyze the data generated
by smart devices and multiplying sensor networks. Not only that, says Edlund,
when it comes to M2M, people may be getting excited about the wrong thing.
“There will be a lot more revenue available if you can understand what the
data means when it’s coming from a fleet of machines,” he says. Identifying
geographic patterns of the incidence of disease from fleets of medical sensors,
for instance, will be of innumerable value.
II.3 Bigger data
Page 18
The IoT is “the red-hot spot to be looking at if you’re a senior IT or business
leader,” says Gens, who agrees with Edlund that the IoT and M2M are really
about Big Data, which is “exactly the place where you want to have
innovation discussions with the other line-of-business executives in your
company, no matter what industry you’re in.” Gens reminds us that the size
of the digital universe, which is about 8 zettabytes now, will approach 50
zettabytes by 2020.9
In the face of all this data pouring off us as individuals and, of course,
devices, there’s likely to be pushback from folks whose movements and
activities potentially could be tracked based on data from sensors they wear
or otherwise interact with. This will push governments and enterprises to
monitor how the data is used and — in the case of companies — prove that
they are using the data responsibly.
Page 19
“The IoT is the red-hot spot to
be looking at if you’re a senior
IT or business leader.”
II.3 Bigger data
Frank Gens, senior vice president and chief analyst, IDC
twitter: @fgens
Snapshot devices
track drivers’ braking
and speed patterns
to inform insurance
premiums
Global Tracking reports teen activity
to parents through a wearable GPS device
Machine-generated data is
estimated to reach 42 percent
by 20202
Glowcaps prescription bottles contain wireless
chips that send consumption data to doctors
Third parties profit from machine-generated data
Scenetap posts
real-time data about
the gender ratio,
crowd size and
age rangeat local hotspots
Consumer privacy vs. Big Data
Despite privacy concerns, individuals are quick to provide personal information1
1 IDC, “Digital Universe 2020,” December 2012
2 Rick Smolan and Jennifer Erwitt, “The Human Face of Big Data,” November 2012
2013
33%
2020
42%
2005
11%
Individuals quick to volunteer information1
20 billion megabytes of data are
generated by Google search every day
48 hours of video are
uploaded to YouTube every minute
1 billion Tweets
are sent every
72 hours by Twitter
35% of
the world’s
photos end up
on Facebook
Page 20II.3 Bigger data
Page 21II.3
Discussion hub
What do you think of grouping mobility, cloud,
big data and social media?
Share your thoughts and help pave the path.
“Shifting the Big Data focus to enabling
more automated business actions beyond
just informing people of events of interest
will have a big impact.”
— Charles Bess
“They are all one in the same when
executed properly.”
— Nicole Walker
Bigger data
Join the conversation
Managing what
you can’t secure
Page 23
Mobile security in the enterprise will encompass not only the physical
security of devices but also the data, systems and networks. “You’re going
to have to think about how you manage things you don’t control — things
like your employees’ or customers’ devices and apps,” says Gens, particularly
considering that with 50 billion devices and sensor arrays, the attack surface
in 2020 will be exponentially larger. Enterprises must ask, “How do I manage in
a world where I can’t lock everything down?” Gens notes.
Technology-wise, there are a number of ways to do this, says Boris Balacheff,
HP Labs senior researcher. “We want the enterprise to be able to focus on who
has access to what and under what conditions — without having to own and
manage devices.” BYOD is a reality, Balacheff acknowledges, and IT teams
are embracing it. But where security is top of mind, they still tend to take
a “heavily managed” approach to BYOD, wherein users have their choice of
devices but IT takes over management of devices to control what users have
access to, and under what conditions, often resulting in constraints over how
users can use their device.
After all, BYOD is about allowing users to use their choice of device and apps.
“Users expect to use a single device to do what they need to do online,”
Balacheff says. “Our vision is to enable an organization to fully control who
has access to its content, and under what security policies, without having
to manage the devices themselves or constrain other uses the user may
have for them.”
II.4 Managing what you can’t secure
“How do enterprises manage
in a world where they can’t
lock everything down?”
Frank Gens, senior vice president and chief analyst, IDC
twitter: @fgens
Page 25II.4 Managing what you can’t secure
“Our vision is to enable an organization
to fully control who has access to
its content, and under what security
policies, without having to manage
the devices themselves.”
Boris Balacheff, senior researcher, HP Labs
twitter: @hplabs
48% of mobile applications
are currently susceptible
to unauthorized access2
BYOD will only grow, with the number of devices per employee due to bypass 6 by 2020
77% of mobile apps
are currently susceptible
to information leakage2
Growing number of employee devices a threat to enterprise security
Organizations are at the mercy of mobile applications and their persistent vulnerabilities
Sources:
Cisco Internet Business Solutions Group, “Internet of Things,” July 2011
HP, “2012 Cyber Risk Report,” February 2013
2012
2.3
devices1
3.4
devices
6.58
devices
2015 2020
Page 26II.4 Managing what you can’t secure
Page 27
Discussion hub
What changes will enterprises need to
make to secure mobile data?
Share your thoughts and help pave the path.
“Security is a constantly evolving pheno-
mena and a fear-based approach to it is
inadequate, to say the least.”
— Manjit
“We need more comfortable tools and
processes to ensure security.”
— Thomas Abel
II.4 Managing what you can’t secure
Join the conversation
Assessing enterprise
mobility
Page 29
There are a host of business opportunities around mobility technologies,
including increased agility and productivity, both of which feed a company’s
innovation engine. But, as with any enterprise IT roadmap, your mobility
strategy cannot exist in a vacuum. “Seventy percent of organizations have no
mobile app strategy,”10
says Evans. “Instead, they are rushing headlong into
the exploding world of apps.”
Evans acknowledges the challenge IT faces, with constant pressure from
the business to jump into mobility without first establishing a strategy.
But a company can’t do one before the other, he says. “You have to run these
things in parallel, continuously serving the business while continuously
forming a strategy.”
Put another way, while IT is keeping its old systems running, with its non-
mobile front-ends, SaaS providers in their thousands are getting seed
money and creating the engaging user experiences of the future. Unless IT
How will businesses implement new systems
of engagement?
John McCarthy, vice president, principal analyst, Forrester Research
Watch now
embraces mobility, SaaS providers will go around IT departments and sell
to the business, which has no problem choosing SaaS services without IT’s
consultation, much less its blessing.
Ultimately, Evans concludes, “it comes down to how creative you can be. What
game-changing mobile services can you come up with?”
II.5 Assessing enterprise mobility
“Seventy percent of
organizations have no
mobile app strategy.”
Paul Evans, worldwide lead, Application
Transformation Solutions, HP
Page 31
“It comes down to how creative you
can be. What game-changing mobile
services can you come up with?”
Paul Evans, worldwide lead, Application Transformation Solutions, HP
II.5 Assessing enterprise mobility
Your mobility
dream team
Page 33
Today’s app developers, ops teams and security experts won’t necessarily
be the same team that takes you into 2020 and puts your mobile strategy
into practice. Instead, expertise in cloud technologies, mobile application
development and life cycle management, user engagement, security, the IoT
and M2M and Big Data analytics will be key. As discussed in the CIO 20/20
chapter, the members of your mobile team will need to take an active role in
setting the innovation agenda.
“To stage for 2020, IT executives need to be reinventing IT as an innovation
platform for their enterprise,” says Gens. “They have to be in dialog with
business executives thinking about what kind of new offerings they can help
bring to market by leveraging mobile and cloud as a new baseline.”
How can organizations increase their value through
user experience?
John McCarthy, vice president, principal analyst, Forrester Research
Watch now
Page 34
“To stage for 2020, IT executives need
to be reinventing IT as an innovation
platform for their enterprise.”
II.6 Your mobility dream team
Frank Gens, senior vice president and chief analyst, IDC
twitter: @fgens
Page 35
Discussion hub
What can enterprises do today to ensure they have the right people on
staff or as partners to prepare for the highly connected world of 2020?
Share your thoughts and help pave the path.
“Successful organizations need to have
clear communications, clear roles and
responsibilities and build in economies of
scale wherever possible.”
— Frances Spurlock
“I don’t think ‘staffing’ is the issue, particularly.
Instead, I would suggest that it’s more of a
general ‘corporate attitude’ to view the world
as more open.”
— Karl Schulmeisters
II.6 Your mobility dream team
Join the conversation
Page 36Page 36
1
Canalys, “Smart phones overtake client PCs in 2011,” February 2012.
2
Time Magazine, “Your Wireless Life,” August 15, 2012.
3
Ericsson, “More than 50 Billion Connected Devices,” February 2011.
4
Global Industry Analysts, “Enterprise Mobility: A Global Strategic Business
Report,” September 2011.
5
IDC, IDC Predictions 2013: Competing on the 3rd Platform, Doc # 238044,
Nov 2012.
6
Meeker, Mary, and Wu, Liang, Kleiner Perkins Caufield Byers, “2012 Internet
Trends (Update),” May 2012.
7
GSMA, “GSMA Announces that India Will Become the World’s Second Largest
Mobile Broadband Market Within Four Years,” April 2012.
8
Popular Science, “Transient Electronics Could Dissolve Inside Your Body,”
September 27, 2012.
9
IDC, “The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and
Biggest Growth in the Far East,” December 2012.
10
Pierre Audoin Consultants (PAC), “Enterprise Mobility, Market Trends and
Implications for Software and IT Service Providers,” September 24, 2012
The views set forth in this publication are not necessarily those of Hewlett-Packard Company or its affiliates (HP), but are the collective views of contributors to this publication, some of which have been curated by HP. Because the
content of this publication is future-looking, it, by definition, makes certain presuppositions and assumptions, some or all of which may or may not be realized.
II.7 References

