SlideShare uma empresa Scribd logo
1 de 27
Baixar para ler offline
Making  Security  Work—Implementing  a  
Transformational  Security  Program
Brent  Comstock
SCT06S
SECURITY
Group  Vice  President  – Identity,  Access  and  Data  Protection  Strategy
SunTrust  Banks
2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies.
The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type  
of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.  
For  Informational  Purposes  Only  
Terms  of  this  Presentation
3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Abstract
Recent  newsworthy  data  breaches  have  business  and  IT  leaders  asking,  “Are  we  
learning  from  the  mistakes  of  others?”    In  an  ever-­increasing  threat  environment,  
security  leaders  face  mounting  pressures  to  deliver  effective  security  capabilities  that  
protect  business  assets  while  balancing  budgets,  security  risks  and  regulatory  issues.
SunTrust  has  started  the  journey  of  transforming  security  capabilities.  This  session  will  
explore  the  driving  factors  that  resulted  in  SunTrust  re-­evaluating  its  identity,  access  and  
information  security  program.  Furthermore,  it  will  explore  the  key  inputs  and  building  
blocks  of  what  it  is  looking  to  establish  in  its  program  and  people,  processes  and  
technologies  that  will  be  required  to  achieve  this  vision.
Brent  
Comstock
SunTrust  Banks
Group  VP  -­
Identity,  Access  and  
Data  Protection  
Strategy
The  thoughts,  views  and  opinions  I  express  are  my  own.  None  of  these  statements  should  be  considered  to  represent  my  employer,  
SunTrust  Banks,  Inc.  in  any  way.
4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Why  I’m  Here  Today
THE  WEATHER  OUTSIDE  IS  FRIGHTFUL…
WE’RE  NOT  IN  KANSAS  ANYMORE
BREAK  THE  MOLD
THE  FORK  IN  THE  ROAD
FROM  THE  INSIDE  OUT
1
2
3
4
5
5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Weather  Outside  is  Frightful…
6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
*2017  Verizon  Data  Breach  Investigations  Report
Exploited  privileged  user  
accounts  are  the  common  
thread  of  most  data  breaches*
“Looking  back  at  the  breaches  that  have  happened  in  the  recent  past  and  looking  
ahead  to  GDPR,  ….  it’s  clear  that  security  continues  to  be  critically  important.”  
Mike  Gregoire,  Q2  2018  Earnings  Conference  Call,  October  25,  2017  
7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Problem:
There  are  large  numbers  of  users,  
environments  and  end  points  to  
patch,  secure  &  manage,  all  with  
changing  security  profiles  over  
time.  
The  work  load  is  overwhelming.
10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
After  CA  World,  You  Return  Home…
Enlightened…
Energized…
Enthused…
And  pretty  freaked  out!
11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
We’re  Not  in  Kansas  Anymore
12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
So  Where  Are  We?
13 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Break  The  Mold
14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
We  protect  what’s  
important  to  us.
How  we  provide  that  
protection  has  to  
change.
15 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
BREAK  THE  MOLD
16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Fork  in  the  Road
17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Level  of  effort?
Budget?
Time?
• Align  with  Significant  
Company  Initiatives
• Establish  Security  
capabilities  quickly
• “Fix”  existing  platforms
• Upgrade  
• Address  Process  gaps
Can  current  technology  and  processes  
be  adequately  improved?
18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
From  the  Inside  Out
19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
FORMULA
FOR  CHANGE
Discover	
  &	
  unlock	
  
