Archive EventsPhysical

IBM – CMR Security Vision Tour 2012


Changed threat perceptions for the ‘borderless’ enterpriseThe modern business enterprise runs advanced IT infrastructure and applications to connect employees, business partners and customers, very often in real time. This enables stakeholders to connect seamlessly and collaborate on a range of processes from product design and engineering, marketing and distribution to order processing, delivery, installation, user training et al.However, with this new ‘connectedness’ comes the challenge of increased security threats from cyber attacks in the shape of:
    • Identity theft, fraud, extortion
    • Malware, pharming, whaling, phishing, spamming, spoofing, spyware, Trojans and viruses
    • Stolen hardware, such as laptops or mobile devices
    • Denial-of-service and distributed denial-of-service attacks
    • Breach of access
    • Password sniffing
    • System infiltration
    • Website defacement
    • Private and public Web browser exploits
    • Instant messaging abuse
    • Intellectual property (IP) theft or unauthorized access
    • Targeted Advanced Persistent Threats (APT)  
              and many more…

CIOs, along with security and compliance teams, are often responsible for managing risk across the enterprise IT environment while taking steps to be sure that the business is being served appropriately. The disruptive forces of cloud computing, social media, and mobility are all hitting CIOs at the same time, introducing a broad, new set of risks and security challenges.

This rapidly evolving enterprise technology environment makes it more important than ever for CIOs to get a handle on what the real risks are within ones IT ecosystem. The problem is made more complex by the sheer volume — and value — of data, both structured and unstructured, that is produced by one’s organization’s business processes and relied upon for much of the company’s decision-making practices.

Malware and hacking attacks that steal e-mail contacts, passwords and other personal information are passe. A new, more insidious type of attack, one that preys on the entire corporate network, either to bring it down completely or work slowly to pilfer valuable business data, contacts or customer information is becoming widely prevalent.

So the challenge for many organizations remains one of dispelling the idea that IT security is just another technology support function but is something that has to be designed to protect the whole enterprise. This involves being able to communicate to the business that the cyber-threat is a real and present danger to the organization. It is also important because many organizations are moving to outsourced IT or the Cloud and this brings additional IT security challenges.

The increasing trend towards BYOD and the proliferation of tablets and other end user devices that can be connected to the corporate network has increased the risks of data loss.

Traditionally within information security, internal threats have always been touted as the greatest threat an organization should focus on. However, increased attention around external threats and high profile breaches combined with both the customer and business units increased expectations around information protection have shifted the focus towards the external threat.

With this increased focus around the external threat, it has been observed that focus is shifting towards risk management. Moving forward, organizations are expected to spend more on reduction of potential future risk, and less on mitigation of current threats. Given the dynamic nature of the challenge, measuring the state of security within an organization and knowing where one is, is increasingly important.

In such a scenario how should a CIO / CISO plan out his / her security strategy? For starters, he /she would be well advised to have a holistic, enterprisewide view of IT security management rather than low level, end-point threat protection alone. The rationale behind this approach is that threats to organizations are both targeted and persistent. If the threat is blocked in one way the attacker will continue to look for other approaches that bypass the block. Therefore, a behavioural analysis of events to glean what is happening around and inside the organization’s network and systems is a better indicator of an imminent attack, rather than monitoring an attack in progress. The former, proactive approach often provides the much needed security intelligence to counter threats and minimize risk over a sustained time horizon.

In summary the risk of cyber-threats to enterprises is on the rise, and it is clear that IT security professionals need to do a better job of explaining these risks in clear business terms.

Four Key Questions for the Enterprise CIO / CISO

According to CMR, in this scenario, few key questions that every CIO (Chief Information Officer) / CISO (Chief Information Security Officer) needs to continuously evaluate and answer are:
  • How can CIOs raise the priority of information security in management’s eyes?
  • Is your CEO / executive board aware of the potential damage to reputation and loss of business that can result were your entire network or corporate website to go down for 24 hours?
  • Is your IT infrastructure adequately protected against the increasing frequency, number and complexity of cyber attacks?
  • How can one improve the deployment of IT risk-management resources and develop proactive, cost-effective solutions to identify and manage the real risks without impacting the business?
Need of the Hour! Solutions to combat current security threats, anticipate and mitigate overall enterprise risk

While we all know the benefits of cloud, virtualization and mobility for governments and business enterprises, legacy and static defences are inadequate in today’s complex and fast-paced world.

According to CMR (CyberMedia Research) organizations need to implement solutions, processes and risk management techniques that are environment-aware, require less human intervention and are able to anticipate potential threats likely to emerge in future. IT and business leaders of progressive organizations recognize that the right mix of policies, processes, people and technology, together play a vital role in proactively protecting information infrastructure, sensitive assets and data which is the lifeline of any business today.