Mais conteúdo relacionado

Mais procurados

Information Security
Information SecurityInformation Security
Information Security
trunko
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
Sarah Jarvis
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
Kevin Leffew
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
Jake Weaver
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Creus Moreira Carlos
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
Stephanie Holman
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
EMC
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
James Fintain Lawler
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
Henry Worth
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
João Rufino de Sales
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
Constantin Cocioaba
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
IBM Security
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
Sanjana Khound
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money men
giorgiogarrido6
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
Tatainteractive1
 

Mais procurados (20)

Information Security
Information SecurityInformation Security
Information Security
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money men
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 

Destaque

Lesson1
Lesson1Lesson1
11.the determinants of banks’ capital ratio in developing countries
11.the determinants of banks’ capital ratio in developing countries11.the determinants of banks’ capital ratio in developing countries
11.the determinants of banks’ capital ratio in developing countries
Alexander Decker
 
Evaluation question 1
Evaluation question 1Evaluation question 1
Evaluation question 1
RohamaWaseem
 
Telecom Business Advisory Initial Meeting
Telecom Business Advisory   Initial MeetingTelecom Business Advisory   Initial Meeting
Telecom Business Advisory Initial Meeting
kevin_m_watson
 
3.31 45
3.31 453.31 45
Childhood Anxiety Fun Wey Tutoring Services
Childhood Anxiety Fun Wey Tutoring ServicesChildhood Anxiety Fun Wey Tutoring Services
Childhood Anxiety Fun Wey Tutoring Services
Fun-Wey Tutoring Services
 

Destaque (6)

Lesson1
Lesson1Lesson1
Lesson1
 
11.the determinants of banks’ capital ratio in developing countries
11.the determinants of banks’ capital ratio in developing countries11.the determinants of banks’ capital ratio in developing countries
11.the determinants of banks’ capital ratio in developing countries
 
Evaluation question 1
Evaluation question 1Evaluation question 1
Evaluation question 1
 
Telecom Business Advisory Initial Meeting
Telecom Business Advisory   Initial MeetingTelecom Business Advisory   Initial Meeting
Telecom Business Advisory Initial Meeting
 
3.31 45
3.31 453.31 45
3.31 45
 
Childhood Anxiety Fun Wey Tutoring Services
Childhood Anxiety Fun Wey Tutoring ServicesChildhood Anxiety Fun Wey Tutoring Services
Childhood Anxiety Fun Wey Tutoring Services
 

Semelhante a 1. security 20 20 - ebook-vol2

A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
Spark Security
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Get Prepared
Get PreparedGet Prepared
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting   Executive Security PresentationDecember ISSA Meeting   Executive Security Presentation
December ISSA Meeting Executive Security Presentation
whmillerjr
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
AnastaciaShadelb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
ChantellPantoja184
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)
Julie Bridgen
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Matthew Rosenquist
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
BluePayProcessing
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
Bill Besse
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
Alistair Blake
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
Mantenso Skido-Achulo
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for Legislators
Kristin Judge
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Booz Allen Hamilton
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
Rainer Mueller
 
Final Presentation.pptx
Final Presentation.pptxFinal Presentation.pptx
Final Presentation.pptx
BetaBeta9
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
Amit Kumar
 

Semelhante a 1. security 20 20 - ebook-vol2 (20)

A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting   Executive Security PresentationDecember ISSA Meeting   Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for Legislators
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
Final Presentation.pptx
Final Presentation.pptxFinal Presentation.pptx
Final Presentation.pptx
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 

Último

Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
moinahousna
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
ishalveerrandhawa1
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 

Último (20)

Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 

1. security 20 20 - ebook-vol2

  • 1. Security 20/20 Chapter 1 Preparing today for tomorrow’s threats I.1 Outlook I.2 Threats I.3 Innovation I.4 Risk management I.5 Regulation I.6 Strategies I.7 References
  • 3. I.1 Outlook When companies hear the word “security,” what concepts come to mind — safety, protection or perhaps comfort? To the average IT administrator, security conjures up images of locked-down networks and virus-free devices. An attacker, state-sponsored agent or hactivist, meanwhile, may view security as a way to demonstrate expertise by infiltrating and bringing down corporate or government networks for profit, military goals, political gain — or even fun. Page 3
  • 4. We live in a world in which cybercrime is on the rise. A quick scan of the timeline of major incidents (See Figure 1, Page 9) shows the increasing frequency and severity of security breaches — a pattern that is likely to continue for years to come. Few if any organizations are safe from cybercriminals, to say nothing of national security. In fact, experts even exposed authentication and encryption vulnerabilities in the U.S. Federal Aviation Administration’s new state-of-the-art multibillion-dollar air traffic control system1 . Page 4
  • 5. I.1 Outlook Security now, by necessity, must protect all aspects of the enterprise, from the data center to the desktop and beyond the network edge. Seemingly commonplace, yet still nascent, innovations such as cloud services and the bring-your-own-device (BYOD) trend have only accelerated the need for relevant security at all points in the information lifecycle. “The Internet of Things is going to allow us to be more connected and very productive,” says Art Gilliland, senior vice president, Software Enterprise Security Products, HP. “But it also creates more areas for adversaries to compromise the environment. Any device can be the attack point or the thing that is attacking.” Over the next decade, this reality is going to challenge our IT environments, our consumer lifestyles and the security industry at large. “We have very intelligent, highly motivated antagonists who are determined to cause disruption. We don’t think that’s ever going to go away,” says Rebecca Lawson, director, Worldwide Enterprise Solutions Marketing, HP. Enterprises need to adopt a different approach to security. The game is no longer about locking down the network and blocking every threat. To compete against adversaries who are increasingly sophisticated and well-funded — and in many cases, unknown — companies have to manage the risk that is inherent in doing business in a connected world. Page 5 “Any device can be the attack point or the thing that is attacking,” Gilliland says.
  • 6. In 2020, companies and individuals alike will need to approach security from a holistic mindset as threats to corporate, government and personal information increase. Security professionals will find themselves answering to CEOs and corporate boards as their policies, processes and vulnerabilities become companywide priorities. In order to reduce technical debt downstream and decrease unplanned downtime, intrusions and business disruption, enterprises will need to embrace a three-step approach to security: 1. Build it in. 2. Make it intelligent. 3. Protect what matters. “People do not have a good handle on today’s threats. Pretty much every corporation is suffering breaches, and when they are even aware of what is happening, they are unwilling to talk about it,” says Martin Sadler, director, Cloud and Security, HP Labs. “We do not have today’s threats under control, and we are going to have to work hard to keep it from getting worse.” Our goal in this chapter is to shed some light on the most likely threats enterprises will face in 2020 and what they can do now to protect their information and networks while enabling agility and privacy. The threats are very real, and they are very damaging. But enterprises can look at them as catalysts for positive change. I.1 Outlook Page 6 “We do not have today’s threats under control, and we are going to have to work hard to keep it from getting worse.” Martin Sadler, director, Cloud and Security, HP Labs twitter: @hplabs
  • 7. “Every corporation is suffering breaches, and they are unwilling to talk about it.” I.1 Outlook Page 7 Martin Sadler, director, Cloud and Security, HP Labs
  • 8. 2005 2006 2007 2009 2010 2011 2012 Driver’s license and credit and debit card numbers of more than 100 million of retailer TJX Companies’ customers 26.5 million veterans’ private records by the U.S. Department of Veteran’s Affairs Personal data from as many as 101.6 million user accounts by Sony Personal data of 35 milllion users of The Valve Corp.’s Steam gaming cloud service 130 million credit and debit card numbers from card-processing company Heartland Payment Systems 40 million credit card numbers from payment processor CardSystems Financial information of 8.5 million customers of Fidelity National Information Services 12.5 million unencrypted customer records by the Bank of New York Financial informa- tion of more than 17 million Countrywide Financial Corp. customers Detailed records of more than 76 million veterans by the U.S. Military Source: Privacy Rights Clearinghouse Chronology of Data Breaches, www. privacyrights.org 2008 Top 10 data losses from U.S. security breaches, 2005-2012 The majority of major security breaches resulted from unencrypted data or missing hardware. OutlookI.1 Page 8
  • 9. Page 9I.1 Outlook Discussion hub Doyoubelieveenterprisesaregetting smarter about enterprise security? Join the conversation Share your thoughts and help pave the path. “Biometrics is flawed. Identity as implemented in enterprise applications doesn’t necessarily align with how identity works in the real world.” — James McGovern “Identity theft will become much harder to pull off convincingly in this age of connectedness; as soon as someone starts misusing your identity you’re bound to be notified some way or another.” — Horia Slusanschi
  • 11. Page 11I.2 Combine global technology trends with the emergence of organized cybercrime, add the universal mandate for businesses to make money, and you have an unwinnable game for the enterprise. Here are some emerging trends and top concerns: Connected societies: Technology is having a greater influence on society, as seen by the Arab Spring of 2011. And many anticipate that an additional 1 billion people will be online by 2020, with a significant percentage of them from developing countries. “At some point in the near future we will end up with more people having access to the Internet than access to clean water,” Sadler notes. “If you equip people to be a part of this global communications infrastructure when their other needs are not being met, they will turn to the Internet to get access to what they need.” As a result, kinetic warfare or cyberterrorism has the potential to be an effective means for emerging countries to challenge the developed world on an increasingly level technology playing field. “It is important to think beyond software and system vulnerabilities and understand the wider backdrop that is likely to shape online activity,” Sadler says. Medical device as vulnerability: Physical security is coming under scrutiny as an increasing number of implanted electronic devices such as insulin pumps and pacemakers are being exposed as vulnerable to hacking. Routinely monitored and interconnected with other devices over wireless networks, they are raising red flags in the security and medical communities as the newest vulnerability due to a lack of regulation and industry oversight. Imagine being held for ransom by someone you never see, who forces you to drain your bank account in exchange for keeping your pacemaker running. A vulnerability was recently reported that could make just this type of scenario a reality2 . The increase in machine-to-machine interactions: As cities adopt smart grid technologies and buildings become more “intelligent,” breaches in security of these interconnected systems will have a cascading effect. Network grids that control traffic lights, railroad crossings and toll bridges, for instance, could become prime targets for terrorists or hackers looking to extort money from governments or individuals. Our desire to be mobile: Mobile devices, from smartphones and tablets to laptops and ultrabooks, have become primary sources of communication and information. As a result, Threats