WHY
Impact	
  Leadership
Execute	
  with	
  
Advocates
Organizational	
  Culture	
  
Change
20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
IAM  – Focus  &  Objectives
Creation  of  Identity  credentials,  knowledge  of  high  risks  assets  and  associated  Access  grants  &  controls  are  essential  to  
effective  Security  in  this  time  of  unprecedented  threats.  IAM  and  Data  Protection  capabilities  are  highly  interdependent.
Mitigate  enterprise  cyber  risks  and  transition  to  proactive  detection  of  control  failures  by  implementing  effective  capabilities &  
controls  for  access  to  company  assets:
Focus
Objectives
The  top  areas  of  IAM  focus  include:  a)  acquire  modern  identity  management  capabilities,  b)  gain  visibility  
into  movement  of  data  and  usage  of  cloud  services    c)  gain  insights  into  users'  
behavior  d)  define  roles  and  responsibilities  and  e)  adhere  to  regulatory  requirements
Ø Simplify,  standardize  and  automate  IAM  functions  across  the  enterprise  
Ø Utilize  asset  risk  scoring  to  focus  on  securing  highest  risk  assets  first
Ø Invest  in  people,  processes,  and  technologies  to  better  monitor  and  detect  malicious  activity
Ø Define  and  implement  roles  and  responsibilities  for  IAM  framework  execution  including  increased  
Business  engagement  and  accountability
Ø Secure  privileged  accounts:  servers,  databases,  applications,  domains,  devices,  service  accts  
Ø Integrate  user  behaviors  associated  with  access  and  data  movement  with  all  our  environments  to  detect  
threats  and  suspicious  behaviors
Ø Enhance  capabilities  to  secure  connections  &  data  movement  to  the  cloud  and  3rd parties
Discover	
  &	
  Unlock	
  
WHY
21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
IAM  &  Data  Protection  Scope  
Given  the  growth  of  cyber  threats,  the  value  of  the  data  and  transactions  that  we  protect  continues  to  increase.  We  must  evolve  
our  IAM  practices  to  include  deeper  partnership  and  a  “One  Team”  approach  for  “Modern  IAM”  that  is  much  more  intelligent,  
agile  and  transparent.  
Cloud  &  Emerging  Technologies  ‘Modern  IAM’  is  a  foundational  tenet  to  enable  the  
business  to  benefit  from  emerging  technologies  such  as  the  Cloud  and  Internet  of  Things  (IOT).  
Modern  IAM  capabilities  are  faster,  more  secure  and  more  efficient  in  transitioning  applications  
and  infrastructure  to  the  cloud.    
Asset  Type
Applications enable  business  functions  and  meet  access  risk  objectives  through  roles,  
entitlements,  and  permissions.  They  are  managed  by  traditional  IAM  solutions  and  are  the  
company  asset  type  that  have  the  most  mature  access  controls.
End  Users  and  Devices  are  at  the  center  of  business  functions.  Ease  of  use  must  be    
balanced  by  the  necessity  to  protect  company  assets.  The  increased  scale  from  the  growing  use  
of  mobile  devices  stretches  traditional  IAM  practices  and  capabilities.
Data is  stored  in  a  variety  of  formats  and  locations,  and  is  growing  rapidly.  This  growth  is  
compounded  by  End  User  compute  environments  (e.g.,  file  shares,  SharePoint)  which  are  not  
currently  managed  and  protected  using  traditional  IAM  practices  and  capabilities.
Big  Data  (i.e.  Atlas  Data  Lake)  environments  combine  data  from  numerous  sources.  The  
complexity  of  defining  access  permissions  to  voluminous,  diverse,  and  sensitive  information  
environments  is  not  scalable  using  currently  available  IAM  access  models  and  technology.
IAM  Scope
Impact	
  Leadership
22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Why  Are  Advocates  Essential?
§ With  limited  resources  and  reach,  
you  can  tap  into  the  energy  of  passionate  
employees.  They  have  knowledge  and  
insight
§ These  employees  become  the  eyes  and  
ears  on  the  ground  and  help  to  drive  
change  from  within  their  teams
§ This  feeling  of  ownership,  responsibility  
and  influence  creates  engagement  
across  the  organization
§ By  building  direct  relationships  with  different  
parts  of  the  business,  you  can  find  out  so  much  
more  through  two  way  communications
§ By  keeping  our  advocates  informed  of  the  
latest  news  and  views  around  security  –
you  make  them  smarter  and  also  by  proxy  –
their  teams  too!
Security  is  a  team  sport…engage  the  
rest  of  the  team
Execute	
  With	
  
