trends in infrastructure services
DESCRIPTION
Summit 2012 -Shahar MaorTRANSCRIPT
STKI Summit 2012
Trends In
Infrastructure Services
Tell me and I’ll forget Show me and I may remember Involve me and I’ll understand
Shahar Geiger Maor,
VP & Senior Analyst
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization
2
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Network Security
Firewalls I P S N A C
Data Security
D L P Information Laundering
Application Security
W A F Web Security Gateway
Secure Browsing
TaldorSource:
End-To-End Security Project
3
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
TEAMS Project (A3)
4 Team-MalamSource:
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The New Training Center-IDF
Source: Bynet 5
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization -Networking
6
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
STKI Index-2011 –Top Networking Queries
Data, 29%
Market Players, 22%
Collaboration, 27%
Trends, 9%
ADC, 4%
Mobile, 4%
Misc., 4%
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
Source: http://i.imgur.com/l371J.jpg
IPv6
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 9
Internet Protocol Version 6 (IPv6)
You are here
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
IPv6 Market Status
• Large orgs., cloud service providers, US government –All support IPv6.
• IT: All major hardware and software providers support IPv6.
• Israel:
IPv6 Awareness Sector
/ Service Providers
/ Telecommunications
/ Global Organizations
Other Organizations
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 11
Almost All Agree: IPv6 Is Critical
http://www.computerworld.com.au/slideshow/395230/most_enterprises_will_ipv6_by_2013_survey/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
IPv6 Recommendations
1. Awareness, awareness, awareness 2. Basic (internal IT) gap analysis 3. Executives’ awareness 4. Thorough gap analysis
(professional services) and migration plan
5. POC (taste the flavor of IPv6). 6. Future system design and purchase
–IPv6 enabled
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization –Data Networking
13
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
Pressure!!!
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
Key Drivers For Network Transformation
• Server virtualization
• Storage Convergence
• East-west traffic patterns
• Growth of VMs and “server sprawl” management
Fabric (ˈfa-brik) n. An integrated data center network that supports servers, storage, appliances and switches on a large scale. It provides a simple way to reach everything in the data center using location-independent, Layer 2 addressing that creates a flat network among components. It borrows features from routed network including dynamically selecting the shortest and best route for connections, converges very quickly when the network changes, uses all the links in the network and efficiently handles broadcast and multicast traffic. It has high reliability with very fast convergence when a failure occurs. It minimizes packet discards or is lossless and has extremely low end-to-end latency. It automatically adjusts and applies the right configuration to whatever devices connect to it. Also called Ethernet Fabric and Data Center Fabric. -Robin Layland
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Changes In Technology Are Making Server-to-server Traffic “The” Network Issue
Application Web 2.0
SOA
SAAS
Client – Server Architecture Service Oriented Architecture
Server Server
Server
Server
Server
Server
95% 25%
Client
A
D
C B
DB
A
D
C B
DB
75%
Source: Juniper Networks 16
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Today’s Network Architectures Can’t Keep Pace
17 Source: HP Networking
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Distributed Intelligence Details
• Today, access to the network lives in the virtual hypervisor
• Consumes valuable host resources
• Virtual switch is offloaded to the physical switch
• Eliminates the software switch; the advantages of a distributed virtual switch plus Distributed Intelligence
• Leverages Virtual Ethernet Port Aggregator (VEPA) technology
• Virtual NICs are offloaded to the physical NIC
• Leverages Virtual Ethernet Bridging (VEB) technology
• Host resources are freed up for applications
• Gives 5-20% of host resources back to applications
• VMs have direct I/O with the network
• Network simplicity; common access across entire VCS; network is managed in the network
Optimized Virtual Access Layer
Physical
Server
Virtual
Virtual Switch
NIC
Switch
vNIC
vNIC
vNIC
vNIC
Source: Brocade 18
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Three-tier Architecture & Server-to-Server Traffic
Three-tier Legacy Network
Up to 50% of ports
interconnect switches;
not servers or storage
Unnecessary layers
add hops and latency
Slows performance of
Federated Apps &
VM mobility
N
S
W 75% or more of traffic E
Source: HP Networking 19
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Two-tier Architectures Improve Performance
A-Series Core Switches with IRF
A-Series ToR Switches with IRF, HP Virtual Connect
Simplified Two-tier Network
Virtual Connect provides
direct flight connections
within an HP BladeSystem
IRF Removes a Networking
Layer to reduce CAPEX
IRF enables a single, low
latency hop between up to
nine server racks
N
S
W 75% or more of traffic E
IRF
IRF Virtual Connect
Rack Servers Blade Servers
Source: HP Networking 20
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Fabric Architecture
Fabric Switches
Core Switches
Aggregation switches
Access switches
Firewall
All of the TOP of Racks are a single
high capacity Fabric!!!
Pod 1 Pod 2 4
21 Source: Juniper
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Intelligent L2 Domains POD Evolution
L2
L3
L3
L2
IP Cloud
Core
Aggregation
Access
Servers
vPC
vPC
STP+ vPC/VSS FabricPath
STP Enhancements
Bridge Assurance
NIC Teaming Simplified loop-
free trees 2x Multi-pathing
16x ECMP Low Latency / Lossless
MAC Scaling Operational Flexibility
Shipping Shipping Shipping
…
… … … … FabricPath
OTV Inter-POD Connectivity across L3
Failure Boundary Preservation Failure Boundary
Shipping
Source: Cisco 22
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Wireless
23
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 24
Wireless Trends
• Welcome, IEEE 802.11ac…
• Wireless as a service
• Wireless IPS (Intrusion Prevention System)
• All vendors must have the following features:
1. Support for 802.11a/b/g/n
2. Controller-less WiFi network
3. A network management application
4. Standards-based security with 802.1X through WPA2
5. Provider can deliver network services (such as voice, video and
location).
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Positioning Methodology
Israeli vendor rating – Market positioning is focused on the enterprise sector (not SMB)
X axis: Market penetration (sales + installed base+ clients perspective)
Y axis: localization, support, Local R&D center, number and quality of SIs, etc.
Worldwide leaders are marked based on global positioning
Vendors to watch: Israeli market newcomers
STKI positioning represents the current Israeli market and not necessarily what we recommend to our clients
25
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
xxx- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Vendor B
Player
Worldwide
Leader
Vendor A
26
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Data Center Networking- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
27
Cisco
Alcatel-Lucent
Avaya HP
Juniper
IBM
Brocade
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Campus Networking- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
28
Cisco
Alcatel-Lucent
Avaya
HP
Juniper
Brocade
Dell
Enterasys
Extreme
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Wireless LAN- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
29
Cisco
Alcatel-Lucent
HP Aruba
Aerohive
Enterasys Ruckus
Motorola
Juniper
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: Bent Objects 30
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 31
Application Delivery Controllers
Mega trends: •Cloud computing
•Virtualization – desktop, storage, network
•Mobility
• Security
•Datacenter consolidation
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
adc
Source: http://www.enterprisemanagement.com/research/asset_download.php?id=2110
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Key Drivers for Data Center Class WAN Optimization
• Disaster recovery Protect more data across longer distances over converged networks
• Data center consolidation / cloud Data and server placement not impacted by WAN performance
• Server and storage centralization Users can be farther from resources
• Real-time collaboration Improve quality of unified communications (voice/video)
• Virtualization Multisite VDI and VM migration impacted by poor WAN quality
33
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Application Delivery Controllers- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
34
Radware
Citrix
Cisco
F5
A10
Barracuda
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
WAN Optimization- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
35
Riverbed Citrix
Cisco F5
Silver Peak
Bluecoat
Radware
Juniper
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization -Collaboration
36
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 37
Source: http://collaborationbenefits.blogspot.com/2010/04/intersection-of-unified-communications_30.html
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 38
Collaboration Basics
Source: Cisco
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 39
Email And Phone Are Still The Most Common Way To Interact With Customers
What are the top methods by which your employees communicate with your customers, suppliers and partners?