  • 12. I.2 Threats web-based applications are proliferating. But how many of them are secure? “Web applications are becoming the preferred method of attacks because they often have vulnerabilities that can be exploited,” Lawson says. “Everyone wants to have a cool web app but they don’t know the potential risks and liabilities based on how that app interacts with other apps. These days, security is still, too often, an afterthought”. The increase of cloud services: As companies move more of their infrastructure and their data to the cloud, adversaries will be able to take advantage of the trend. “In theory, the cloud services model strengthens security because data will be handled by companies with whole teams that think about nothing but security. But we’re not there yet,” says Joseph Menn, author of Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet and an investigative reporter with Reuters specializing in cyber security. The growing importance of Big Data: For large organizations, keeping up with both the volume and the velocity of information is a huge undertaking. Attackers can exploit immense, distributed Big Data systems, which often have limited security controls, and gain access to tremendous amounts of information at once.
  • 13. Page 13 Exploiting the weakest link The majority of corporate security spending traditionally has been focused on infrastructure security. However, threats exploit the weakest areas, and for many organizations that weakest area has become the application layer. “For several decades people have been paying attention to network infrastructure security but not application security,” says John Diamant, secure product development strategist and distinguished technologist, HP. “It’s a house-of-cards situation: Because security is a weakest-link problem and applications are filled with vulnerabilities, a company can have plenty of network-based security but still be exposed.” What’s more, a disparity exists between the amount of money spent on application security compared to infrastructure and network security, with only 10 percent of the average enterprise security budget spent on application security. However, Diamant notes, more than 70 percent of successful attacks were carried out at the application level3 . “Application security is one threat that is seriously under-represented. And it’s one that’s not being well enough addressed,” he says. The lack of spending on securing applications and code is creating a mountain of technical debt for which network and infrastructure security alone cannot compensate.
  • 14. What do think will be the biggest threats to enterprise security in 2020? Art Gilliland, senior vice president, Software Enterprise Security Products, HP Listen Now I.2 Threats “Application security is one threat that is seriously underrepresented,” Diamant points out. The power of nation-states The motivations behind cyberattacks also have changed. Hackers are getting paid handsomely for zero-day exploits, as nation-states and organized-crime rings fund an emerging cybercriminal market. “There’s an active adversary out there, trying to get around defenses and out-innovate the security controls you put in place,” Gilliland says. “The wealth of an entire marketplace is funding an attack against a single entity.” Meanwhile, the amount of time between when sophisticated attacks using cutting-edge technology occur and when corporations see that technology materialize on their own networks is shrinking. What starts off as a bespoke attack rapidly becomes industrialized because it can be replicated to be used against any number of available targets. “The bad guys are using more sophisticated technology and even developing their own supply chains,” Sadler notes. “If you want to know who the users of leading-edge technology are, it’s the people attacking our organizations.”
  • 15. Page 15I.2 Threats “Security is a weakest-link problem and applications are filled with vulnerabilities, so a company can have plenty of network- based security but still be exposed.” John Diamant, secure product development strategist and distinguished technologist, HP
  • 16. Page 16I.2 Threats 1 Privacy Rights Clearinghouse Chronology of Data Breaches, www. privacyrights.org 2 Ponemon Institute, 2012 Cost of Cyber Crime Study, sponsored by HP Enterprise Security 3 Ponemon Institute, 2012 Cost of Cyber Crime Study, sponsored by HP Enterprise Security 4 Verizon RISK Team, 2012 Data Breach Investigations Report 5 Gartner, Forecast Overview: Security Infrastructure, Worldwide, 2010-2016, 2Q12 Update, August 2012 The rising incidence of data breaches Both the cost and the frequency of security events are increasing. Only 765 of 356 million data breaches between 2005 and 2012 were made public1 Cybercrime in 2012 was estimated to cost an average $8.9 million per organization2 The number of successful cyberattacks per week more than doubled from 2011 to 20123 Worldwide security spending should reach $60 billion in 2012, up 8.4 percent from $55 billion in 2011. Gartner expects this trajectory to continue, reaching $86 billion in 20165 Cost Time Hacking was a factor in 81 percent of data breaches and in 99 percent of data loss4 Sources:
  • 17. Page 17I.2 Threats Discussion hub What threats do you believe will shape the security landscape in 2020? Join the conversation Share your thoughts and help pave the path. “Security threats follow value. Will there be anything significantly more valuable in 2020 that we don’t already value today?” — Horia Slușanschi “Malicious QRcodes: The ability to place a sticker over a legitimate code with one that takes you to a malware site is cropping up more and more. This is an example of convenience overwhelming security.” — Charles Bess
  • 19. I.3 To compete against threats, enterprises must look beyond the all-but- vanished “network perimeter” and focus on securing applications and data while understanding identity and access for users as they move from corporate to hostile networks at will. As threats become more ubiquitous, organized and directed, companies must remain constantly vigilant. “We have to build better technologies to authenticate and understand who users are, what users should have access to or not and what data matters or doesn’t matter — and put controls directly on the information,” Gilliland explains. “There are components of that technology that exist today, but it has to become more sophisticated and more accurate.” Smart systems To stay ahead of the bad guys, companies will need to rely more on “smart systems” (discussed in the Introduction to Enterprise 20/20), which should be able to recognize anomalies in a workflow and emit an alert before proceeding with the new request. Innovation
  • 20. I.3 Innovation “By the time people are involved in defending against an attack, it’s too late,” Sadler says. “We want systems that protect themselves — to have multiple layers of defense in much the same way the human body defends itself, and to act autonomously.” Along with smart systems, current technologies such as virtualization are helping mitigate some of the opportunities for attack by removing the ability for direct communication with critical systems. By using a higher level of abstraction in the way we configure our storage, networking and processing, we can better guarantee that security is being enforced and preventing potential attacks. Application lifecycle and security Many of the issues surrounding application security can be significantly reduced if developers take a lifecycle approach to security and develop the application with the benefit of protecting it from cradle to grave. The idea is based on the concept of Total Quality Management (TQM), which W. Edwards Deming introduced in the 1950s. In the United States, TQM made its way into manufacturing in the 1970s and into IT software quality assurance in the 1980s, a time when software security was far from an issue.
  • 21. Page 21 Today, however, companies are recognizing the need to architect and build security into applications from the start, which is no trivial task. “It has taken us a long time to learn the lessons from Deming,” Diamant says. “By the time people are involved in defending against an attack, it’s too late.” Martin Sadler, director, Cloud and Security, HP Labs twitter: @hplabs
