BCS Elite Mark Evans
description
Transcript of BCS Elite Mark Evans
23 July, 2012 Dealing With My Insecurities About Security
Our Global
State of Mind
Mark Evans, IT Manager
Dealing With My
Insecurities About
Security
23 July, 2012 Dealing With My Insecurities About Security
The Challenge
• Physical security
• Data security
• Access security: systems
23 July, 2012 Dealing With My Insecurities About Security
Physical Security
23 July, 2012 Dealing With My Insecurities About Security
Physical Access
Issues
23 July, 2012 Dealing With My Insecurities About Security
We could use this for…
23 July, 2012 Dealing With My Insecurities About Security
… a film set!
23 July, 2012 Dealing With My Insecurities About Security
We could use this space for…
23 July, 2012 Dealing With My Insecurities About Security
… a concert by JLS!
…who?!
23 July, 2012 Dealing With My Insecurities About Security
Environmental
Issues
23 July, 2012 Dealing With My Insecurities About Security
Millennium Point
23 July, 2012 Dealing With My Insecurities About Security
London – MI5
23 July, 2012 Dealing With My Insecurities About Security
Birmingham - MI Foive
23 July, 2012 Dealing With My Insecurities About Security
Terrorist target?
23 July, 2012 Dealing With My Insecurities About Security
Public Access
23 July, 2012 Dealing With My Insecurities About Security
Very open-plan…
23 July, 2012 Dealing With My Insecurities About Security
Infrastructure
Issues
23 July, 2012 Dealing With My Insecurities About Security
Openreach service and repair
23 July, 2012 Dealing With My Insecurities About Security
Leaking roof!
23 July, 2012 Dealing With My Insecurities About Security
Sprinkler system…
23 July, 2012 Dealing With My Insecurities About Security
Physical security challenges
• Access issues
– Filming
– Concerts
• Environmental issues
– Terrorist target
– Neighbours (ThinkTank museum, various universities, colleges)
• Infrastructure issues
– Openreach
– Leaking roof
– Sprinkler system
23 July, 2012 Dealing With My Insecurities About Security
Data Security
23 July, 2012 Dealing With My Insecurities About Security
Access to servers
23 July, 2012 Dealing With My Insecurities About Security
Next step?
?
23 July, 2012 Dealing With My Insecurities About Security
Access to backup
media
23 July, 2012 Dealing With My Insecurities About Security
Data Security • Access to servers
– Far too easy
– Insecure
– Expensive to remedy within the building
• Access to backup media
– How near is “far enough away”?
– Rapid response?
– How secure is the repository?
23 July, 2012 Dealing With My Insecurities About Security
Access security:
systems
23 July, 2012 Dealing With My Insecurities About Security
Vendor security
23 July, 2012 Dealing With My Insecurities About Security
VPN
23 July, 2012 Dealing With My Insecurities About Security
Access security:
systems • Not considered a major issue except:
– More access via the internet
– Seek to deprecate VPN for non-IT staff
23 July, 2012 Dealing With My Insecurities About Security
Concept and
Realisation
23 July, 2012 Dealing With My Insecurities About Security
Wish list
• Physical Security
– Secure physical location
– Infrastructure issues eradicated
• Data Security
– Access to servers secured
– Access to backup services and media improved
• Access security - systems
– Meet current standard / improve where
practicable
23 July, 2012 Dealing With My Insecurities About Security
XaaS..?
• SaaS
– No real “fit” in terms of software provision
– Data location?
• PaaS
– Off-the-shelf software
– Very little in-house development
• IaaS
– What we have, but somewhere else!!!
23 July, 2012 Dealing With My Insecurities About Security
An aside…
• Overturning the London-centric
orthodoxy…
• “We can proudly boast that we have a
data centre in Canary Wharf…”
23 July, 2012 Dealing With My Insecurities About Security
Why Canary Wharf for data centres?
Terrorist threats..? IRA, 1996
'No guaranteed security' for Olympics says head
of MI5, Jonathan Evans –
The Independent, 26th June, 2012
Olympic missile testing ‘achieved its objectives’ –
Metro, 12th June, 2012
23 July, 2012 Dealing With My Insecurities About Security
Why Canary Wharf for data centres?
23 July, 2012 Dealing With My Insecurities About Security
Wish list
• Physical Security
– Secure physical location
– Infrastructure issues eradicated
• Data Security
– Access to servers secured
– Access to backup services and media improved
• Access security - systems
– Meet current standard / improve where
practicable
23 July, 2012 Dealing With My Insecurities About Security
Requirement
• Purpose-built, third-party data centre
hosting for IaaS private cloud
services – Physical security
– Data security
– Systems access security
23 July, 2012 Dealing With My Insecurities About Security
Physical Security
• Secure physical location?
– Third-party datacentre with biometrics, swipe
cards, 24-hour security
• N+1
• Datacentre is not a known terrorist
target(?!)
• Tier 3 design
• Multi-meshed MPLS network
• VESDA fire detection
23 July, 2012 Dealing With My Insecurities About Security
Data Security
• Access to servers – Via appointment, requiring photo id
– UK-based - Yorkshire(!)
• Self-contained backup solution – Managed backup solution as service add-on
23 July, 2012 Dealing With My Insecurities About Security
Access Security:
Systems
• Managed firewall
• RLB application of Microsoft Unified Access
Gateway
• SSL connections to internet-facing sites
• Active Directory
23 July, 2012 Dealing With My Insecurities About Security
Rider Levett Bucknall
• IaaS Private Cloud
• Hosted Exchange 2010
• MPLS Network (UK)
• Central services (Document Management
System, Finance system)
• SaaS HR system, mail branding
• Serving global colleagues
23 July, 2012 Dealing With My Insecurities About Security
And… relax..!