Source: Information Week
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 40
Drivers Of Unified Communication Projects
1. Improve employee collaboration
2. Improve employee efficiency
3. Improve communications with customers
4. Create a more mobile workforce
5. Legacy PBX retirement
6. Upgrade technology to meet business needs/stay on par with peers
7. Reduce operation expenditures
8. Reduce travel expenses
9. Decrease sales cycle times
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 41
Reasons for Not Using Unified Communications
1. Other projects have a higher priority
2. No definitive business value
3. Lack in-house expertise
4. UC technology is too expensive
5. Sizeable investment in current communications platform
6. Auxiliary costs are too expensive (e.g. WAN bandwidth, infrastructure upgrades)
7. Deployments are too complex
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 42
Cloud Based UCC –A Very Good Step Forward
1. B2B: connect to business partners, customers, and individuals outside corporate network
2. Great for small and medium businesses 3. Help in reducing security issues (…but raise others) 4. Standardization
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 43
What’s Wrong?
We are still trying to automate collaboration…needs to be
people centric
Multitude of vendors leads to “non-immersive” experience
IT driven without alignment to business priorities
Insufficient focus on how people collaborate today and
what real pain points are
Not treating Collaboration as a CEO Agenda Item
Many of the benefits in UCC do not apply locally
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 44
How To Do It Right
Step 1: Identify Primary Business Imperatives
Innovation
Time-to-Market
Cultural Evolution
Cost Control
Productivity
Talent Acquisition
and Retention
Quality
Business Scaling and
Growth
Sales Effectiveness
Customer Loyalty
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 45
Step 2: Associate Relevant Stakeholders and Processes:
How To Do It Right
Innovation Accelerating the generation
and development of new ideas into new or improved
products, services and processes
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 46
How To Do It Right
Step 3: Analyze Existing Collaboration Patterns
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 47
How To Do It Right
Step 4: Execute Collaboration Programs:
online communities
blogs and microblogs
online shared workspaces
“click-to-connect”
collaboration spaces
comprehensive research repository
connecting experts
…Did we mention LinkedIn?
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 48
The ROI Problem
Feature adoption timeline
Job satisfaction
Training Employee
productivity UC benefit
Elements of ROI Calculation
Capital expenditures
Operational expenditures
Alternative cost
TCO
Increased sales due to increased
collaboration
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 49
65% Of Orgs Have Implemented UC Capabilities in 50% or Less of Total Users
Source: Information Week
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization -Customer Center
50
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
CRM Maturity Model
Value investment
Investment in order to optimize costs
Regulative investment
Commodity investment
Using Implementing Future usage
Business Value
Market Maturity
Business
oriented
Project
IT oriented
Project
*Size of figure
= complexity/
cost of project
Social CRM Analytical
CRM
Web
channel
projects
Operational
CRM/XRM
Mobile
channel
projects
Listening
platforms
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Accelerating Customer Experience
CRM 1.0 Managing Individual customers
Customer A Customer
B
Customer C
CRM 2.0 Managing influencers & ‘tribes’
Transactions Interactions
CRM 3.0 Engaging & Influencing
Experience
The focus shift:
52
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
What is Social CRM
• Social CRM can be used for 2 purposes:
• Listening and Learning: Using the power of personal networks to gain intelligence on customers, their habits, interests
• Brand auditing
• Awareness of campaigns success/failure
• Crowdsourcing (new products, design ideas)
• Interacting and Engaging: New channel for customer interactions (sales, service, marketing)
• Social CRM projects will be short / simple. Companies will grow into it (by using social CRM modules within CRM apps) or SaaS-based products. The hardest part will be the “people” and “processes” part, change management.
53
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Power To The People – Is It Too Much Power???
• Social media criticism makes Gap dumps new
logo forces it to revert back to old logo
54
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Social Media Projects Maturity
(Source: Altimeter Group) 55
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 56
Customer Care Trends
There’s no place to hide online
Increasingly unpredictable environmental
events
From ‘push’ to
‘pull’
The age of self help, paranoia
and advice seeking
The rise of the any x
customer
The agile and asset-less
organization (…cloud)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Approaching (Interacting with) Customers
Source: McKinsey Global Survey
(…Too often, digital marketing efforts target only younger customer segments)
57
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Key Benefits That Can Influence Consumers To Use a New Form of Payment
Source: Javelin Strategy & Research 58
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Heavy Duty Phone Systems For Trading Rooms
59
Call History
Call Directory
Directional and time indication
Deskshare
Modularity of Components
Extensibility
Backpack
Source: IPC
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Unified Communications - Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
60
Cisco
Microsoft
Alcatel-Lucent
Avaya
IBM
Interactive Intelligence Siemens EC
Digium
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Customer Center Infrastructure - Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
61
Cisco
Alcatel-Lucent
Avaya
Interactive Intelligence
Cosmocom
Siemens EC
Aspect
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
IP Telephony - Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
62
Cisco
Alcatel-Lucent Avaya
Siemens EC
Digium Microsoft
Tadiran Telecom
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization -Video
63
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 64
Global Mobile Data Traffic
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2011 2012 2013 2014
2015 2016
VoIP
Gaming
File Sharing
M2M
Data
Video
Source: Cisco VNI 2012
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 65
Enterprise Video Usage
Source: Business Video
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 66
Israeli Market Status
• Videoconferencing –Mature collaboration tool
• E-learning –Common in global orgs. Good as an enrichment
for existing tools
• Video streaming and CDN –Specific for content creators
(…Still waiting for enterprise YouTube)
• Digital signage –For special purposes
• Video Management Systems (storage\ analytics) –
Physical\homeland security
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 67
Audio\Video Conferencing
Immersive
-To work within projection-based Virtual Reality Systems
Room
-The most common
tool for
Teleconferencing
Endpoint
–”Skype like”
Video Conferencing
CXOs (Immersive)
Mid Management (Room)
Employees (Endpoint)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 68
Video Collaboration in Practice
http://www.clalit.co.il/HE-IL/Family/parents/video+rofe+online.htm
CDN
Video Conference
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 69
Video e-Learning –Next Generation Customer Care Routing
http://blogs.wsj.com/speakeasy/2010/10/25/andy-grammers-keep-your-head-up-applies-choose-your-own-adventure-logic-to-music-videos/
Choose your next choice on-the-fly
Video evolves according to choices made
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 70
Social Video + CDN (Content Delivery Network)
Source: http://www.shmone.co.il/
Powered by NAVIGAYA
Powered by Matrix CDN
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 71
Digital Signage
Source: http://www.diskin.com/he/content/index_b_06.html
Live streaming
Batch streaming
Integration to backoffice
On-line Integration
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 72
Managing Bandwidth For Video
1. Buy more bandwidth
2. Implement QOS
3. Use adaptive technologies
4. Call Admission Control (CAC)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Deliver the Network Optimized for Video Anytime, Anywhere, Any Device
Video, Voice and Data Applications
SAF
PfR
RSVP
Multicast
QoS
NetFlow
IPSLA
NBAR
Media Services Interface (end-point and Proxy) APIs
Media Monitoring
Media Awareness
Plug & Play
Media Services
Proxy
Media Optimi-zation
Security
Man
ageme
nt
Source: Cisco
Video Optimization -Medianet
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 74
The Past, Present, and Future of Enterprise Outward Video
Future Present Past
Empowerment of the individual
(1$)
video production to the masses.