  • 22. I.3 Innovation Page 22 Source: HP Comprehensive Applications Threat Analysis (CATA), September 2012 Extending security assurance to meet today’s realities Organizations cannot afford to be reactive in the current threat-filled environment In post-release phase Patching In testing phase Integration and penetration testing In development phase Code reviews In requirements phase Architecture and design Returnoninvestment Historical evolution in security assurance maturity ProactiveReactive
  • 23. Page 23Innovation Discussion hub How can organizations like those in healthcare turn the tides against security breaches? Join the conversation Share your thoughts and help pave the path. “Security protocols will adjust, seek out and quarantine perceived threats before the system is compromised.” — Albert Vargas “A triage approach could focus the scarce resources of security teams on areas that need attention.” — Charles Bess I.3
  • 25. I.4 Risk management Most enterprises walk a fine line between agility and security. The simplistic view is that a company can have either one or the other. However, the two are not mutually exclusive. Gilliland explains that migrating to a security approach that protects users and their information instead of the infrastructure and its devices can help enterprises be more agile. “If you try to control only the infrastructure, it stops you from adopting new platforms and from moving and sharing information more freely. Once you can protect the data, you can actually be more flexible,” says Gilliland. To achieve the right balance, companies must make security part of the foundation of every technical design process — and understand the business risks they are taking when they make security decisions. Technologies that focus on mitigating attacks can help an enterprise reduce vulnerability. Solutions that use threat research and correlation of security events and vulnerabilities with contextual data to deliver security intelligence across IT operations, infrastructure and applications will be even more critical as hackers look for new ways to make their attacks more targeted and more destructive. Enterprises need visibility across the entire organization in order to see where there may be threats. In the shorter term, Larry Ponemon, chairman and founder of security research think tank Ponemon Institute, believes a new generation of tools will alleviate many of the problems caused by simple human laziness. “We get lazy and don’t change passwords, and as a result tools are ineffective,” he notes. “I think we will see more solutions that make security invisible to the user and under-the-system-level technologies. Call it ‘security with convenience’.” Above all, executives need to adopt a risk-management mindset to security policy. “You may have stopped the adversary 5,000 times, but that one breach creates a perception of negligence,” Gilliland warns. He urges enterprises to create the infrastructure, toolsets, processes and controls to minimize damage when the inevitable breach occurs. Page 25 What role will nation-states play in the evolving threat landscape? Art Gilliland, senior vice president, Software Enterprise Security Products, HP Listen Now
  • 26. Page 26I.4 Art Gilliland, senior vice president, Software Enterprise Security Products, HP “You may have stopped the adversary 5,000 times, but that one breach creates a perception of negligence.” Risk management
  • 27. I.4 Risk management Page 27 Source: HP Comprehensive Applications Threat Analysis (CATA), September 2012 End-to-end security is key to stemming breaches Because targets are so widespread, companies must secure the entire organization Before Data center security Endpoint security Network security Application security Mobile security
  • 28. Page 28I.4 Risk management Discussion hub By 2020, will government entities play a larger role in protecting citizens online? Join the conversation Share your thoughts and help pave the path. “The real issue is how much privacy individuals are willing to give up in order to have more security and how much trust they have in the government to behave benevolently.” — Kevin Light “The economies of global corporate entities in many cases will be greater than the GDP of many countries, and it is this citizenship that will be earmarked for protection.” — Manjit
  • 30. I.5 In the last decade, after a number of high-profile network breaches, state and federal authorities in the United States have enacted stringent legislation to protect user data, such as the payment-card industry’s Data Security Standard, healthcare’s Health Insurance Portability and Accountability Act (HIPAA) and financial services’ Gramm-Leach-Bliley Act. Government requirements and frameworks have raised awareness of security issues, making it a punishable offense to willingly — and, in some cases, even unwillingly — expose sensitive personal information. Whether we will be more secure with these new laws in place is a subject of much debate. Some argue that government involvement is essential to protecting individual entities against the military intelligence of nation-states, while others believe self-regulation with properly aligned incentives will prove more effective. It’s important to think about who pays for the cost of security today. “The economic drivers make it challenging,” Diamant explains. “If the decision- makers aren’t feeling the direct impact of a breach, companies don’t include the optimal amount of security.” Gilliland suggests governments have a role to play in protecting consumers, but companies won’t win by providing the minimum level of security. “Regulatory requirements set a bar above which everyone must be,” Gilliland Regulation
  • 31. Page 31I.5 Regulation explains. “But you’re competing against an adversary that is looking for weakness. So if you are aspiring to the low bar, you’re in trouble. We need to create an ROI model that helps executives truly understand what it takes to be secure.” Information stewards Sadler says research is taking the view that security is about stewardship. “Our first role is to protect the Internet for everybody,” he says. “We will all be looking after other people’s information. You expect me (as a company) to use your information but not misuse that information. If we put homes online in future smart cities, we will want the service providers to use the information we’ve given them, but for the purposes we expect. The industry is going through a period of feeling our way through what is acceptable use and what is not.” And when we come under attack, Sadler says, we need to share the nature of that attack in real time with others around us, to better protect everyone. The security operations center of 2020 will be federated with partners, suppliers, customers and even competitors. It will not just be looking inwardly at what is happening on the corporate network. “It’s about stewardship — our first role is to protect the Internet for everybody.” Martin Sadler, director, Cloud and Security, HP Labs twitter: @hplabs
  • 32. Page 32I.5 Regulation United States United Kingdom Germany Russia IndonesiaItaly India TaiwanChinaBrazil Source: Symantec, Internet Security Threat Report: 2011 Note: Categories of activity include malicious code, spam zombies, phishing hosts, bot-infected computers, network attack origins and Web-based attack origins. Top 10 international sources of malicious activity These countries hosted the most offending IP addresses in 2011.
  • 33. Page 33I.5 Regulation Discussion hub What can be done to ensure government has a say without stifling innovation? Join the conversation Share your thoughts and help pave the path. “Although portrayed as scary in movies, global monitoring could increase our feeling of security if we can prevent misuse of that info.” — Bastiaan van der Water “Certain governments will also be the attackers, claiming the intent to protect us. Who will protect us from governments going too far?” — Patrick Demichel
  • 35. Innovation can be a tremendous driver in keeping networks and data secure. But it will never be enough. To prepare now for the threats of tomorrow, companies must take a holistic, grassroots approach to security. In order to embrace the kind of transformation that is required to be resilient and defensible in 2020, enterprises must start building security into their cultures. “Companies must reach out to all their stakeholders and make them aware that damage can happen anywhere in an organization. It needs be a cultural norm around which employees are educated,” Lawson says. And having a breach management plan is critical to dealing with the inevitable. “Companies no longer get a black eye for a breach, they get a black eye for fumbling after the breach,” she adds. Who will be responsible for driving this kind of change? “The role of the chief information security officer is more important than most people realize,” Menn explains. “This is a battle of ecosystems, and it has to be taken seriously at the highest levels.” I.6 Strategies