IRM, SIEM, anti phishing and anti malware as a service, cyber intelligence, host based, network and cloud security and forensics etc. are new ways to mitigate and deal with cyber attacks and threats.

Therefore, it is clear that enterprises need to build a security architecture that can respond to today’s as well as envisaged future threats specific to their organization and business domain.
1900 Registration with light refreshments
1915 Welcome Keynote & Introducing Agenda
Apalak Ghosh, Lead Consultant, Emerging Technologies Practice, CMR
1930 IBM CISO Report & X-Force Report Overview
Brendan Hannigan, General Manager, Security Systems Division, IBM
2000 Panel Discussion cum Q&A – All invited guest & speakers
Moderated by Apalak Ghosh, CMR
2045 Vote of Thanks followed Networking Cocktails & Dinner
IBM is a global technology and innovation company that stands for progress. With operations in over 170 countries, IBMers around the world invent and integrate hardware, software and services to help forward-thinking enterprises, institutions and people everywhere succeed in building a smarter planet.IBM has been present in India since 1992. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, uniquely distinguishes IBM India from other companies in the industry.IBM India’s solutions and services span all major industries including financial services, healthcare, government, automotive, telecommunications and education, among others. As a trusted partner with wide-ranging service capabilities, IBM helps clients transform and succeed in challenging circumstances.IBM has been expanding its footprint in India – and has a presence in over 200 cities and towns across the country – either directly or through its strong business partner network. IBM India has clearly established itself as one of the leaders in the Indian Information Technology (IT) Industry – and continues to transform itself to align with global markets and geographies to grow this leadership position. Widely recognised as an employer of choice, IBM holds numerous awards for its industry-leading employment practices and policies.
 Brendan Hannigan General Manager – IBM Security Division Brendan Hannigan is General Manager of the IBM Security Systems Division in the IBM Software Group; he brings more than 25 years of industry experience to his role. Previously, Mr. Hannigan was the president and chief executive officer of Q1 Labs, the acquisition of which catalyzed the creation of the Security Systems Division. This division brings together many capabilities across IBM to respond to the market need for sophisticated, comprehensive and integrated approaches to enterprise security.   Mr. Hannigan held a number of positions at Q1 Labs: he joined the company in November 2003 as vice president of marketing; was promoted to executive vice president of marketing and product engineering in March 2004; was named chief operating officer (COO) in April 2006; became president and COO in December 2007; and finally became chief executive officer in 2011.   Prior to Q1 Labs, Mr. Hannigan was vice president of marketing and technology at Sockeye Networks; director of network research at Forrester Research; and served in a variety of senior-level product development roles at Digital Equipment Corporation, Wellfleet Communications, and Motorola. Mr. Hannigan has a Computer Science degree with honors from University College Dublin, Ireland.
Apalak Ghosh Manager, Research and Consulting, Emerging Technologies, Software & IT Services Research CMR Infotech Practice Apalak is a lead analyst with CMR’s software and IT services research practice, based out of Gurgaon (near New Delhi). In this role, Apalak is responsible for overseeing development of reports, carrying out in-depth market assessments and forecasts on new and emerging technologies like Cloud Computing, Virtualization, Green IT, Data Center adoption amongst others. Apalak has led new research initiatives to study adoption of Cloud Computing and Virtualization amongst Indian enterprises. He is frequently quoted in the media on the subject of Cloud Computing and Data Centers on popular TV channels such as NDTV and in leading business publications such as The Economic Times and The Hindu Businessline. He also writes a blog on the theme of Green IT/Virtualization/Cloud Computing. In this capacity he carries forward his rich experience as Manager, Software and Services Research and Consulting Practice, IDC India.   Prior to his current role, Apalak has worked with TNS India as a research analyst for two years, before which he was with TransAsia Solution Seekers, Indonesia as a consultant for a year. His experience spans across key research areas such as brand tracking, product / concept testing, quantitative and qualitative research, and consulting. He has a rich exposure to research techniques such as face-to-face and telephonic interviews, profiling and discussions with stakeholders across diverse industry verticals such as IT and Telecom, Consumer Packaged Goods and Automotive.   Apalak completed his Master’s program in Business Administration from the ICFAI Business School, Bangalore, specialising in Marketing. Apalak also holds a Bachelor’s degree in Computer Engineering from the Birla Institute of Technology (BIT), Ranchi capital of the eastern Indian state of Jharkhand.
Registration is Closed

Leave a Reply

Your email address will not be published. Required fields are marked *