(100$)
One day of shooting with a professional crew.
(100K$)
Creation (cost?)
Big data, access management,
multiple “instances” of each video
Dozens of proprietary and public Online Video Platforms. Search still is a
challenge
VHS tapes and DVDs required physical space…
Some early forms of searching programs
Management
Videos will still need to be viewed across
all devices.
Different format, resolution, and
bandwidth requirements
Television; Mailing out tapes
Delivery
how effective a video is by sales person, by
customer, by campaign, etc.
Views, what devices are viewing the video,
where in the world and more.
Broadcasts and mails had significant tracking
challenges.
Tracking
Source: http://www.reelseo.com/enterprise-video/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 75
Video Recommendation
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Tele-Conferencing- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
Skype ooVoo
Citrix
76
Cisco
Polycom
Logitech (LifeZise)
Vidyo
Radvision
Microsoft
Alcatel-Lucent
Emblaze
Avaya
Adobe
AT&T
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
What should be asked before going to the board with a capital request?
1. How much impact do our facilities have on the availability of important business applications?
2. How much more capacity could we get from existing facilities?
3. What does future demand for data center capacity look like
and how can virtualization affect it?
4. How can we improve capacity allocation by tier?
5. How can we incorporate modular designs into our data center footprint?
6. What is the complete list of key design decisions and their
financial impact?
77
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
virtualized platforms: A way to limit data center capacity requirements
Source: McKinsey & Company 78
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Reducing Capital Costs by Moving Into Lower-Tier Facilities
Source: McKinsey & Company 79
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 80
Israeli Data Center Statistics
• Average room size (brutto) 350m2
• Average size used for IT (netto) 67%
• Host all servers? (Prod.,Test, Dev. Backup etc. )
Yes (75%)
• Average DC room size per IT staff
• Average DC room size per employee
1.4m2
0.18m2
Source: STKI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 81
Data Center Outsourcing Benchmark
A research and service providers’ benchmark in the Israeli market.
By: Pini Cohen, Shahar Geiger Maor
Expected publication: May 2012
Stay posted for more news…
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 82
Output Management
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Output Trends
12מרץ 83
Interactive forms and multimedia
Personalization
Digital Mailing
Printing independence
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Tablets Replace Paper
• Businesses and governments are trading paper for tablets, saving money and promoting efficiency
• In the U.S., airlines are now allowed to rely on tablets instead of onboard paper manuals, checklists and charts
• Amsterdam city council members now get iPads, retrieving documents through a custom app that other Dutch government agencies are set to adopt
84
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Next Generation Outputs
12מרץ 85
Interactive
Accessible
Mobile friendly
Voice: MP3
Video
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Banks ‘Push‘ vs. Customers ‘Pull‘ Model
Push •Control electronic services to employees and customers. •Choose whom to allow into proprietary networks. •Own the value networks. •Set rules, pace and conditions for interaction with them. •Pre-defined, prepackaged services. •Establish the parameters for you to modify or access your information or services.
Pull •Ownership of services & value network shifts to customer •P2P computing & networks develop —secure, managed, controlled, powerful •Organizations forced to deliver into consumer computing domains •Architecture extends to consumer computing environment —―customer centric gets defined •―Delivery models‖ subsumed into ―consumption models‖ -ambient findability •Building blocks —contentaware, data, Web Services, process models, orchestration services.
86
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Output Management-Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
87
Aman/Beeri
Adobe
HP
Autofont
Consist
ISIS-Papyrus
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Printers-Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
HP
Lexmark
88
Samsung
Brother
Epson
Canon
Ricoh Xerox
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
http://xkcd.com/657/large/
Market Data
89
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 90
Networking Staffing
Average 75’th percentile 50’th percentile 25’th percentile
66% 78% 63% 58% “Active” ports as of
total ports (%)
2613 2000 1200 917 Total ports per 1 networking staff
member (voice+data)
2.12 2.82 1.93 1.33 Ports per 1 employee
1119 1125 775 561 Employees per
1 Networking staff member
1.7:1 2:1 1.5:1 1.13:1 Data networking : voice networking staff ratio
Source: STKI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Networking Budget ~ 10% of IT OpEx
Source: The Corporate Executive Board Company 91
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Constant Staffing Mix Within IT
Source: The Corporate Executive Board Company 92
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Endpoints
http://www.wired.com/wired/archive/14.07/images/found.jpg 93
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization
94
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Desktop-PCs are getting old…Say Hello to the Post-PC Era
• No platform, form factor or technology will dominate. • BYOD will remain the norm. • Component prices continue downward trend. • Off-Desktop devices consume more of the digital
experience • Employees will use many devices, syncing data between
them via the cloud.
Source: Bent Objects 95
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
2012 game changers :
• Consumerization of IT • Bring your own Device (BYOD) • Changing Client Architectures
Tablet computers, smartphones, 4G, social media, gaming,
desktop virtualization, and other technology innovations
are bringing possibilities and challenges to IT and the workplace
like never before
96
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Experience Economy > Age of the Customer
• From 1900 to 1960, Age of Manufacturing , if you owned a factory, you owned the market.
• From 1960 to 2000, Age of Distribution, if you owned the distribution channels, you owned the market.
• From 2000 to 2011, Age of Information, if you owned the information, you owned the market.
• From 2011, Age of the Customer, if you engage the customer, you own the market
97
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Why Mobile?
Mobile Phone Device
• Always with me, cost effective, muti-purpose device, carrier-side infrastructure, Anywhere-to-anywhere connection and more…
Telephone
• Large distances, real-time. Closer to the end-user
• Static
Telecom: fire, letters…
• Starting to close the gap.
• Short distances, no real-time
Communication –A basic need
• Population is spreading all over the world.
• Distance is becoming a communication issue
98
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mobile Outsourcing
Touch
Gesture
Ⅱ
Δ
Video
Search
Social
99
Location
Trade
Calendar\Mail
Tools
Content Access
Fun
Voice
Pics
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Using Mobile Apps more then 10 times a day
100
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Using Mobile App to Make a Purchase/ for Client Service
101
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Decision Making in the Digital World
102
Seeking Intelligence, Not Content
60% of purchase decisions being made before the
consumer stepped into the store!!!
- Real time
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Many clients are asking about how to:
103
how to develop mobile custom apps?
Secure their mobile content select mobile devices
craft mobile policies
manage the devices
Set a solid Digital Customer Experience
MDM
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Answers are right here
104
how to develop mobile custom apps?
select mobile devices
Who is Digital Customer Experience
Owner in enterprise
IT or Business? IT higher involvement
Native or Hybrid Apps
People wants:
Enterprises wants:
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
What Do People Want ?