  • 36. Page 36 Technology a major driver For many companies, the use of smart technologies already has begun, with more organizations bringing integrated and context-aware systems into their infrastructures to help protect their data. “Luckily, smart systems implementation is not a Big Bang thing where you have to get everything in place to make it work. It’s more a collection of separate pieces that help a lot, and the more we have the better we will be,” Sadler says. Ponemon has high hopes for security in 2020. “We will see more interoperability across security technology than we have today,” he predicts. “Today there are literally hundreds of categories of security devices and a lot of them overlap, so it’s difficult for a company to know what it needs. The industry needs to come up with fewer categories and more interoperability.” Also, he believes more people will be educated about security, acquiring more skill and a higher security intelligence, which alone may mitigate a good number of security issues. Menn explains that, in the short term, security companies are going back to the drawing board and tying security down to the chip level. They also are
  • 37. Page 37 supporting more business rules in their products, which will allow customers to limit the functionality of an application so that certain features might have to be turned on or off depending on the user’s circumstances. Long-term, Menn believes we will need a new Internet for financial transactions and sensitive information. “I don’t think TCP/IP can be made secure. The Internet was something in beta that escaped from the lab. It was never supposed to be used for banking and government secrets.” By 2020, many hope the evolution of security technologies and safeguards may finally outpace the threats they have been designed to protect against. Others are frank and anticipate continuing difficulties stemming the swelling tide of attacks. But all agree that the key is in starting today. “I don’t think TCP/IP can be made secure. The Internet was something in beta that escaped from the lab.” Joseph Menn, author, investigative reporter with Reuters Twitter: @josephmenn I.6 Strategies (Photo credit: Doug Piburn)
  • 38. Page 38I.6 Strategies Discussion hub How will technology change the way enterprises approach security in 2020? Join the conversation Share your thoughts and help pave the path. “The rise of social media helps to link humans into various digital ‘tribes.’ Such groups or humans will become more resilient to various forms of electronic attack.” — Horia Slușanschis “BYOD will be widely spread and both applications and corporate data will be virtually stored in the cloud. Professionals will carry their offices in their pockets for use anywhere at any time.” — Bo Carlsson
  • 39. 1 Steve Henn, “Could the New Air Traffic Control System Be Hacked?,” NPR.org, August 14, 2012 2 Homeland Security News Wire, “Pacemakers, other implanted devices, vulnerable to lethal attacks,” November 28, 2012 3 Microsoft, Microsoft Security Intelligence Report, Volume 12, 2012, page 40 I.7 References The views set forth in this publication are not necessarily those of Hewlett-Packard Company or its affiliates (HP), but are the collective views of contributors to this publication, some of which have been curated by HP. Because the content of this publication is future-looking, it, by definition, makes certain presuppositions and assumptions, some or all of which may or may not be realized.
  • 40. Page 1 Mobility 20/20 Chapter 2 Looking toward the era when everyone — and everything — is connected II.1 Outlook II.2 The personal cloud II.3 Bigger data II.4 Managing what you can’t secure II.5 Assessing enterprise mobility II.6 Your mobility dream team II.7 References
  • 42. Depending on which prediction you read, each person, worldwide, may be using as many as nine mobile devices by 2020. We are already deeply attached to these devices: Smartphones currently outship PCs1 , and in a recent Time Mobility Poll, 66 percent of respondents said they’d rather take their mobile device to work than bring lunch.2 The interconnected world of the next decade will rely heavily on public, private and personal clouds. These clouds are expected to serve up an engaging experience tailored to every user’s habits and current context. When you contact any service provider — a credit card company, say — you may not have to repeat your basic information ever again. The providers will just know. “Mobile and cloud are two ends of the same thing, a totally new platform for business and consumer service innovation,” says Frank Gens, senior vice president and chief analyst at IDC. “Mobile devices are redefining and stretching the edge beyond where the PC took us. Cloud is redefining the core and is much simpler to deploy and use.” Beyond the welcome reduction in complexity for IT, the cloud is expected to become the experience engine of 2020, allowing mobile devices to serve up experiences that take into account our habits, social circles, personal and professional communities of interest and — of course — what we’re doing at any given moment.
  • 43. Page 4 Current statistics and predictions for the rise of mobility worldwide paint a telling picture: •• The global market for enterprise mobility is predicted to exceed $174 billion by 2017.3 •• By 2020, IDC predicts that “third-platform technologies” (mobile, cloud, social and Big Data) will comprise 80 percent of all IT spending, compared with 20 percent in 2011.4 •• Kleiner Perkins Caulfield Byers General Partner Mary Meeker reported in December 2012 that mobile devices running iOS and Android account for 45 percent of browsing, compared to just 35 percent for Windows PCs.5 Mobile technologies are evolving with mind-blowing speed. As noted in the Introduction to Enterprise 20/20, the connectedness of our 2020 world will have a major impact on society as a whole, raising a number of questions: •• How will mobility affect how we conduct business in 2020? •• What will the global implication be of China and India becoming the largest and second largest mobile broadband markets, respectively, in the next four years?7 •• How will the sensor-filled Internet of Things (IoT) mature and what will be the best way to tap into the potential of machine-to-machine (M2M) communications? •• How can enterprises derive value from the onslaught of Big Data — much of it generated by the IoT — in 2020? •• How can enterprises build mobile strategies and hire the right teams to account for the consumerization of IT, the bring-your-own device (BYOD) trend, security and application development and management? Page 4OutlookII.1 There will be an estimated 50 billion devices connected to the internet by 2020.6
  • 44. Mobility also promises a broad spectrum of benefits — and virtually endless scenarios in which users can engage with the world around them and service providers can fine-tune offerings to meet individual needs. For example: •• Wearable devices and mobile apps will help manage your health — and share details with your doctor. •• Your car will know how you drive, who’s in the car with you and how you’re feeling. •• Your favorite café or retail store will recognize you — along with why you’re there — and send custom offers. •• Your refrigerator and pantry will make sure your smartphone knows what you need at the store — or go ahead and place the grocery order for you if you’re too busy to shop. •• Salespeople can use mobile devices to demo innovative products in any industry. •• You’ll be able to pay for public transit, file tax returns and report public safety issues on the go, thanks to embedded biometric sensors and yet-to-be-developed mobile innovations. OutlookII.1
