Cybersecurity:HowVirtualizationandThreatstoBigDataHaveChangedtheBusinessLandscapeThecommercializationoftheinternetsincethe1980’shascontinuouslyandexponentiallychangedthewayofthemodernworld.Thisappliestobothconsumersandbusinessesalike.Ontheconsumerend,unlimitedinformationisavailableatthetouchofabutton.Everydaytasksthatusedtotaketimeandeffortlikedepositingmoneyinthebankarenowassimpleastakingapicturewithamobiledeviceandenteringyourbankinginformationonline.Fromanindustryviewpoint,technologycreatestheopportunitytoreachamuchwidermarketplaceandcontinuouslyoffernewproductsandsolutionstoconsumerswhichhelpsfirmsnotonlystayrelevantinanever-changinglandscape,butalsofindnewwaystogrowrevenues.Asaresultofthisparadigmshift,datacollectionhasbecomeanessentialcomponentofmanybusinessoperations.Whetheritbethecollectionofcustomerinformationorofinternetcookies,thestorageofdatacouldn’tbemoreimportant.Naturally,asthenecessityforefficientdatacollectiongrows,sodoestheneedtoprotectthatinformationatallcosts.Itdoesn’ttakelongtofindanexampleofhowlackofdataprotectioncanimpactamajororganization.InDecemberof2013,NorthAmericanretailerTargetwassubjecttoadatabreachwherehackerswereabletocollectover40millioncreditanddebitcardnumbersaswellas70millionrecordsofTargetcustomersincludingnames,phonenumbers,addresses,andemails1.Thisresultedina46%dropinprofitsinthefourthquarterof2013comparedtothatoftheyearprior,nottomentionthe$100MspentbyTargettoincreasetheirsecuritysystemsletaloneconductdamagecontrol.AnotherprimeexampleofthisissueisthatoftherecentAshleyMadisonhack.Forthosenotfamiliar,AshleyMadisonisanonlinedatingwebsitethatallowsuserstoarrangeextra-maritalaffairs.Hackerswereabletoessentiallystealthedatabaseuserlistandwentasfarastomaketheuserlistpublicallyavailablefornootherapparentreasonoutsideofdisagreeingwithwhatthecompanyrepresentsfromanethicalpointofview.Clearlytheworldhasevolvedtothepointthatdataisnowimperativeinordertoconductbusiness.Thishasresultedintheneedforsecurityandprotectionofthisdata.Does

$170BCybersecurityMarketby2020

March2016

thisprotectioncomefrominternallygeneratedprogramsandsoftwareorisitbesttobelicensedouttoathirdparty?Whatkindofthreatsshouldafirmbeawareofandwherecanthebestsolutionbefound?ThisWhitePaperwillexplorehowdatasecurityhasevolvedinrecentyears,whatkindofsolutionsarecurrentlyavailableandhowtheintroductionofcloudcomputinghaschangedthesoftwaresecurityindustryinitsalreadyshortexistence.SizeoftheCybersecurityMarketWiththeuseofdatagrowingexponentiallysoistheneedtoprotectit.Forbesestimatesthattheworldwidecybersecurityindustrytotalled$75billionin2015andisprojectedtogrowto$170billionby20202.Cybersecurityisarelativelyvagueterm,howeveritincorporatessecuritymeasuresfromtechnologyfieldssuchastheInternetofThings(IoT),fintechanddatacollection.Infact,IoTrelatedsecurity(includedintheoriginalfigure)isanindustrycurrentlyestimatedat$6.89billionandexpectedtogrowto$29billionby20203.Cloudsecurityandmobilesecurityareothersegmentsofthemarketthataccountforapproximately68%ofthemarketandareprojectedtogrowat9.8%CAGRby20204.Atestamenttohowquicklythismarketisgrowingistheintroductionofcybersecurityinsurance–insuranceincaseofadatabreach.Approximately$2.5billionwasspentonthisin2015andisexpectedtotripleby20205.HowhastheIndustryChanged?TherearetwomajorwayscompanieshavehadtochangetheirITinfrastructure.Theyaretheresultofbothinnovationandtheneedforconsolidationinanevergrowingworldofdata:

1) Virtualization:Thisreferstocreatingvirtualplatformsratherthanhavingtoconstructphysicalones.Traditionally,companiesbackeduptheirinformationanddataintophysicalharddrives–apracticethatisstillpresenttoday.However,intoday’slandscape,thismethodisonlyusedasabackupintheeventthatonlineserverspaceorcloudspacefails.Virtualizationofserverspacehasallowedcompaniestoeliminatetheneedforlargedatacentersonpremise.Whilethebenefitsofvirtualizationareclear,ithascreatedanadditionalsecurityconcernintheworkplace.