105
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Three OSs, Three Ecosystems?
Source: IDC 106
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 107
Internet vs. Mobile Data Traffic
0%
100%
200%
300%
1997 1998 1999 2000 2001 2002
Global Internet Traffic Growth (Fixed)
0%
50%
100%
150%
200%
2009 2010 2011 2012 2013 2014
Global Mobile Data Traffic Growth
Source: Cisco VNI 2012
(estimate)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 108
Mobile Statistics
– The number of active mobile broadband subscriptions worldwide in 2011.
–The estimated number of mobile subscriptions worldwide in 2011.
–Percentage of handsets shipped globally in 2011 that included a web browser.
– Apple iPad’s share of global tablet web traffic in December.
Source: http://royal.pingdom.com/2012/01/17/internet-2011-in-numbers/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Different Devices, Different Purpose
Work
Change
Flow
Experience
Co
nsu
mp
tio
n
Cre
atio
n
109
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
List of Tablet Use Cases
How do you use\plan to use your tablet? (Please select all that apply)
Source: Yankee Group 110
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Gaming
social media sites
listening to music
Watching video
Writing or reading mail
Surfing the web
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Tablets occupy a middle ground where consumption and creation of data has a wide range. BYOD needs to be a consideration once interest enters this zone. There are two potential paths that can be followed at this point.
Bring Your Own Device
- Light data consumption - Minimal data creation
- Heavy data consumption - Local data creation
• Easier and more supportable • More flexible device capability
• Full network • Harder to support (e.g. local
rather than centralized apps) • Limited by device capabilities
Final steps: - Full BYOD policy created by
all business groups. - TCO calculation in
conjunction with Finance.
Full BYOC
BYOD Light
Past this line, infrastructure, security, and operations pillars must be considered in order to support advanced data creation.
Integration
Virtualization
Data Consumption and Creation Continuum
111 Source: Info-Tech Research Group
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
BYOD Recommendations
1 Measure success against overall objectives of a multi-device strategy. Having a multi-device IT service access strategy should contribute to lowering costs while increasing service regardless of who owns the devices. Given that, how does BYOD further those objectives?
2 Consider impact on overall objectives when deciding between passive or aggressive approach. Bring Your Own policies can range from passive (we allow connection from personally-owned devices) to aggressive (we encourage and even subsidize bring your devices).
3 Communicate policy requirements and roles and responsibilities for system support. Failure to meet success measures can be a result of communication failures as much as a failure of technical and operational capability.
4 Maintain company-owned device options for flexibility and end-user service. Info-Tech sees that even in the case of an aggressive BYODprogram, allowing use of a company-owned device can mitigate a number of the potential pitfalls of BYOD.
5 Document your policy position and rationale for the business. In dealing with your internal business customers’ demand for service, there is only one question (with two corollaries) that matters. Can you deliver this service? If yes, how? If no, why?
Source: Info-Tech Research Group 112
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Evolution of Trade
Mobile Payment
Credit
Lydian coins
Barter
113
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 114
Mobile Payment
That’s like almost Every Cow on the planet getting a smartphone
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 115
4 Types of Mobile Payment
• The Mobile Wallet -Paying for things at a store with a mobile device using NFC or "tap and go“.
• Every Smartphone is a cash register - Merchants using a mobile
device to process credit cards payments.
• The “Everything Else” mobile Payment -Consumers send money to merchants, or even each other (sometimes called p2p), using mobile devices (on-sale\on-line).
• ‘Put it on my bill’ -Consumers buying ringtones or games or digital content by putting the charges on their cellphone account.
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Point of Sale
What’s In a Mobile Wallet?
Mobile Phone RF Modem
Baseband Processor
NFC Controller
Proximity Antenna
SIM Chip
Secure Element
• Payment Applications
• Transit Application
• Offer Application
Source: GSMA
Secure Element (SE), which holds:
One or more payment, mass transit, and/or offer applications
Each application emulates a particular “card” in the wallet
Near Field Communications (NFC) chip
Two-way communication with the point of sale
Compatible with existing contactless payment standards
Three options for hosting the SE:
On the SIM chip (shown here)
Elsewhere in the handset
On a MicroSD card
116
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
How Does It Work?
– Encrypted credentials are supplied by the card issuing bank to a TSM
– The TSM distributes the credentials to the phone via the MNO
– Phones use NFC to present the credentials at the POS
– Transaction proceeds as a regular card payment
Source: IDC Financial Insights
Card Issuing Bank
Trusted Service
Manager (TSM)
Mobile Network Operator (MNO)
Mobile Phone
Point of Sale
Acquiring Bank
Payment Network
117
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Lots of unresolved questions:
– Who controls the secure element?
– How much does it cost to rent space in the wallet?
– Who gets to provide the offer application(s)?
– What if the merchant doesn’t support contactless cards?
Okay, So What’s the Catch?
118
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 119
The Digital Customer
People’s opinions matter more than providers opinions and more than in the past
Expectation Economy
Personalization & attitudes to privacy, ownership, piracy, color & language. Shift from transaction to interaction
Brand Butlers
Working Practices & Attitudes: Blurring of work and leisure, conflict between new and old attitudes
AlwaysOn
Many-to-Many Communication -turning the mundane into “fun”
GameOn
Knowledge for many regions, languages, currencies & attitudes visualized in different ways
Intelligent Infosystems
Money, but no time –45 seconds/4 clicks is too long to wait.
Dynamic Pricing
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 120
What Are The Expectations From a Mobilized World?
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Devices that end users prefer (new ?)
121 http://www.canalys.com/newsroom/smart-phones-overtake-client-pcs-2011
Ultrabooks (Net\Notebooks) will reach just over 15% of total consumer notebooks (IDC)
1. Mainstream price must be very attractive 2. Lower cost conventional notebooks slowing ultrabook adoption
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Apple is Gaining Market Share in the Enterprise
Source: Forrester 122
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
1/5 Of Global Info Workers Use Apple Products For Work
http://blogs.forrester.com/frank_gillett 123
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
“The endpoint not taken”
124
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Israeli Smartphone Market-share in 2011
Samsung 27%
Apple 23%
Nokia 20%
LG 8%
Sony Ericsson 7%
RIM 5%
Motorola 5%
Alcatel 4%
HTC 1%
Source: IDC 125
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Israeli Smartphone Market-share in 2011
Market Share Operating System
39.39% Android
36.62% iOS
9.48% BlackBerry OS
9.00% Symbian
5.52% Other
Source: IDC 126
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Israel (expected end 2012):
127
Wintel: Q42011 compared to Q42010 Desktop PCs: -25% Notebooks: -35%
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: STKI Feb. 2012
What is the Current Endpoint-Devices Mix within your enterprise?
Tablets
Smartphones
Laptops
Desktops 77%
13%
7%
1%
128
8%
mo
re e
nd
po
ints
u
nd
er
IT r
esp
on
sib
ility
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
What will be the Mix 12 Months from now?