  • 45. Page 6Page 6 Users will guide enterprise IT development in mobility. The challenge today, of course, is “most IT pros didn’t grow up in this era,” says Paul Evans, worldwide lead for Application Transformation Solutions at HP. “They are trying to understand shorter development times, shorter refresh cycles and better user experience where the bar is being constantly driven higher. It’s challenging, but it’s got to be addressed to set the stage for 2020.” Placing users at the center of a company’s mobility strategy cannot come at the expense of the data security. And with sensors everywhere — even in our bodies as transient electronics that dissolve into nothing when they’ve served their purpose8 — no strategy is complete without a Big Data context. Is user experience a nice-to-have or a requirement? John McCarthy, vice president, principal analyst, Forrester Research Watch now
  • 46. Page 7 “The key word for mobility 2020 must be engagement.” Paul Evans, worldwide lead, Application Transformation Solutions, HP Page 7 “The key word for mobility 2020 must be engagement,” says Evans. Your opinion of the Facebook mobile app, for example, most likely has more to do with your level of engagement in that social network than it does the app’s functionality. You might rate the app 7 out of 10 on just its features or usability. But if your sole criterion is engagement, it could earn a perfect. And think how attached you’d become to certain apps if they used the cloud as an engagement engine to touch other parts of your life. OutlookII.1 What role will nation-states play in the evolving threat landscape? Art Gilliland, senior vice president, Software Enterprise Security Products, HP Listen Now
  • 47. Page 8Page 8 “Mobile and cloud are two ends of the same thing, a totally new platform for business and consumer service innovation.” OutlookII.1 Frank Gens, senior vice president and chief analyst, IDC twitter: @fgens
  • 48. Mobile devices: The experience engines of the future Watch sensors in action as they cater to “Paolo’s” activities, habits and moods – even holding his hand as he prepares for a big dinner date Explore the three Auras above to see examples of sensors at work. Preparations: Devices bolster confidence Errands: Innovation eases shopping Dinner: Sensors remove stress To trigger this augmented reality experience, download the Aurasma Android or iPhone app. From the app, search for “HP Mobility.” Tap on the channel and then choose to Follow. When finished, tap the Viewfinder icon (bottom center) and frame each image above with your device. Outlook Page 9II.1
  • 49. Page 10Page 10 Discussion hub What are the greatest benefits that mobility will bring to the enterprise by 2020? Share your thoughts and help pave the path. “I can imagine that augmented reality concepts will be an integral part of the internet in 2020, which will be primarily used with mobile devices.” — Dennis Kruegel “The work week will change, and this will be driven by the mobile technology.” — Xani Gonzalez OutlookII.1 Join the conversation
  • 51. Page 12 Futuristic mobile devices get a lot of attention in the media. But, Jeff Edlund, CTO of HP’s Communications and Media Solutions division, takes issue with the often-singular focus on the gadgets themselves. “We are not meeting the primary need of the end user in regard to mobility,” Edlund says. “The process of mobility should be completely invisible. Yet every device requires you to think about how you’re going to connect. The end user still has to work too hard to obtain this nirvanic notion of mobility.” Mobile nirvana is, in fact, a world in which technologies are always engaging, adapting and helping humans, thanks to intimate knowledge of our habits, moods, locations and so on. We’re starting to see the trend manifest today, but by 2020, the user must sit squarely at the center of everything. “Imagine if you had, in the cloud, your own personal attendant, or avatar,” says Edlund. “This avatar is intelligent, and it has the ability to communicate across the host of devices in your mobile life. Regardless of what device you pick up, the avatar is the entity that provides a seamless experience.” II.2 The personal cloud What creates the perfect storm of cloud and mobile? John McCarthy, vice president, principal analyst, Forrester Research Watch now
  • 52. Add in the billions of sensors in everything from biomedical devices to smart buildings and vehicles to the 2020 versions of the Nike+ FuelBand or Fitbit, and a picture of the personal cloud emerges. Any mobile app on any given mobile device should recognize any given user. The collection, storage and analysis of all of this mobile- and sensor- generated Big Data will allow companies in every industry to better serve users. “The reason mobility plays such a key role (versus sitting at a desk using Chrome) is there is a much richer source of current context data — we can know where you are, what mood you’re in, if you’re in a hurry and so on,” says Neil Miles, mobility solution manager, HP. II.2 “The process of mobility should be completely invisible.” Jeff Edlund, CTO, Communications and Media Solutions, HP Twitter: @jedlundhp The personal cloud
  • 53. Source: Cisco, “Internet of Things”, July 2011 The Internet of Things will experience a continued growth spurt into the next decade The number of connected devices will double every five years, making the world’s population growth seem glacial in comparison 7.6Billion202020152010 World population 7.2Billion World population 6.8Billion World population 50Billion Connected devices 25Billion Connected devices 12.5Billion Connected devices Page 14II.2 The personal cloud
  • 54. Page 15II.2 Discussion hub When it comes to an engaging mobile experience, which is more important, the design of the device itself or the applications? Share your thoughts and help pave the path. “When UX is embraced by a corporation as an actual business strategy, your mobile application will be actively promoted engaged with.” — Albert Vargas “I would say that user experience with computing wins out and that is more all encompassing than one or the other components.” — Bryan Coapstick The personal cloud Join the conversation
  • 56. In 2013, a fork that monitors how much you eat or a toothbrush that beams reports about your oral hygiene to your dentist make for interesting water cooler conversation. But looking ahead to 2020, the benefits of the IoT and M2M communications offer little without systems to collect, store and analyze the data generated by smart devices and multiplying sensor networks. Not only that, says Edlund, when it comes to M2M, people may be getting excited about the wrong thing. “There will be a lot more revenue available if you can understand what the data means when it’s coming from a fleet of machines,” he says. Identifying geographic patterns of the incidence of disease from fleets of medical sensors, for instance, will be of innumerable value. II.3 Bigger data
  • 57. Page 18 The IoT is “the red-hot spot to be looking at if you’re a senior IT or business leader,” says Gens, who agrees with Edlund that the IoT and M2M are really about Big Data, which is “exactly the place where you want to have innovation discussions with the other line-of-business executives in your company, no matter what industry you’re in.” Gens reminds us that the size of the digital universe, which is about 8 zettabytes now, will approach 50 zettabytes by 2020.9 In the face of all this data pouring off us as individuals and, of course, devices, there’s likely to be pushback from folks whose movements and activities potentially could be tracked based on data from sensors they wear or otherwise interact with. This will push governments and enterprises to monitor how the data is used and — in the case of companies — prove that they are using the data responsibly.
  • 58. Page 19 “The IoT is the red-hot spot to be looking at if you’re a senior IT or business leader.” II.3 Bigger data Frank Gens, senior vice president and chief analyst, IDC twitter: @fgens
  • 59. Snapshot devices track drivers’ braking and speed patterns to inform insurance premiums Global Tracking reports teen activity to parents through a wearable GPS device Machine-generated data is estimated to reach 42 percent by 20202 Glowcaps prescription bottles contain wireless chips that send consumption data to doctors Third parties profit from machine-generated data Scenetap posts real-time data about the gender ratio, crowd size and age rangeat local hotspots Consumer privacy vs. Big Data Despite privacy concerns, individuals are quick to provide personal information1 1 IDC, “Digital Universe 2020,” December 2012 2 Rick Smolan and Jennifer Erwitt, “The Human Face of Big Data,” November 2012 2013 33% 2020 42% 2005 11% Individuals quick to volunteer information1 20 billion megabytes of data are generated by Google search every day 48 hours of video are uploaded to YouTube every minute 1 billion Tweets are sent every 72 hours by Twitter 35% of the world’s photos end up on Facebook Page 20II.3 Bigger data
