1. Information Protection in Today’s
Changing Mobile and Cloud
Environments
Art Gilliland, Sr. Vice President
Symantec, Information Security Group
Session ID: SPO1-107
Session Classification:
4. Specialization of Skills and Professionalization
1. Recon: Know your Targets
2. Incursion: Gain Access
3. Discovery: Create a Map to the Asset
4. Capture: Take Control of the Asset
5. Exfiltrate: Steal or Destroy Asset
4
5. Actors Brought Together by Market Forces
State Nation
Government
Sponsored
Attackers
Malicious Outsiders
Insiders
Malicious and
Non-Malicious
Hack-tivists
Hacking for a
Cause
Cyber Criminals
Hacking for Profit
5
6. The Transition From Individual Actors to A
Systemic Market Driven Adversary
Insider
Attacker
(Malicious and Cyber
APT (Malicious Hack-tivist State Nation
Non- Criminals
Outsider)
malicious)
Social
Insider Espionage /
RECON Free Scanners Networks / Data Mining
Knowledge Collusion
Google
Attack Kits / Tailored
Basic Scripts Privileged Social
INCURSION Malcode / Bots Malcode /
/MetaSploit Access Engineering
/ Affiliates 0-Day
Targets of
Random Asset Targets of Targets of
DISCOVERY Chance /
Targeting Awareness Chance Choice
Choice
Media Worthy High Value IP /
Visible / Monetized
CAPTURE Critical Assets Asset or Government
Low Value Assets
Access Secrets
Gain /
Tagging and Theft and DDoS, Theft Fraud and Maintain
EXFILTRATE
Damage Damage and Damage Financial Gain Strategic
Advantage
7. Fundamental Shifts Adding to Business Risk
EVOLVING
INFRASTRUCTURE
CHALLENGING
THREAT LANDSCAPE INCREASING
COMPLEXITY
Social
Engineering
Targeted Compliance
Attacks Advanced Requirements
Technology
7
8. Additional Access and Delivery Models Creates
New Security Challenges
49.5% Cloud/SaaS Based
21% 28%
SaaS
Corp Owned Devices Personal Devices
Delivery Platform
Saas and Cloud Services SaaS and Cloud Services
22%
Corp Owned Devices
29%
Personal Devices
Corporate
Controlled Data Center Controlled Data Center 56.8%
End User
Owned
Devices
Corporate-Owned Personally-Owned
Devices
8
9. A New Defense in Depth:
Infrastructure Independent and Adversary Focused
Required Capability
Strong security awareness, counter intelligence
1. Recon
Continuous enforcement of controls according to risk policy
2. Incursion (mgmt and protection)
Actively monitor infrastructure, information and users
3. Discovery
Control unusual internal movement and access of
4. Capture sensitive data
Defined response plan, forensics, damage mitigation
5. Exfiltrate strategy and information recovery
9 9
10. Required Shifts To Drive Success In The New
Model
RISK INFORMATION PEOPLE
Risk defined by Policy on the Authenticated
business relevant information access
assets Business access and Monitor for normal
Contextual Security flexibility behavior
Intelligence Extend past Systematically
Prioritized Actions enterprise define ownership
boundaries and rights
NEW SECURITY CONTROL POINT
1
0
10
11. Accenture Overview
Who is Accenture?
• A global management consulting, technology services and
outsourcing company.
• Combining unparalleled experience, comprehensive capabilities
across all industries and business functions and extensive research
on the world’s most successful companies, Accenture collaborates
with clients to help them become high performance businesses and
governments
Quick Facts
• Net Revenues: US$25.5 billion for fiscal 2011 (12 months ended Aug. 31,
2011)
• Exchange/Ticker: NYSE / ACN
• Index Memberships: S&P 500, Russell 1000® Index, Fortune Global 500
• Employees: More than 244,000
• Global Reach: Offices and operations in more than 200 cities in 54 countries
• Geographic Regions: Americas, Asia Pacific , Europe / Middle East / Africa
(EMEA)
11
13. Accenture – Unique Challenges
INFORMATION CENTRIC BUSINESS
LARGE DIVERSE GLOBAL WORKFORCE
• Different Modes of Work
• Device Explosion
• Highly Mobile
DIVERSE SECURITY REQUIREMENTS
• Industry
• Geography
RAPIDLY EVOLVING
13
14. How to Apply What You Have Learned Today
In the first three months following this presentation
you should:
Develop a plan to identify your organizations sensitive
information
Evaluate readiness across each capability
Prepare a breach response plan
Within six months you should:
Build a capability development plan
14