Tablets
Notebooks\
Netbooks
Laptops
Desktops 75%
20.5%
1.6%
6%
Source: STKI Sep. 2011 129
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Endpoint Contemplations
1. Desktops\Notebooks are losing market share
2. Desktops = price sensitive
3. Laptops\Tablets are gaining power
4. A tablet (still) can’t replace a laptop
5. “By 2015…?” No one really knows what’s going to happen…
130
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 131
Market Data
http://xkcd.com/688/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 132
Israeli Endpoint Statistics
• Number of endpoints per 1 employee 1.08
• Number of endpoints per 1 IT staff 24
• Number of endpoints per 1 service desk staff 564
• Number of endpoints per 1 PC staff (field technicians) 748
• Number of endpoints per 1 PC staff (image) 3231
Source: STKI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 133
Endpoint-Devices Mix (Abroad)
Source: InformationWeek
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Who Will Be Using Tablets? (Israel)
Source: STKI, Sep. 2011
44%
41%
21%
15%
3%
CXOs
Specific functions (e.g. sales\marketing)
Pilot in one of the units
Mid-level directors
Some of the\all Employees
134
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Who Will Be Using Tablets? (Abroad)
Source: Corporate Executive Board 135
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 136
End-Point Operating Costs
Source: InformationWeek
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 137
End User Device Replacement Cycle
Source: InformationWeek
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Desktop PCs- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
HP
Player
Worldwide
Leader
Ivory
Lenovo
Dell
Apple
Acer
138
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Laptops- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
HP Player
Worldwide
Leader
Toshiba
Lenovo
Dell
Apple
Acer ASUS
Samsung
LG
Fujitsu
139
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Tablets- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
Apple
Samsung
Others…
140
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization -Security
141
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 142
Mobile Sec., 25%
Access/Authentication, 13%
DB/DC Sec., 11%
GRC, 9%
Network Sec., 8%
Sec. Policy, 6%
Data Sec., 6%
SIEM/SOC, 4% SIs/Vendors/Products, 4%
Endpoint Sec., 4%
Fraud, 3%
“Cyber”, 2%
Market/Trends, 2%
Application Sec., 2%
Miscellaneous, 1%
GW Sec., 1%
STKI Index-2011 –Top Security Queries
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization-Cyber
143
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
New Buzz…..
144
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Your Text here Your Text here
Shahar Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 145
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Cyber Warfare
Cyber Terror
Cyber Crime
The Cyber Triangle
Private Information
Source: ILITA. STKI modifications
Command & Control Systems
Business Information
146
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Cyber Triangle–Regulations
Private Information
Source: ILITA. STKI modifications
Command & Control Systems
Business Information
Director of Security of the Defense Establishment
National Information Security Authority
Israeli Law, Information and Technology Authority
Bank of Israel \ Ministry of Finance
SOX
ISO\IEC 27001
PCI-DSS
ISO\IEC
SOX SOX SOX
ISO\IEC ISO\IEC ISO\IEC
PCI-DSS
PCI-DSS
147
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Generic Cyber Attacks
1. Individuals\Groups 2. Criminal\Nationalistic
background
3. Lots of intervals 4. Lots of targets 5. Common tools
148
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Distributed Denial Of Service (DDOS)
1. Targets websites, internet lines etc.
2. Legitimate traffic
3. Many different sources
4. From all over the world
5. Perfect timing
149
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
DDOS Mitigation- Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Radware Player
Worldwide
Leader
F5 Arbor Networks
150
Imperva
Vendors to watch: Andrisoft, Cloudshield, Correro, GenieNRM, IntruGuard, Narus,
RioRey
Foresight
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Advanced and Persistent Threat (APT)
1. Group/ Org./ State
2. Ideological/ Nationalistic background
3. Multi-layered attack
4. Targeted
5. Variety of tools
6. Impossible to detect in real time(???)
151
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Iranian Intelligence Wants To Be Your Friend on LinkedIn
Source: http://www.guym.co.il/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Cyber Preparedness???
00.5
11.5
22.5
33.5
44.5
Mex
ico
Bra
zil
Ind
ia
Ro
man
ia
Ch
ina
Ital
y
Po
lan
d
Ru
ssia
Au
stra
lia
Au
stri
a
Can
ada
Jap
an
Den
mar
k
Esto
nia
Fran
ce
Ger
man
y
The
Net
he
rlan
ds
Spai
n
Un
ited
Kin
gdo
m
USA
Fin
lan
d
Swed
en
Isra
el
Country-by-country stress tests
http://www.securitydefenceagenda.org/ 153
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Your Text here Your Text here
Shahar Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 154
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
bureaucracies live forever....
Space Shuttle’s booster rockets
US standard railroad gauge
Roman war
chariots
the rear ends of two war horses
155
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Israeli National Cyber Command (INCC)
Established: 07.08.2011
Goal:
• To lead the nation’s cyber strategy
• To establish a cyber defense policy
• To promote new initiatives and technologies in regards to cyber security domains.
Means:
• Government budget
• Industry\academic knowledge sharing
156
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
On the INCC’s Agenda
• Mapping the national critical infrastructure
• Gap analysis for national critical infrastructure security controls
• Certifications: for vendors, for Sis, for consultants
• Authorizations: for businesses, institutes and any other entity who keep private\public information
• Proactive defense by establishing professional forums
• Promotion of academic and industry research
• Promotion of specific fields of expertise (e.g: SCADA security)
• Establishment of national security lab
• Education and public awareness
157
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Five Aspects of Government Intervention
1. Multi-system and system complexity: Resource pooling and knowledge sharing
2. Joint venture: Cyber defense is a “game for large players”
3. National as well as International co-operation
4. Governmental incentives and programs (e.g: MAGNET, Yozma initiative)
5. Regulation
158
…This is the planned State –Level Cyber Security Approach
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
An Example fo State-Level Cyber Security –IPv6
http://www.ccdcoe.org/publications/books/Strategic_Cyber_Security_K_Geers.PDF 159
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Your Text here Your Text here
Shahar Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 160
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Your Text here Your Text here
Shahar Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 161
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Spotting the Unknown: Finding the “God Particle” of Security
http://commons.wikimedia.org/wiki/LHC 162
One possible signature of a Higgs boson from
Large Hadron Collider (LHC) at CERN
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Big Data : Information Diet
• The modern human animal spends upwards of 11 hours out of every 24 in a state of constant consumption of information from the net:
• we have grown obese on sugar, fat, and flour
• we become gluttons for texts, instant messages, emails, RSS feeds, downloads, videos, status updates, and tweets.
• Just as too much junk food can lead to obesity, too much junk information can lead to cluelessness
• Big Data “should” help a company understand this information glut and is essential in order to be smart, productive, and sane.
163
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 164
Spotting the Unknown: Big Data At Your Service
Business Process Management
Data Warehouse
Applications
Business Intelligence
Source: IBM
SIEM
Detect, analyze and respond to phenomena based on large volumes of
structured and unstructured information
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 165
Spotting the Unknown: The Sandbox Approach
Source: http://www.fireeye.com/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 166
But…”The Contact Line Will Always be Breached”
http://en.wikipedia.org/wiki/File:Maginotline_organization.gif
http://en.wikipedia.org/wiki/File:1973_sinai_war_maps.jpg
Maginot Line Bar-Lev Line
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
“Real-Time Forensic” -NetWitness
http://visualize.netwitness.com/Default.aspx?name=investigation 167
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
“Real-Time Forensic” -HBGary
http://hbgary.com/attachments/ad-datasheet.pdf 168
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 169
STKI Cyber Security Survey
This survey consists of two different parts:
• First part –CISOs and Infra managers from dozens leading organizations.