2) CloudComputing:Buildingonthevirtualizationprocess,cloudcomputingisawaytooptimizetheuseofspace.Insteadofhavingtostoreallinternaldataonlargeserversatcompanyheadquarters,cloudcomputingprovidesavirtualizedsolutionforcompanies

tostoretheirdata.Essentially,firmsleaseoutspacewithinthecloud(whichisofferedbythirdparties)andhaveaccesstotheamountofspacetheyneedfortheirdata.Theessentialcomponentofcloudcomputingisthatitallowsallpartiesinvolvedtoaccesstheinformationstoredondemandbothinternallyandfromremotelocations.

Cloudcomputingisnowattheforefrontofinfrastructureforbothlargeandsmallfirmsalike.Asaresult,therearenumerousconsiderationsbeingtakenregardingitssustainabilityandpracticalityinthemodernworkplace.OneimportantfactoristheconsiderationofBringYourOwnDevice(BYOD)intheworkplace–apracticethathasbecomemoreandmorecommonplace.Aswell,companiesareheavilyrelyingonmobileapplicationssuchasDropbox(acloudbasedapp)tomaintaindatawithintheworkforce.Thishasresultedingeneralfearamongemployeesandmanagementregardingthesecurityofappsthatarecloudbased.AccordingtotheCloudUsageRiskandOpportunitiesSurveyReportbytheCSA,whichsurveyedover160ITandsecurityspecialistsacrosstheU.S.,over50%ofrespondentsstatedthatthebiggestconcernaboutcloudbasedapplicationswererelatedtostorage6.Inregardstowhatpoliciespertainingtothecloudaremostheavilybeingreinforced,over80%ofrespondentsindicatedthatcloudstorageandcloudbackupwereattheforefront,aclearsignthatdataleakageandsecurityisoftheutmostimportance7.TypesofSecurityInfrastructuresPerimeterNetworkSecurity:Oneofthemorefamiliarandcommonsecuritymeasuresistheimplementationoffirewalls.Firewallsareintendedtopreventunauthorizedaccessfromunwarrantedpartieswhilestillallowingtheflowofinformationtoandfromacompany’snetworkbyacceptableparties.CloudSecurity:Aswementioned,cloudcomputingintheworkplacehasbeenontherise.However,maintainingtheintegrityofthisdataandprotectingitfromunwantedsourcesisamongthebiggestproblemsandfearsamongusers.Cloudcomputingitselfisn’tlikelytodisappearcreatingalargerdemandforproductsthatcanensurethesecurityofthedatacontainedwithinthecloud.Infact,66%ofITspecialistssaytheirorganization’suseofcloud-basedresourcesreducestheirabilitytoprotectconfidentialinformationand64%believeitmakesitdifficulttosecurebusinesscriticalapplications8.

Changes&ThreatstoFirmsandtheSoftwareTheyUseThetwoexampleslistedpreviouslyaredirectlyindicativeofthetypesofbreachesthataffecttheusersofacompany’sproductsorservices.However,thereisalsothematterofprotectingacompany’sproprietaryinformationaswellasthedatatheyuseonadailybasistoeffectivelyruntheirfirm.Whilethisdatamaynothaveadirectimpactontheconsumerthemselves,itisequallyimportanttothecompanythatthisinformationstayprotected.Arecentstudyattemptedtoestimatetheimpactofdatabreachesonacompanyinafinancialcapacity.Thestudyshowsthatper100,000customers,theestimatedimpactofadatabreachisapproximately$201.28percustomertotaling$20.1Mdollars9.Withthelikelihoodofabreachoccurringbeingestimatedat11.8%,thetotalexpectedvalueofadatabreachequatestoanaverageof$2.37M10.Atthispointweexaminesomeoftheissuesrelatedtocybersecurity.Thecostliesttypeofbreachthatcouldoccurforacompanywouldresultfroma50%increaseinthebackupandstorageofcustomersensitivedata–ifthisinformationwerelostitwouldcostacompanyanaverageof$7.34M11.Anothertypeofcostlydatabreachwouldresultfromtheexpansionofcloudprovideroperationsresultinginfinancialdifficulties(fortheprovider)–estimatedat$7.06M12.Thispointiscoveredbelow:

• Theaccessofinternaluserstoexternalapplicationswarrantstheimplementationofasecuritymeasure.Putsimply,thiswouldbeacaseofanemployeegoingthroughdifferentwebsiteswhileatworkandtheapplicationcouldbeconsideredtheinternaldatabasecontainingcompanyinformation.Organizationsmustbeabletoprotecttheinformationstoredintheapplicationaswellasdetectmaliciouscontentattemptingtoenterintoit.Thestandardsolutiontothisproblemistheimplementationsoffirewalls.HowevertheubiquitoususeofsocialmediaintheworkplacehasexpandedthisthreatleadingtotheintroductionofNextGenerationFirewalls(NGFWs)whichprovidethesameriskmanagementasatraditionalfirewallbutalsoidentifiessafeapplicationswhileenforcingapplication-levelpolicies13.

