Aircel Presentation by yaofenji


									Impact of Convergence on Information Security
July 07, 2011

Pankaj Agrawal
Head - IT Governance & CISO

 What is Convergence


 New Challenges – Telco Operators

 Ways to Facilitate Convergence

 Risk Convergence
What is Convergence?
Convergence is the tendency for different technological systems to
evolve towards performing similar tasks.

Convergence can refer to previously separate technologies such as
voice (and telephony features), data (and productivity applications),
and video that now share resources and interact with each other
Convergence describes technological and architectural changes that
organization are making to enable the consolidation of multiple
networks/ systems to a single infrastructure.
Convergence - Communication


 Mobile Telecom               Fixed telecom

   Wireless       Conver
 Technologies     gence

                                Cable TV

Impact of Convergence
                 Examples                   Transitional Impact
Infrastructure   Examples
                  Routers                  Transitionalbusiness to connect multiple,
                                            • Enabled the Impact
                  Firewalls
   Devices        Routers
                   IP services:         •Enabled separate networks and of
                                        •Services theofwere previously
                                        •Connection business range
                                                      that a wide to connect
                  Switches               introduce new network functionality to open
                  Firewalls
                  Email cameras
                   Cabling                the existing data network to circuits
                                          multiple, previously separate the
                                          carried over dedicated new to (eg
                                          newly IP-enabled devices devices
                  Switches door
                  Voice calls (VoIP)
                   Network point          analogue telephone signals)
                                          networks and introduce new have
                                          and services
                  Cabling points
                  Video monitoring
                   Wi-Fi access
                   locks                  network functionality to open the
                                          been converted to packet data
                  Third party links (eg• Manage network infrastructure as a single
                  Network point
                   Video conferencing
                   PDAs                 •Up gradation network to new
                                          existing data of existing devices
                                          allowing their integration and
                   MPLS)                  entity
                  Wi-Fi access points devices and services some
                   Remote forensic
                   Printers               transmission as services carried
                                          that allows the use of
  Devices         IP telephones        • Connection of a wide range of newly IP-
                  Third cameras
                   imaging party          services introduced to network
                                                    the converged the
                   IP-enabled links (eg across devices to the network
                  CCTV                   enabled
                 Network services:
                  MPLS) door locks
                   Electronic           •Manage network infrastructure as
                                          using IP network (eg VoIP
                  Domain Name
                   PDAs                 • Up gradation ofa PC) devices that allows
                                          a single entity
                                          software on existing
                  Printers
                   Service                the use of some services introduced to the
                  IP-enabled machinery   converged network (eg VoIP software on a
                  Network Time           PC)
  Services       User services:             • Services that were previously carried over
                  Email                      dedicated circuits (eg analogue telephone
                  Voice calls (VoIP)         signals) have been converted to packet
                  Video monitoring           data allowing their integration and
                  Video conferencing         transmission as services carried across the
                  Remote forensic            converged network using IP
                 Network services:
Multi-Layered Convergence Process

 Customer Convenience
   • From generalized to personalized communication
 Device Convergence
   • Universality
 Networks Convergence
   • Inter-connection and Inter-operability
 Service Convergence
   • New Sell and Price Strategies
 Sector and Market Convergence
 Converged Institutional bases
New Challenges – Telco Operators

   Service convergence
      • N-play services / N-play economics
      • Extends demand for broadband access
   Market structure
      • Strategic alliances (Content, Media, etc.)
      • Mergers and acquisitions
      • Consolidation
   New business models
      • Falling costs of traditional communication
      • Merger of customer base
Imperatives driving Convergence

                            Enterprises are becoming more complex in a
   Rapid Expansion of
  Enterprise Ecosystem
                            global economy where external partners are
 Value Migration from the
  Physical to Information   Increasingly, value is increasing from physical
   based and intangible     to information based assets

     New Protective         Emerging technology is creating a bridge
  technologies blurring     between physical and information security
  functional boundaries     functions

  New Compliances and       More regulations are developing in response to
   Regulatory regimes       new threats and business interactions

  Continuing pressure to    Enterprises are constantly trying to efficiently
       reduce cost          mitigate risk
Ways to Facilitate Convergence

 Build a trusted information sharing relationship
 Establish uniform security language in contracts
 Develop staff with knowledge of external stakeholders
 Identify “white space” risks between traditional disciplines
 Develop an understanding of other groups’ roles and responsibilities
 Understand business value drivers
 Integrate and share initiatives
 Reach out across functional boundaries


  Increase in competitive advantage
  Migration of security as a cost center to one of value add
  Transformation of functional security staff to multi-disciplinary
   business assurance agents
Risk Convergence

Risk convergence is a concept that allows an organisation to have a single picture
of risk and an integrated (holistic) approach to risk management across the entire

    Non-Converged Risk                              Converged Risk
               Senior                                      Senior
             Management                                  Management
                              Multiple Risk                                  Single Risk
                                Reports                                        Report

                     Financ                                         Financ
    Legal     IT        e
                               Ops              Legal      IT          e

                                                  Agreed risk terms, approaches and
Drivers for Risk Convergence
 • By removing                                                  • Organizational
   duplication associated                                         stakeholders, market
   with non-converged                                             analysts and financial
   risk management                                                institutions treat
 • Reducing headcount/                                            converged
   staff consolidation                                            organizations
                                Cost Benefits

                                                   Legal and

• Converged Risk                                                • Increased number of legal
  management will enable an                                       and regulatory obligations
  organization to pursue                                          favors single view of risk
  business opportunities with                                   • Establishing consistency
  a greater confidence                                            with standards
Challenges associated with Risk Convergence

  Inappropriate    • For example the Sarbanes-Oxley Act (US) has clear requirement to mitigate
                     risks related to the integrity of financial information, but has no requirements
    Risk bias        to address operational risks

                   • There are difficulties in bringing together different risk functions
  Cultural and     • Ex:- Information Risk skills generally come from an IT / scientific background
 Political clash     and Credit Risk comes from an accounting background

                   • To reach a converged risk picture it is necessary to compare and contrast
  Non-uniform        different types of risk and, to agree definition of terms and an agreed way to
 risk landscape      calculate risk

                   • Organisations vary enormously in size, MNCs with strong regional bases to
 Organizational      vast conglomerates
  complexity       • Single view of risk may not be practical in such cases

   Reduced         • There are specific risks in having a centralised approach to risk
 validation and      convergence, such as inherent weaknesses in the methodology and the
  verification       masking of changing risks

To top