Advocates
23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Analytics  Enablement
• Facilitate  Onboarding  &  Data  Access
• Document  &  Maintain  Role  Definition  
• Request  Data  Group  Setup
Provisioning  
Facilitator
Data  Lake  Domain  
Work  Area  (Zone  2)
Domain  
Role  
Security    
Group
Data  
Asset
Data  
Asset
Data  
Asset
Domain  
Users
Domain  Team  
Manager
• “Owns”  Domain
• Requests  New  Domain  Roles
• Designate  Role  Champion
• Develop  Data  Source  Access  Requirements  *
Domain  
Owner
Domain  Role  Owner
• Approve  User  Access  to  Role
• Attest  to  Role  and  User  Access  Annually
• Validation  of  Role  Data  Source  Access  Annually
Role  
Champion
Source  Data  Owner(s)
• Approve  Role  Creation
• Approve  Data  (not  user)  Access  for  Role
Data  Access  
Owner
Data  Management  
Manager  or  Analyst
• Identify  &  Validate  Sensitive  Data  for  Data  SourcesData  SME
Data  Lake  Operations
• Configure  user  on  Data  Lake
• Configure  data  access
Data  Lake
Setup
Security  
Team  Tasks
Organizational	
  Culture	
  
Change
Engage  the  Team  (Example)
24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
None  of  us  
is  as  smart  
as  all  of  us.
People  cannot  
help  but  resist  
change.  
It’s  in  our  DNA  to  want  to  
remain  with  known  
approaches.
Those  who  resist  improved  
security  aren’t  crazy,  they’re  
human.
Landing  the  Plane
“People  don’t  
buy  what  you  
do,  they  buy  
why  you  do  it.”
SIMON  SINEK
No  one  can  tell  us  what  
“right”  looks  like,  because  of  
experience  &  perspectives.
Your  Advocates  will  help  fuel  
the  cultural  change.  
Empower  them.
25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Questions?
26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Stay  connected  at  communities.ca.com
Thank  you.
27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Security
For  more  information  on  Security,
please  visit:  http://cainc.to/CAW17-­Security

Mais conteúdo relacionado

Mais procurados

Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinarZscaler
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why Flexera
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed SecurityDarryl Santa
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformationCloudflare
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security:  Can you afford not to switch?Cloud vs. On-Premises Security:  Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!CA Technologies
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Dan Hollinger
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureGoing Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureCloudflare
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudZscaler
 

Mais procurados (20)

Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security:  Can you afford not to switch?Cloud vs. On-Premises Security:  Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureGoing Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking Infrastructure
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 

Semelhante a Making Security Work—Implementing a Transformational Security Program

NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用Amazon Web Services
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAVeritas Technologies LLC
 
Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Andreas M. Oswald
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – DataFujitsu Middle East
 
How to Enhance Your Application Security Strategy with F5 on AWS
 How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWSAmazon Web Services
 

Semelhante a Making Security Work—Implementing a Transformational Security Program (20)

NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix Pitch
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
 
Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
 
Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732
 
How to Enhance Your Application Security Strategy with F5 on AWS
 How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS
 

Mais de CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and RiskCA Technologies
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.CA Technologies
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...CA Technologies
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...CA Technologies
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...CA Technologies
 

Mais de CA Technologies (17)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
 

Último

UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Juan Carlos Gonzalez
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 

Último (20)

UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 

Making Security Work—Implementing a Transformational Security Program

  • 1. Making  Security  Work—Implementing  a   Transformational  Security  Program Brent  Comstock SCT06S SECURITY Group  Vice  President  – Identity,  Access  and  Data  Protection  Strategy SunTrust  Banks
  • 2. 2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies. The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type   of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.   For  Informational  Purposes  Only   Terms  of  this  Presentation
  • 3. 3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Abstract Recent  newsworthy  data  breaches  have  business  and  IT  leaders  asking,  “Are  we   learning  from  the  mistakes  of  others?”    In  an  ever-­increasing  threat  environment,   security  leaders  face  mounting  pressures  to  deliver  effective  security  capabilities  that   protect  business  assets  while  balancing  budgets,  security  risks  and  regulatory  issues. SunTrust  has  started  the  journey  of  transforming  security  capabilities.  This  session  will   explore  the  driving  factors  that  resulted  in  SunTrust  re-­evaluating  its  identity,  access  and   information  security  program.  Furthermore,  it  will  explore  the  key  inputs  and  building   blocks  of  what  it  is  looking  to  establish  in  its  program  and  people,  processes  and   technologies  that  will  be  required  to  achieve  this  vision. Brent   Comstock SunTrust  Banks Group  VP  -­ Identity,  Access  and   Data  Protection   Strategy The  thoughts,  views  and  opinions  I  express  are  my  own.  None  of  these  statements  should  be  considered  to  represent  my  employer,   SunTrust  Banks,  Inc.  in  any  way.
  • 4. 4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Why  I’m  Here  Today THE  WEATHER  OUTSIDE  IS  FRIGHTFUL… WE’RE  NOT  IN  KANSAS  ANYMORE BREAK  THE  MOLD THE  FORK  IN  THE  ROAD FROM  THE  INSIDE  OUT 1 2 3 4 5
  • 5. 5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Weather  Outside  is  Frightful…
  • 6. 6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS *2017  Verizon  Data  Breach  Investigations  Report Exploited  privileged  user   accounts  are  the  common   thread  of  most  data  breaches* “Looking  back  at  the  breaches  that  have  happened  in  the  recent  past  and  looking   ahead  to  GDPR,  ….  it’s  clear  that  security  continues  to  be  critically  important.”   Mike  Gregoire,  Q2  2018  Earnings  Conference  Call,  October  25,  2017  
  • 7. 7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
  • 8. 8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
  • 9. 9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Problem: There  are  large  numbers  of  users,   environments  and  end  points  to   patch,  secure  &  manage,  all  with   changing  security  profiles  over   time.   The  work  load  is  overwhelming.
  • 10. 10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS After  CA  World,  You  Return  Home… Enlightened… Energized… Enthused… And  pretty  freaked  out!
  • 11. 11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS We’re  Not  in  Kansas  Anymore
  • 12. 12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS So  Where  Are  We?
  • 13. 13 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Break  The  Mold
  • 14. 14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS We  protect  what’s   important  to  us. How  we  provide  that   protection  has  to   change.
  • 15. 15 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BREAK  THE  MOLD
  • 16. 16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Fork  in  the  Road
  • 17. 17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Level  of  effort? Budget? Time? • Align  with  Significant   Company  Initiatives • Establish  Security   capabilities  quickly • “Fix”  existing  platforms • Upgrade   • Address  Process  gaps Can  current  technology  and  processes   be  adequately  improved?
  • 18. 18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS From  the  Inside  Out
  • 19. 19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS FORMULA FOR  CHANGE Discover  &  unlock   WHY Impact  Leadership Execute  with   Advocates Organizational  Culture   Change
  • 20. 20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS IAM  – Focus  &  Objectives Creation  of  Identity  credentials,  knowledge  of  high  risks  assets  and  associated  Access  grants  &  controls  are  essential  to   effective  Security  in  this  time  of  unprecedented  threats.  IAM  and  Data  Protection  capabilities  are  highly  interdependent. Mitigate  enterprise  cyber  risks  and  transition  to  proactive  detection  of  control  failures  by  implementing  effective  capabilities &   controls  for  access  to  company  assets: Focus Objectives The  top  areas  of  IAM  focus  include:  a)  acquire  modern  identity  management  capabilities,  b)  gain  visibility   into  movement  of  data  and  usage  of  cloud  services    c)  gain  insights  into  users'   behavior  d)  define  roles  and  responsibilities  and  e)  adhere  to  regulatory  requirements Ø Simplify,  standardize  and  automate  IAM  functions  across  the  enterprise   Ø Utilize  asset  risk  scoring  to  focus  on  securing  highest  risk  assets  first Ø Invest  in  people,  processes,  and  technologies  to  better  monitor  and  detect  malicious  activity Ø Define  and  implement  roles  and  responsibilities  for  IAM  framework  execution  including  increased   Business  engagement  and  accountability Ø Secure  privileged  accounts:  servers,  databases,  applications,  domains,  devices,  service  accts   Ø Integrate  user  behaviors  associated  with  access  and  data  movement  with  all  our  environments  to  detect   threats  and  suspicious  behaviors Ø Enhance  capabilities  to  secure  connections  &  data  movement  to  the  cloud  and  3rd parties Discover  &  Unlock   WHY
