5. La Sicurezza nello Smarter Planet: Smart Security Source http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html Increasing Complexity Rising Costs Ensuring Compliance Key drivers for Smart Security Spending by U.S. companies on governance, risk and compliance will grow to $29.8 billion in 2010 The cost of a data breach increased to $204 per compromised customer record Soon, there will be 1 trillion connected devices in the world, constituting an “internet of things” People are becoming more and more reliant on security
9. IBM: gli approcci alla Sicurezza Integrata Top-Down : Business Driven Enterprise Security Governance How can my business effectively manage risks and ensure compliance with all security regulations? Bottom-Up : Technology Driven Design and Implementation of Security Solution How can I design and implement Security Solutions that address my organizational and technical requirements?
10. IBM Security Framework: portafoglio offerta Professional Security Services Products Cloud-based and managed services Identity and access management Mainframe security Virtual system security Database monitoring and protection Encryption and key lifecycle management App vulnerability scanning Access and entitlement Management Web application firewall Data loss prevention App source code scanning SOA security Intrusion prevention system Messaging security Data masking Infrastructure security E-mail security Application security Web/URL filtering Vulnerability assessment Firewall, IDS/IPS, MFS mgmt. Identity management Data security Access management GRC Physical security Security governance, risk and compliance SIEM and log management Web and URL filtering Security event management Threat assessment
11.
12. Gartner’s security risks of cloud computing Data Segregation Data Recovery Investigative Support Regulatory Compliance Data Location Privileged User Access Disaster Recovery Gartner: Assessing the Security Risks of Cloud Computing, June 2008 … map directly to the IBM Security Framework.
13. Nuovi Modelli di Business e Smart Security: Security By Design IBM helps make innovation real. IBM helps deliver new services faster. IBM helps reduce costs. Safely and Securely adopt new forms of technology and business models We believe that an IBM differentiator is our philosophy that clients have to build services that are “Secure by Design”, meaning that security is intrinsic to their business processes, their product development and daily operations. It is factored into the initial design, not bolted on after the fact. This allows them to securely and safely adopt new forms of technology. Cloud computing, virtualization, business models like tele-working and outsourcing, can be more safely leveraged for cost benefit, innovation and shorter time to market. Virtualization Tele Working Outsourcing Cloud Computing
14.
Notas do Editor
It’s a pleasure to be here today My role is to kick off the meeting and provide and overview of the IBM Security Strategy. I think throughout you will find two things to be true: 1. IBM has an incredibly comprehensive strategy to security and 2. we’ve done a pretty good job of keeping that a secret.
Our work with thousands of clients worldwide has taught us there are 3 key focus areas that drive security projects. Complexity Cost and, Compliance IBM’s vision and research for IT security aligns to these areas so we can help clients achieve maximum results:
This new magnitude of data and the new services using the data, raises privacy and safety concerns. Greater efficiency relies on better data, and often very sensitive data. Greater control relies on physical assets installed well outside of the data center or at consumer’s locations. This opens new avenues for criminals, new kinds of denial of service attacks.
IBM partecipa ad AIIC (Associazione Italiana Infrastrutture Critiche) AIPSa OSSIF ABI ANSSAIFF CLUSIT Rapporti con Ing. Luisa Franchina, Dir. Generale Segreteria Coordinamento Interministeriale per la Protezione delle Infrastrutture Critiche , Garante Privacy,... Il nuovo “ IBM Institute for Advanced Security” aiuterà le istituzioni pubbliche e private a migliorare i propri livelli di sicurezza e resiliency tramite ricerca, servizi, e tecnologie
IBM Confidential URL = Uniform resource locator SOA = Service-oriented architecture IDS/IPS = Intrusion detection systems/Intrusion prevention systems MFS = Multi-Function Security Note to presenter: The purpose of this slide is to highlight that IBM offers the breadth and depth – unlike any other vendor -- with our security portfolio. The intent is not to engage in a technical discussion at this point or try to cover all areas in detail.) IBM has a unique position in the market as an end-to-end security provider – we can address virtually any dimension of a secure infrastructure – and provide the services and consulting to help customers develop a strategic approach to their security challenges. Across our portfolio, we provide many capabilities that help customers solve a wide range of security problems completely and in the process result in cutting costs , reducing complexity, and assuring compliance . So depending on the types of security risks that are impacting your business, we can look more closely at how we can help address those issues. Just like we did for DTCC by helping them make their applications more secure. This slide shows the IBM security portfolio, which maps to the IBM Security Framework (represented by the icons shown on the left-hand side of this slide) and includes the areas of: People and identity Data and information Application and process Network, server and endpoint Physical infrastructure. IBM has been providing IT security for 30+ years. We have over 200 security references and more than 50 published case studies. No other company is in a better position to assess our clients’ security needs, provide solutions and ensure those solutions are successfully implemented . We offer over 40 services offerings and over 15 different products to address customers diverse security needs. The icons on the left-hand side of this slide map to the IBM Security Framework. Examples of how we work across IBM with products and services to provide the right security solutions for our customers needs. Consolidate identity management with IBM Tivoli® Identity Manager Work with multiple identity repositories with IBM Tivoli Federated Identity Manager Improve employee productivity with Tivoli Enterprise Single Sign On Protect data center media with STG tape encryption Protect data using IBM System z® encryption and Lotus Notes® encryption Find and remediate application vulnerabilities with IBM Rational® application scan Assure privacy compliance with IBM Rational Policy Tester Locate and remediate malware with ISS IPS Manage incidents with ISS X-Force Emergency Response Services
[Self-explanatory]
Smarter Planet also means to be smarter about these issues, to build security and privacy into the systems right from the beginning – secure by design. We believe that an IBM differentiator is our philosophy that clients have to build services that are “Secure by Design”, meaning that security is intrinsic to their business processes, their product development and daily operations. It is factored into the initial design, not bolted on after the fact. This allows them to securely and safely adopt new forms of technology. Cloud computing, virtualization, business models like tele-working and outsourcing, can be more safely leveraged for cost benefit, innovation and shorter time to market. We work directly with clients and business partners to seek, test and implement major breakthroughs in integrated hardware platforms, encryption techniques, risk analytics and security architecture We give clients the tools to scan, identify and prioritize Web application security risks in pre-production applications to help ensure the development of secure code IBM builds security technology into the fabric of the hardware, software applications and services we deliver. We have subject matter expertise to share Security is intrinsic to our IBM business processes, our product development and daily operations. It is factored into the initial design, not bolted on after the fact To ensure we execute on this philosophy of Secure by Design, IBM has a Security Architecture Board and a Security Executive Board