• Second part –the insights of 9 leading security consultants who cover most of the IT market in Israel.
Important notes:
• This survey refers to incidents during 2009-2011.
• Unreasonable results were removed.
• Results may have been subjected to wrong interpretation by the Respondents and some of the incidents may have been “dropped”.
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 170
Thank You Very Much For Your Contribution!
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
"Soft Cyber sector"***
"Cyber sector"**0%
10%
20%
30%
40%
50%
NoIncidents
1Incident
2-5Incidents
5-10Incidents
MoreThan 10
Incidents
171
Number Of Security Incidents –Users’ Perspective
Average number of significant security incidents* in the past 3 years
*"Significant security incident" -One that caused direct loss in working hours and\or money **”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… ***”Soft cyber sector” –All the others
Market Average:
2 incidents
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Rest of Industry
Infra & Telecom
FinanaceDefense & Gov.
0%
20%
40%
60%
80%
NoIncidents
1Incident
2-5Incidents
5-10Incidents
MoreThan 10
Incidents
172
Number Of Security Incidents –Consultants’ Perspective
Average number of significant security incidents during 2011
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 173
What Kind Of Incidents? –Users’ Perspective
What was the nature of security incidents in the last 3 years?
We still don’t know
Vulnerabilities\threats were unknown atthe time
No answer
Known vulnerabilities\threats
Inside factor (Malicious, accidental,technical error)
0%
12%
13%
55%
20%
16%
39%
40%
41%
64%
Cyber sector Soft Cyber sector
”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
35%
21%
15%
29%
29%
34%
32%
5%
36%
26%
30%
8%
47%
15%
32%
6%
Knownvulnerabilities\threats
Vulnerabilities\threatswere unknown at the time
Inside factor (Malicious,accidental, technical error)
We still don’t know
174
What Kind Of Incidents? –Consultants’ Perspective
What was the nature of security incidents in 2011?
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 175
Once Again, The Human Factor. DLP Justification?
Yes,non-malicious
Yes, malicious
No
88%
33%
0%
70%
23%
17%
Have you encountered any malicious or non-malicious activity by employees in the last 3 years?
Cyber sector Soft Cyber sector
”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 176
Targeted Attacks –Users’ Perspective
18%
10% 8% 11%
53%
70% 66%
47%
33%
10%
DOS\DDOS Phishing App\web attacks Malicious code No
Have you witnessed any targeted attacks in the last 3 years?
Soft Cyber sector Cyber sector
”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 177
Targeted Attacks –Consultants’ Perspective
89%
56%
11%
Yes, App\web attacks Yes, malicious code No
Have you witnessed any targeted attacks toward one of your clients in 2011?
(Not including Phishing and DOS attacks)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 178
Lost of Working Hours
Less than 50
20%
More than 51
50%
Don’t know 30%
Approximately how many working hours did your organization lose due to significant security incidents in the last 3 years?
Less than 50
55%
More than 51
33%
Don’t know 12%
Soft cyber sector Cyber sector
”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 179
Impact on Revenue
13%
63%
13% 13%
0%
58%
5% 0% 0%
37%
Les than 1% 1%-5% 5%-10% More than 10% Don’t know
Consultants Users
How much money (% of total revenue, pre org. on average) has been lost due to security incidents in the last three years?
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Evolving to Combat Advanced Persistent Threats
Total Visibility Across the Enterprise:
• Host-Based Visibility
• Network-Based Visibility
• Log Aggregation: Internal DNS Server Logs, DHCP Logs, Enhanced Microsoft Windows Event Audit Logs, Border Firewalls Logs with Ingress/Egress TCP Header
• Information, External Webmail Access Logs, Internal Web Proxy Logs, VPN Logs, Netflow Logs, Full Packet Capture Logs
• HIDS/HIPS
Actionable Threat Intelligence:
• Indicators of Compromise
http://www.mandiant.com/news_events/forms/m-trends_tech2011 180
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 181
Security Fundamentals Come First!
Establishing Cyber Security
Policy
Internet policy
System design
SDLC
Testing
Access policy
Access management
Strong authentication
System policy
configuration management
Patch management
system hardening
Standards
Operating systems
Mobile devices
Encryption(?)
Security education and
awareness
Computer Emergency
Response Team
After establishing a rigid and continuous security policy, Check out this diagram:
A new component
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization-MDM
182
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mobile Device Management…
183 Source: Bent Objects
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Critical Capabilities for Mobile Device Management
Device Diversity Policy
Enforcement Security and Compliance
Containerization
Inventory Management
Software Distribution
Administration and Reporting
IT Service Management
Network Service Management
Delivery Model
http://www.gartner.com/technology/streamReprints.do?id=1-16U0UOL&ct=110801&st=sg 184
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Israeli Point of View
In your opinion, what are the Critical Capabilities for a MDM solution?
16%
13% 6%
12% 8% 8%
6% 6% 6%
Source: STKI 185
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mail\Calendar Sync?
Of course! 87%
Not yet 13%
186 Source: STKI
Does your organization’s policy allow for mobile devices to be synchronized to mail\calendar?
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
(Don’t) Bring Your Own Device (Not yet)
No! 54%
Yes (Policy) 33%
Yes (to all...) 13%
187 Source: STKI
Does your organization’s policy allow for private mobile devices to be synchronized to mail\calendar?
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
MDM Strategy
What’s your mobile device management and security strategy?
53%
21%
13%
8% 5% Conducting a POC\evaluation
of solutions
Using an existing (non-specific)security methodology\solutions
It's considered high priority,but no actions were made yet
Already implemanting aspecific MDM\security solution
MDM\security is consideredlow priority at the moment
188 Source: STKI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 189
Data Leakage From Mobile Devices
Our MDMsolution shoudbe the answer
We're using\willbe using
compensatingsecurity controls
Higher securityawareness
We do not dealwith it
43% 40% 30%
37%
How are you planning to tackle data leakage from mobile devices (multiple answers)?
Source: STKI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Market Status: Waiting For “Something” To Happen
190
~17,000 MDM licenses have been sold in the Israeli market so far… (STKI estimation, Feb 2012)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 191
MDM Insights
-There is no single end-to-end solution
-Decision-maker’s position determines type of solution
CxOs /
Special Purpose
Security
Employees
Pure MDM
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 192
Mobile Security
CxOs /
Special Purpose
Security
Employees
Pure MDM
• AGAT- Active Sync Protector
• Checkpoint - Pointsec Mobile Security
• Juniper –Junos Pulse Mobile Security Suite
• LetMobile • Trend Micro –
Mobile Security
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mobile Security Management -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
LetMobile
Player
Worldwide
Leader
193
AGAT Checkpoint
Juniper
Trend Micro
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 194
Mobile Device Management
CxOs /
Special Purpose
Security
Employees
Pure MDM
• AirWatch • BoxTone • FancyFone –FAMOC • Fiberlink-MaaS360 • Matrix-MMIS • McAfee -Enterprise
Mobility Management
• MobileIron • Symantec - Mobile
Management • ZenPrise –Mobile
Manager
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mobile Device Management -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Mobile Iron
Player
Worldwide
Leader
195
Fiberlink
AirWatch
BoxTone
FancyFone
Matrix
McAfee
Symantec Zenprise
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 196
Mobile Containerization
CxOs /
Special Purpose
Security
Employees
Pure MDM
• DME-Excitor • Good Technologies • Sybase-Afaria
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mobile Container Management -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
197
Good Technologies
Excitor
Sybase
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 198
Mobile Remote Control
CxOs /
Special Purpose
Security
Employees
Pure MDM
• Callup-Xcontrol • Communitake • Mformation • SOTI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Mobile Remote Control-Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
199
Communitake
Xcontrol
SOTI
Mformation
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Presentation Visualization-Cloud Security
200
Networking
Co
llab
ora
tio
n
Security
MD
M
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 201
Cloud Flavors
Source: Changewave, a service of 451 Group
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Super Hybrid Clouds : can IT handle it ?