  • 60. Page 21II.3 Discussion hub What do you think of grouping mobility, cloud, big data and social media? Share your thoughts and help pave the path. “Shifting the Big Data focus to enabling more automated business actions beyond just informing people of events of interest will have a big impact.” — Charles Bess “They are all one in the same when executed properly.” — Nicole Walker Bigger data Join the conversation
  • 62. Page 23 Mobile security in the enterprise will encompass not only the physical security of devices but also the data, systems and networks. “You’re going to have to think about how you manage things you don’t control — things like your employees’ or customers’ devices and apps,” says Gens, particularly considering that with 50 billion devices and sensor arrays, the attack surface in 2020 will be exponentially larger. Enterprises must ask, “How do I manage in a world where I can’t lock everything down?” Gens notes. Technology-wise, there are a number of ways to do this, says Boris Balacheff, HP Labs senior researcher. “We want the enterprise to be able to focus on who has access to what and under what conditions — without having to own and manage devices.” BYOD is a reality, Balacheff acknowledges, and IT teams are embracing it. But where security is top of mind, they still tend to take a “heavily managed” approach to BYOD, wherein users have their choice of devices but IT takes over management of devices to control what users have access to, and under what conditions, often resulting in constraints over how users can use their device.
  • 63. After all, BYOD is about allowing users to use their choice of device and apps. “Users expect to use a single device to do what they need to do online,” Balacheff says. “Our vision is to enable an organization to fully control who has access to its content, and under what security policies, without having to manage the devices themselves or constrain other uses the user may have for them.” II.4 Managing what you can’t secure “How do enterprises manage in a world where they can’t lock everything down?” Frank Gens, senior vice president and chief analyst, IDC twitter: @fgens
  • 64. Page 25II.4 Managing what you can’t secure “Our vision is to enable an organization to fully control who has access to its content, and under what security policies, without having to manage the devices themselves.” Boris Balacheff, senior researcher, HP Labs twitter: @hplabs
  • 65. 48% of mobile applications are currently susceptible to unauthorized access2 BYOD will only grow, with the number of devices per employee due to bypass 6 by 2020 77% of mobile apps are currently susceptible to information leakage2 Growing number of employee devices a threat to enterprise security Organizations are at the mercy of mobile applications and their persistent vulnerabilities Sources: Cisco Internet Business Solutions Group, “Internet of Things,” July 2011 HP, “2012 Cyber Risk Report,” February 2013 2012 2.3 devices1 3.4 devices 6.58 devices 2015 2020 Page 26II.4 Managing what you can’t secure
  • 66. Page 27 Discussion hub What changes will enterprises need to make to secure mobile data? Share your thoughts and help pave the path. “Security is a constantly evolving pheno- mena and a fear-based approach to it is inadequate, to say the least.” — Manjit “We need more comfortable tools and processes to ensure security.” — Thomas Abel II.4 Managing what you can’t secure Join the conversation
  • 68. Page 29 There are a host of business opportunities around mobility technologies, including increased agility and productivity, both of which feed a company’s innovation engine. But, as with any enterprise IT roadmap, your mobility strategy cannot exist in a vacuum. “Seventy percent of organizations have no mobile app strategy,”10 says Evans. “Instead, they are rushing headlong into the exploding world of apps.” Evans acknowledges the challenge IT faces, with constant pressure from the business to jump into mobility without first establishing a strategy. But a company can’t do one before the other, he says. “You have to run these things in parallel, continuously serving the business while continuously forming a strategy.” Put another way, while IT is keeping its old systems running, with its non- mobile front-ends, SaaS providers in their thousands are getting seed money and creating the engaging user experiences of the future. Unless IT How will businesses implement new systems of engagement? John McCarthy, vice president, principal analyst, Forrester Research Watch now
  • 69. embraces mobility, SaaS providers will go around IT departments and sell to the business, which has no problem choosing SaaS services without IT’s consultation, much less its blessing. Ultimately, Evans concludes, “it comes down to how creative you can be. What game-changing mobile services can you come up with?” II.5 Assessing enterprise mobility “Seventy percent of organizations have no mobile app strategy.” Paul Evans, worldwide lead, Application Transformation Solutions, HP
  • 70. Page 31 “It comes down to how creative you can be. What game-changing mobile services can you come up with?” Paul Evans, worldwide lead, Application Transformation Solutions, HP II.5 Assessing enterprise mobility
  • 72. Page 33 Today’s app developers, ops teams and security experts won’t necessarily be the same team that takes you into 2020 and puts your mobile strategy into practice. Instead, expertise in cloud technologies, mobile application development and life cycle management, user engagement, security, the IoT and M2M and Big Data analytics will be key. As discussed in the CIO 20/20 chapter, the members of your mobile team will need to take an active role in setting the innovation agenda. “To stage for 2020, IT executives need to be reinventing IT as an innovation platform for their enterprise,” says Gens. “They have to be in dialog with business executives thinking about what kind of new offerings they can help bring to market by leveraging mobile and cloud as a new baseline.” How can organizations increase their value through user experience? John McCarthy, vice president, principal analyst, Forrester Research Watch now
  • 73. Page 34 “To stage for 2020, IT executives need to be reinventing IT as an innovation platform for their enterprise.” II.6 Your mobility dream team Frank Gens, senior vice president and chief analyst, IDC twitter: @fgens
  • 74. Page 35 Discussion hub What can enterprises do today to ensure they have the right people on staff or as partners to prepare for the highly connected world of 2020? Share your thoughts and help pave the path. “Successful organizations need to have clear communications, clear roles and responsibilities and build in economies of scale wherever possible.” — Frances Spurlock “I don’t think ‘staffing’ is the issue, particularly. Instead, I would suggest that it’s more of a general ‘corporate attitude’ to view the world as more open.” — Karl Schulmeisters II.6 Your mobility dream team Join the conversation
  • 75. Page 36Page 36 1 Canalys, “Smart phones overtake client PCs in 2011,” February 2012. 2 Time Magazine, “Your Wireless Life,” August 15, 2012. 3 Ericsson, “More than 50 Billion Connected Devices,” February 2011. 4 Global Industry Analysts, “Enterprise Mobility: A Global Strategic Business Report,” September 2011. 5 IDC, IDC Predictions 2013: Competing on the 3rd Platform, Doc # 238044, Nov 2012. 6 Meeker, Mary, and Wu, Liang, Kleiner Perkins Caufield Byers, “2012 Internet Trends (Update),” May 2012. 7 GSMA, “GSMA Announces that India Will Become the World’s Second Largest Mobile Broadband Market Within Four Years,” April 2012. 8 Popular Science, “Transient Electronics Could Dissolve Inside Your Body,” September 27, 2012. 9 IDC, “The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in the Far East,” December 2012. 10 Pierre Audoin Consultants (PAC), “Enterprise Mobility, Market Trends and Implications for Software and IT Service Providers,” September 24, 2012 The views set forth in this publication are not necessarily those of Hewlett-Packard Company or its affiliates (HP), but are the collective views of contributors to this publication, some of which have been curated by HP. Because the content of this publication is future-looking, it, by definition, makes certain presuppositions and assumptions, some or all of which may or may not be realized. II.7 References