As one of the most forward thinking critical infrastructure companies in the UK, SGN is blazing a trail by becoming the first UK critical infrastructure company to run 100% in the cloud and using innovative IoT technologies to revolutionize the management of gas pipelines. To manage the risk, SGN embarked on a mission to shape the attack path of intruders. In this session, Mo Ahddoud, CISO at SGN will share how he used a technique called attack path mapping to put privileged access at the center of SGN's digital transformation.
For more information on Security, please visit: http://cainc.to/CAW17-Security
5. 5
Who
Are
SGN?
• 5.0bn RAV
(March
2016)
• 74,000km network
length
• 5.9million customers
• c4500 FTEs
employees
• 1.1bn revenues
(2015/16)
• 15,907 new
connections
2015/16
• 139TWh energy
distributed
• 960km pipes
replaced
in 2015/16
6. 6
Digital
Transformation
Change -‐ a
measurable,
physical
difference.
Transformation – an
extreme
radical,
change
that
drives
an
organisation
in
a
new
direction
and
takes
it
to
an
entirely
different
functional
level.
• Internet
of
Things
• Customer
Experience
• Digital
Workforce
• Cloud
First
8. 8
Our
Business
Strategy
• Reduced
totex
• Increased
agility
• Resilience
availability
• New
innovation
• Improved
Security
Devolution
of
IT
TAKE “IT” OFF OF THE
CRITICAL PATH
10. 10
• Unpatched
systems
• Fragmented
solution
• Obsolete
technology
• Convoluted
value
chain
Business
Complexity
11. 11
Attack
Path
Mapping
• Prioritise
on
likely
attack
paths
• Ensure
you
can
detect
• Reduce
the
network
footprint
Internal
Phishing
Accessing
User
Mailbox
Accessing
Internal
Apps
Access
File
share
12. 12
The
heart
of
our
security
strategy
Privileged
Access
Management
Virtual Datacentre Build
Datacentre
Security
Testing
Cloud
Monitoring
ServiceNow
PPM and Cloud
Management
Cloud Networking
and Security
Integration & API
catalogue
Cloud
Sign-on
Application Migration
Application
Discovery Due
Diligence
Operational Model Service Transition and Support
Cloud
Programme
Management
and support
Delivery
Framework
Definition
Architecture
Governance
Procurement
and
Commercials
Office 365
Technical
Migration
Office 365
Business
Migration
Automated Testing
CA Privileged
Access Manager
13. 13
• Ticket
Authorisation
• Timebound
• Remove
Passwords
• Audit
and
Verify
Protecting
Apps
and
Data
Amazon
Web
Services