Aircel Presentation by yaofenji

VIEWS: 32 PAGES: 12

									Impact of Convergence on Information Security
July 07, 2011

Pankaj Agrawal
Head - IT Governance & CISO
Aircel
Agenda

 What is Convergence


 Impact


 New Challenges – Telco Operators


 Ways to Facilitate Convergence


 Risk Convergence
What is Convergence?
Convergence is the tendency for different technological systems to
evolve towards performing similar tasks.


Convergence can refer to previously separate technologies such as
voice (and telephony features), data (and productivity applications),
and video that now share resources and interact with each other
synergistically
                                  or
Convergence describes technological and architectural changes that
organization are making to enable the consolidation of multiple
networks/ systems to a single infrastructure.
Convergence - Communication


                  Internet


 Mobile Telecom               Fixed telecom



   Wireless       Conver
                              Broadcasters
 Technologies     gence

   Information
                                Cable TV
  Technologies


                  Others
Impact of Convergence
                 Examples                   Transitional Impact
Infrastructure   Examples
                  Routers                  Transitionalbusiness to connect multiple,
                                            • Enabled the Impact
                  Firewalls
   Services
Infrastructure
   Devices        Routers
                 Usertelephones
                   IP services:         •Enabled separate networks and of
                                          previously
                                        •Services theofwere previously
                                        •Connection business range
                                                      that a wide to connect
                  Switches               introduce new network functionality to open
                  Firewalls
                  Email cameras
                   CCTV
                   Cabling                the existing data network to circuits
                                          multiple, previously separate the
                                          carried over dedicated new to (eg
                                          newly IP-enabled devices devices
                  Switches door
                  Voice calls (VoIP)
                   Electronic
                   Network point          analogue telephone signals)
                                          networks and introduce new have
                                          network
                                          and services
                  Cabling points
                  Video monitoring
                   Wi-Fi access
                   locks                  network functionality to open the
                                          been converted to packet data
                  Third party links (eg• Manage network infrastructure as a single
                  Network point
                   Video conferencing
                   PDAs                 •Up gradation network to new
                                          existing data of existing devices
                                          allowing their integration and
                   MPLS)                  entity
                  Wi-Fi access points devices and services some
                   Remote forensic
                   Printers               transmission as services carried
                                          that allows the use of
  Devices         IP telephones        • Connection of a wide range of newly IP-
                  Third cameras
                   imaging party          services introduced to network
                                                    the converged the
                   IP-enabled links (eg across devices to the network
                  CCTV                   enabled
                 Network services:
                  MPLS) door locks
                   machinery
                   Electronic           •Manage network infrastructure as
                                          using IP network (eg VoIP
                                          converged
                  Domain Name
                   PDAs                 • Up gradation ofa PC) devices that allows
                                          a single entity
                                          software on existing
                  Printers
                   Service                the use of some services introduced to the
                  IP-enabled machinery   converged network (eg VoIP software on a
                  Network Time           PC)
                   Protocol
  Services       User services:             • Services that were previously carried over
                  Email                      dedicated circuits (eg analogue telephone
                  Voice calls (VoIP)         signals) have been converted to packet
                  Video monitoring           data allowing their integration and
                  Video conferencing         transmission as services carried across the
                  Remote forensic            converged network using IP
                   imaging
                 Network services:
Multi-Layered Convergence Process

 Customer Convenience
   • From generalized to personalized communication
 Device Convergence
   • Universality
 Networks Convergence
   • Inter-connection and Inter-operability
 Service Convergence
   • New Sell and Price Strategies
 Sector and Market Convergence
 Converged Institutional bases
New Challenges – Telco Operators

Convergence
   Service convergence
      • N-play services / N-play economics
      • Extends demand for broadband access
   Market structure
      • Strategic alliances (Content, Media, etc.)
      • Mergers and acquisitions
      • Consolidation
   New business models
      • Falling costs of traditional communication
      • Merger of customer base
Imperatives driving Convergence

                            Enterprises are becoming more complex in a
   Rapid Expansion of
  Enterprise Ecosystem
                            global economy where external partners are
                            increasing
 Value Migration from the
  Physical to Information   Increasingly, value is increasing from physical
   based and intangible     to information based assets
          assets

     New Protective         Emerging technology is creating a bridge
  technologies blurring     between physical and information security
  functional boundaries     functions

  New Compliances and       More regulations are developing in response to
   Regulatory regimes       new threats and business interactions


  Continuing pressure to    Enterprises are constantly trying to efficiently
       reduce cost          mitigate risk
Ways to Facilitate Convergence

 Build a trusted information sharing relationship
 Establish uniform security language in contracts
 Develop staff with knowledge of external stakeholders
 Identify “white space” risks between traditional disciplines
 Develop an understanding of other groups’ roles and responsibilities
 Understand business value drivers
 Integrate and share initiatives
 Reach out across functional boundaries

                             Convergence

  Increase in competitive advantage
  Migration of security as a cost center to one of value add
  Transformation of functional security staff to multi-disciplinary
   business assurance agents
Risk Convergence

Risk convergence is a concept that allows an organisation to have a single picture
of risk and an integrated (holistic) approach to risk management across the entire
organisation.

    Non-Converged Risk                              Converged Risk
               Senior                                      Senior
             Management                                  Management
                              Multiple Risk                                  Single Risk
                                Reports                                        Report




                     Financ                                         Financ
    Legal     IT        e
                               Ops              Legal      IT          e
                                                                                 Ops

                                                  Agreed risk terms, approaches and
                                                               measures
Drivers for Risk Convergence
 • By removing                                                  • Organizational
   duplication associated                                         stakeholders, market
   with non-converged                                             analysts and financial
   risk management                                                institutions treat
 • Reducing headcount/                                            converged
   staff consolidation                                            organizations
                                                                  favorably
                                                   Market
                                Cost Benefits
                                                  Pressures




                                                   Legal and
                                Organizational
                                                  Regulatory
                                   Benefits
                                                 requirements

• Converged Risk                                                • Increased number of legal
  management will enable an                                       and regulatory obligations
  organization to pursue                                          favors single view of risk
  business opportunities with                                   • Establishing consistency
  a greater confidence                                            with standards
Challenges associated with Risk Convergence

  Inappropriate    • For example the Sarbanes-Oxley Act (US) has clear requirement to mitigate
                     risks related to the integrity of financial information, but has no requirements
    Risk bias        to address operational risks



                   • There are difficulties in bringing together different risk functions
  Cultural and     • Ex:- Information Risk skills generally come from an IT / scientific background
 Political clash     and Credit Risk comes from an accounting background



                   • To reach a converged risk picture it is necessary to compare and contrast
  Non-uniform        different types of risk and, to agree definition of terms and an agreed way to
 risk landscape      calculate risk



                   • Organisations vary enormously in size, MNCs with strong regional bases to
 Organizational      vast conglomerates
  complexity       • Single view of risk may not be practical in such cases



   Reduced         • There are specific risks in having a centralised approach to risk
 validation and      convergence, such as inherent weaknesses in the methodology and the
  verification       masking of changing risks

								
To top