IT’s challenge becomes: • integration
• identity management
• data translation between the core and multitenant public cloud
• orchestration for processes connecting private and public clouds
202
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 203
Cloud Security is still A Major Concern
Source: Changewave, a service of 451 Group
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Cloud Standards and Test Bed Groups
• Cloud Security Alliance (CSA)
• Distributed Management Task Force (DMTF)
• Storage Networking Industry Association (SNIA)
• Open Grid Forum (OGF)
• Open Cloud Consortium (OCC)
• Organization for the Advancement of Structured Information Standards (OASIS)
• TM Forum
• Internet Engineering Task Force (IETF)
• International Telecommunications Union (ITU)
• European Telecommunications Standards Institute (ETSI)
• Object Management Group (OMG)
http://cloud-standards.org/wiki/index.php?title=Main_Page 204
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 205
Cloud Security Standards –Current Status
Cloud Security
ISO 27001
SSAE 16 (SAS 70)
FISMA –ATO
FIPS 140-2
CSA
FedRAMP
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 206
Cloud Security Standards –ISO 27001 (2005)
There is no particular focus on “cloud computing”.
(Reddit, HootSuite, Quora and Foursquare have suffered outages even though AWS is ISO 27001 certified).
ISO 27001 relates to some cloud security issues:
• A.6.2.1 -Identification of risks related to external parties
• A.6.2.3 -Addressing security in third party agreements
• A.10.5.1 -Information back-up
• A.11 -Access control
• A.7.2.1 -Classification
So, what’s the point of being ISO 27001 certified? Lower risk.
ISO 27001 certification guarantees that the certified entity has undertaken a comprehensive approach to resolve major risks.
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 207
SOC 1/SSAE 16/ISAE 3402
http://www.ssae-16.com/
is an enhancement to the current standard for Reporting on Controls at a Service Organization
(SAS70).
SSAE 16
ISAE 3402
SSAE 16 was built upon the ISAE 3402 framework.
A SOC 1 Report (Service Organization Controls Report) is a report on Controls at a Service Organization which are relevant
to user entities’ internal control over financial reporting. The SOC1 Report is what you would have previously considered to be the standard SAS70, complete with a Type I and Type II reports,
but falls under the SSAE 16 guidance.
SOC 1
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 208
SOC 1/SSAE 16/ISAE 3402
Who Needs an SSAE 16 (SOC 1) Audit?
If your Company (the ‘Service Organization’) performs outsourced services that affect the financial statements of another Company (the ‘User Organization’), you will more than likely be asked to provide an SSAE16 Type II Report, especially if the User Organization is publicly traded.
Some example industries include:
* Payroll Processing * Loan Servicing * Data Center/Co-Location/Network Monitoring Services * Software as a Service (SaaS) * Medical Claims Processors
http://www.ssae-16.com/
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 209
Federal Information Security Management Act (FISMA, 2002)
FISMA ATO for CSP (Low, Moderate, High)
• Part of NIST’s Computer Security Division
• Issues an authorization to operate for cloud service providers
• It doesn’t require certification of products or services. It sets security requirements for federal IT systems.
U.S. Government Cloud Computing Technology Roadmap
(http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeI-2.pdf)
Its aim is:
“…to make it substantially easier to buy, sell, interconnect and use cloud environments in the government”.
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 210
FIPS 140-2 Certification –For CSP Trust
1. Federal Information Processing Standard (FIPS) Publication 140-2 2. Specifies the security requirements of cryptographic modules
used to protect sensitive information 3. Notice: There are four levels of encryption under FIPS 140-2
http://www.gore.com/en_xx/products/electronic/anti-tamper/security-standards.html
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 211
PCI DSS –Vital For Cloud Service Providers
PCI DSS was set up by the major credit card companies to try and improve the Information Security of financial transactions related to credit and debit cards. It essentially pushes the responsibility of looking after card data onto merchants who may store, process and transmit this type of data.
http://phoenix-consultancy.com/pci_dss.html
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 212
Cloud Security Alliance
• Security Guidance for Critical Areas of Focus in Cloud Computing (Released November 14, 2011)
• Innovation Initiative -created to foster secure innovation in information technology. (Released February 24, 2012)
• GRC Stack -a toolkit to assess both private and public clouds against industry established best practices, standards and critical compliance requirements.
• Consensus Assessments Initiative -Research tools to perform consistent measurements of cloud providers (Released September 1, 2011)
• Cloud Controls Matrix (CCM) -Released August 26, 2011
• Cloud Metrics - Metrics designed for Cloud Controls Matrix and CSA Guidance.
• CloudTrust Protocol (See next slides…)
https://cloudsecurityalliance.org/research/
(Join the Israeli chapter here: http://www.linkedin.com/groups?gid=3050440&trk=hb_side_g)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 213
Digital Trust and Value Creation
http://assets1.csc.com/financial_services/downloads/DigitalTrustForLifeReport.pdf
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Cloud Trust Protocol (CTP) Transparency as a Service
CSC Trusted Community Cloud
TaaS Dashboard
Enterprise
• •
•
Using reclaimed visibility into the cloud to confirm security and create digital
trust
TaaS
CTP
CTP
CTP
CTP
CTP
CTP
CTP Private Trusted Cloud
Responding to all elements of transparency
Responding to all elements of transparency
Cloud Trust Agent
TaaS
Cloud Trust Response Manager (CRM)
SAS70, SSAE 16, HIPAA, ITAR, FRCP, HITECH, GLBA, PCI DSS, CFATS, DIACAP, NIST 800-53, ISO27001, CAG, ENISA, CSA V2.3, …
Downstream compliance processing
Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp , & CSA
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 215
Federal Risk and Authorization Management Program
FedRAMP is the result of close collaboration with cybersecurity and cloud experts from:
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 216
Federal Risk and Authorization Management Program (FedRAMP)
• established on December 8, 2011
• The FedRAMP security controls are based on NIST SP 800-53 R3 / 53 A, controls
• Establishes US Federal policy for the protection of Federal information in cloud services
• Describes the key components and its operational capabilities
• Defines Executive department and agency responsibilities in developing, implementing, operating, and
maintaining the program
• Defines the requirements for Executive
departments and agencies using the
program in the acquisition of cloud
services
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 217
How Will Cloud Services Be Prioritized For FedRAMP Review?