  • 21. 21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS IAM  &  Data  Protection  Scope   Given  the  growth  of  cyber  threats,  the  value  of  the  data  and  transactions  that  we  protect  continues  to  increase.  We  must  evolve   our  IAM  practices  to  include  deeper  partnership  and  a  “One  Team”  approach  for  “Modern  IAM”  that  is  much  more  intelligent,   agile  and  transparent.   Cloud  &  Emerging  Technologies  ‘Modern  IAM’  is  a  foundational  tenet  to  enable  the   business  to  benefit  from  emerging  technologies  such  as  the  Cloud  and  Internet  of  Things  (IOT).   Modern  IAM  capabilities  are  faster,  more  secure  and  more  efficient  in  transitioning  applications   and  infrastructure  to  the  cloud.     Asset  Type Applications enable  business  functions  and  meet  access  risk  objectives  through  roles,   entitlements,  and  permissions.  They  are  managed  by  traditional  IAM  solutions  and  are  the   company  asset  type  that  have  the  most  mature  access  controls. End  Users  and  Devices  are  at  the  center  of  business  functions.  Ease  of  use  must  be     balanced  by  the  necessity  to  protect  company  assets.  The  increased  scale  from  the  growing  use   of  mobile  devices  stretches  traditional  IAM  practices  and  capabilities. Data is  stored  in  a  variety  of  formats  and  locations,  and  is  growing  rapidly.  This  growth  is   compounded  by  End  User  compute  environments  (e.g.,  file  shares,  SharePoint)  which  are  not   currently  managed  and  protected  using  traditional  IAM  practices  and  capabilities. Big  Data  (i.e.  Atlas  Data  Lake)  environments  combine  data  from  numerous  sources.  The   complexity  of  defining  access  permissions  to  voluminous,  diverse,  and  sensitive  information   environments  is  not  scalable  using  currently  available  IAM  access  models  and  technology. IAM  Scope Impact  Leadership
  • 22. 22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Why  Are  Advocates  Essential? § With  limited  resources  and  reach,   you  can  tap  into  the  energy  of  passionate   employees.  They  have  knowledge  and   insight § These  employees  become  the  eyes  and   ears  on  the  ground  and  help  to  drive   change  from  within  their  teams § This  feeling  of  ownership,  responsibility   and  influence  creates  engagement   across  the  organization § By  building  direct  relationships  with  different   parts  of  the  business,  you  can  find  out  so  much   more  through  two  way  communications § By  keeping  our  advocates  informed  of  the   latest  news  and  views  around  security  – you  make  them  smarter  and  also  by  proxy  – their  teams  too! Security  is  a  team  sport…engage  the   rest  of  the  team Execute  With   Advocates
  • 23. 23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Analytics  Enablement • Facilitate  Onboarding  &  Data  Access • Document  &  Maintain  Role  Definition   • Request  Data  Group  Setup Provisioning   Facilitator Data  Lake  Domain   Work  Area  (Zone  2) Domain   Role   Security     Group Data   Asset Data   Asset Data   Asset Domain   Users Domain  Team   Manager • “Owns”  Domain • Requests  New  Domain  Roles • Designate  Role  Champion • Develop  Data  Source  Access  Requirements  * Domain   Owner Domain  Role  Owner • Approve  User  Access  to  Role • Attest  to  Role  and  User  Access  Annually • Validation  of  Role  Data  Source  Access  Annually Role   Champion Source  Data  Owner(s) • Approve  Role  Creation • Approve  Data  (not  user)  Access  for  Role Data  Access   Owner Data  Management   Manager  or  Analyst • Identify  &  Validate  Sensitive  Data  for  Data  SourcesData  SME Data  Lake  Operations • Configure  user  on  Data  Lake • Configure  data  access Data  Lake Setup Security   Team  Tasks Organizational  Culture   Change Engage  the  Team  (Example)
  • 24. 24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS None  of  us   is  as  smart   as  all  of  us. People  cannot   help  but  resist   change.   It’s  in  our  DNA  to  want  to   remain  with  known   approaches. Those  who  resist  improved   security  aren’t  crazy,  they’re   human. Landing  the  Plane “People  don’t   buy  what  you   do,  they  buy   why  you  do  it.” SIMON  SINEK No  one  can  tell  us  what   “right”  looks  like,  because  of   experience  &  perspectives. Your  Advocates  will  help  fuel   the  cultural  change.   Empower  them.
  • 25. 25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Questions?
  • 26. 26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Stay  connected  at  communities.ca.com Thank  you.
  • 27. 27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Security For  more  information  on  Security, please  visit:  http://cainc.to/CAW17-­Security