• “FedRAMP will prioritize the review of cloud systems with the objective to assess and authorize cloud systems that can be leveraged government-wide”. • FedRAMP will prioritize Secure Infrastructure as a Service (IaaS) solutions, contract vehicles for commodity services, and shared services. (1) Cloud systems with existing Federal agency’s authority-to-operates (ATOs) get first priority (2) Cloud systems without an existing Federal agency ATO get second priority
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 218
FedRAMP – Deliverables For Cloud Computing Service Providers
A. Develop Plan of Action & Milestones: (POAM) B. Assemble Security authorization Package (SAP) C. Determine Risk D. Determine the Acceptability of Risk E. Obtain Security Authorization Decision (yes/no)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 219
FedRAMP - Third Party Assessment Organizations (3PAOs)
• Perform initial and periodic assessment of CSP systems per
FedRAMP requirement
• provide evidence of compliance, and play an on-going role in ensuring CSPs meet requirements.
• FedRAMP provisional authorizations must include an assessment
by an accredited 3PAO to ensure a consistent assessment process.
• Independent assessors of whether a cloud service provider has met the 297 agreed upon FedRAMP security controls (604 pages) so they can get an authority to operate (ATO).
• Companies cannot be 3PAOs and cloud service providers (CSP) at
the same time for same contracts (MOU, etc.,)
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 220
Cloud Guidelines in Israel By ILITA (Start: 19.5.2012)
http://www.justice.gov.il/MOJHeb/ILITA/News/mikurhuts.htm
1 • Primal check of outsourcing legitimacy
2 • Meticulous definition of purpose and use of outsourced data
3 • Alignment of security and privacy controls in accordance to existing regulations and
standards (ISO 27001, 357, 257)
4 • Transparency and obedience to privacy laws
5 • Defining the means of privacy enforcement and monitoring
6 • Ensuring data deletion upon ending of contract
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 221
Decrease The Risk Of Cloud Computing
• Do a thorough check on the potential provider – not only its performance record, but also the background of its management, have they implemented the information security and business continuity policies and procedures, financial stability, legal risks etc.
• Write very specific security clauses in your agreement with the provider, where the biggest emphasis will be on issues that have raised the highest concerns during risk assessment.
• Keep a backup copy of your information locally – although a cloud computing provider will (probably) do regular backup, it is always a good idea to have direct control of your information. (e.g. banking regulators in some countries have imposed regulations to local banks to keep the backup copy inside the country specifically because of this risk.)
• Develop your strategy on how to return the information processing/archiving back to your company (re-insourcing) in case of problems with your cloud computing provider – you should know exactly which steps are needed, as well as which resources.
• An exit strategy might also be to have an alternative cloud computing provider standing by, ready to jump in if your existing partner performs badly.
• Perform regular checks of your provider to find out whether they are complying with the security clauses in the agreement
Source: http://blog.iso27001standard.com/#
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: http://xkcd.com/657/large/
Market Data
222
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 223
Information Security Staffing
Average 75’th percentile 50’th percentile 25’th percentile 1 Security Personnel
1582 1600 1167 500 For how many
employees?
55 61 42 33 For how many IT staff?
951 1172 750 397 For how many
desktops?
1314 1779 1130 522 For how many
endpoints?
194 270 200 119 For how many WIN
servers?
Source: STKI
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Networking Budget ~ 10% of IT OpEx
Source: The Corporate Executive Board Company 224
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Constant Staffing Mix Within IT
Source: The Corporate Executive Board Company 225
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Data Leakage Prevention -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Websense
Player
Worldwide
Leader
McAfee
226
Symantec
GTB
Verdasys
EMC
Safend
Fidelis
CA
Checkpoint
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Database Protection -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
McAfee
Player
Worldwide
Leader
Imperva
227
IBM
GreenSQL
Fortinet
Oracle
Safenet
Brillix
Informatica
SAP
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Network Encryption -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Safenet
Player
Worldwide
Leader
228
Thales
Cisco
Fortinet
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Enterprise Network Firewall -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Checkpoint
Player
Worldwide
Leader
Cisco
229
Juniper
PaloAlto
Fortinet
F5 SonicWall
Barracuda
Microsoft
McAfee HP
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Secure Remote Access-Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Juniper
Player
Worldwide
Leader
F5
230
Checkpoint
Cisco
Microsoft Citrix
SonicWall
Fortinet
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Intrusion Prevention Systems -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
McAfee
Player
Worldwide
Leader
SonicWall
231
PaloAlto
HP
IBM
Juniper
Checkpoint
Radware
Fortinet
Cisco
SourceFire
Barracuda
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Network Access Control-Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Access Layers
Player
Worldwide
Leader
Wise-Mon
232
ForeScout
McAfee (Insightix)
Cisco Juniper
Symantec Microsoft
Checkpoint
HP
Enterasys
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Loca
l Su
pp
ort
Market Presence
Secure Web Gateway-Israeli Market Positioning 1Q12
Player
Worldwide
Leader
233
Barracuda
Cisco
Websense
PineApp
Fortinet
Microsoft
Sonicwall
Safenet Symantec
Trend Micro
Mcafee
BlueCoat
Zscaler Clear Swift
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Loca
l Su
pp
ort
Market Presence
Email Security-Israeli Market Positioning 1Q12
Player
Worldwide
Leader
234
Barracuda
Cisco
Websense PineApp
Fortinet Microsoft
Sonicwall
Safenet
Symantec
Trend Micro
Mcafee
Mirapoint Clear Swift
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Loca
l Su
pp
ort
Market Presence
Application Firewall-Israeli Market Positioning 1Q12
Player
Worldwide
Leader
235
F5
Barracuda
Imperva
Radware
Citrix
Fortinet Microsoft
Applicure
Sonicwall
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Loca
l Su
pp
ort
Market Presence
SOA Security\XML FW -Israeli Market Positioning 1Q12
Player
Worldwide
Leader
236
Imperva
F5
Oracle
IBM
Intel
Microdasys Layer7
CA Radware
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Loca
l Su
pp
ort
Market Presence
Server Security -Israeli Market Positioning 1Q12
Player
Worldwide
Leader
237
Microsoft
Symantec
Trend Micro
Kaspersky
CA
IBM
Sophos
McAfee
Calcom NetIQ
VMware
Reflex
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Endpoint Security -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
238
McAfee
Microsoft
Symantec Trend Micro
Kaspersky
CA
Checkpoint
IBM
Sophos
Safend
Cryptzone
Lumension
Promisec
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
“Strong” User Authentication -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
Safenet
239
RSA
Cidway
CA
Vasco
SecurEnvoy Oracle
Symantec
Quest
ActivIdentity
Athena
ANB
Gemalto
Vendors to watch (Biometric): ANB, Authentic, L1, Secugen, UPEK
And others
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Access Management & Monitoring -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
CA Oracle
IBM
240
NetIQ (Novell)
Quest
Spatiq
Imperva
Symantec
Varonis
Whitebox
CyberArk
Xpandion
SAP
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Security Information & Event Management (SIEM/SOC) -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
HP
Symantec
IBM (Q1 Labs)
241
EMC
NetIQ (Novell)
McAfee (Nitro)
Splunk
Juniper
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Governance, Risk and Compliance Suites (GRC) -Israeli Market Positioning 1Q12
Loca
l Su
pp
ort
Market Presence
Player
Worldwide
Leader
Checkpoint (DynaSec)
SAP IBM
(Open Pages)
242
WCK
Bwise
KCS
Oracle
EMC
SAS Orantech
SoftwareAG
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Scan Me to Your Contacts… 243
Thank You!