• Comparatively,externaluseraccesstointernalapplicationsisanotheressentialcomponentofdatasecurity.Thisconcerndirectlyrelatestoacompany’sbottomlineandisinlinewiththetraditionalfearofgettinghacked.Intoday'senvironment,therearesomanyusersofthedatathatitisessentialtodistinguishbetweenusersaccessingitremotelyforlegitimatepurposesandunwantedvirusesorcomputerhackers.Onecommonfearfromthisstyleofattackisknownasdistributeddenial-of-service(DDoS)anditcommonlyemployedasawayofbreachingafirm’sdata.SolutionsmustbeabletoblockDDoSattacksandbeabletoidentifylegitimateusersofthecompany’sdataandmalwareorattacksthatseektocauseharm.

• BringYourOwnDevice(BYOD)hasbecomecommonplaceallowingemployeestoaccess

sensitivedatafromtheirowndevicesfromtheworkplaceandremotely.Thisresultsinthemostdangerousofbreachesshouldithappen14.Approximately53%ofemployeesusetheirowndevicesintheworkplacewhile50%ofthisgroupareconnectingtothecompanycloudviathesedevices15.InherentintheBYODproblemisthatofBringYourOwnCloud(BYOC)whichresultsfromcustomersbringingthirdpartycloudbasedappsintotheworkplacesimplyasafunctionofbringingintheirowndevices.

• Finally,therearerisksassociatedwithactuallyhostingthedatathroughvirtualization–essentiallyinthecloud.Aspreviouslymentioned,oneofthelargersecuritythreatsforcompaniesisthatofstoragemanagement.Accesstothecloudmustbecompletelysecuretoensurethatinformationisnotstolenorcontaminatedbyoutsideforcessuchasmalware.Duetothesizeandscaleofthedataitisessentialthatlatency(i.e.speed)isnotanissueandthatinformationisabletoquicklyandsecurelyflowtoandfromeachnecessaryparty.

CybersecuritySolutionsAsisthenatureofsuchalargeindustry,thereareagrowingnumberofsolutionsbecomingavailabletomeetthecybersecurityneedsofeveryonefromtheconsumerathometomultinationalcorporations.Below,weoutlinethecompanyVirtualArmor,astheyareanall-inclusivedatasecurityprovider.VirtualArmor(VAI.CSE)VirtualArmorisanInformationTechnologycompanyfocusedondeliveringcybersecurityandnetworksolutionstobusinesses.VirtualArmorpartnerswithleadersintheITindustrytoprovidesolutionsandofferstheabilitytocustomizeasolutionbasedonfirmspecificneeds.StrategicpartnersincludeworldleadersintheITsecurityfieldsuchasJuniper,IBM,VMwareandseveralothers.Solutionsinclude:

SecurityIntelligenceSolutions:Onekeytoeffectiveinformationsecurityisvisibility–whoisaccessingwhat,when,andwhere;knowingwhatisnormalbehavior;identifyingabnormalormaliciousbehavior.Intodaysenterprise,thisvisibilitytypicallyequatestohundredsofthousandsoflogentriesfromnetworkandsecuritydevicesandplatforms,mostofwhichcannotbereviewedindepth.VirtualArmorprovidesaSecurityIntelligenceplatformthatwillingestandconsumeallsecurityandaccessrelateddataandlogs,performadvancedanalyticsandeventcorrelationacrossthedatasetinreal-time,providingtheuserwithadistilledviewofidentifiedSecurityIncidentsthatarerelevanttothespecificcustomerenvironmentandsecurityposture.

• CloudApplicationSecuritySolutions:VirtualArmoroffersaCloudSecurityandVisibilitysolutionthatprovidesfullvisibilityintousageofcloudapplicationswithinanorganization,andinmanyinstancesprovideadditionalsecurityandauditcontrolsfortheapplications.Thisserviceallowsuserstosecurelymanagetheinflowandoutflowofsensitivedatafrombothsanctionedandnon-sanctionedcloudapps.

• DDoSProtectionSolutions:DDoSareacommonformofattacksthatfirmsmayface.

Overtime,thesestyleofattackshaveevolvedtobecomebetteratpenetratingsecuritymeasuresandfoundmorecreativewaystoremainunidentified.VirtualArmor’sDDoSsolutionprotectsagainstthelargestandmostsophisticatedDDoStechniquesattheflipoftheswitch–orautomaticallywhenthresholdsareexceeded.Thissolutionensuresacompany’scriticalinternet-facingapplicationsandservicesremainavailablesolelytolegitimateusersandcustomers.

WhilethesesolutionsareamajorcomponentoftheVirtualArmorsuite,theyareonlyafewoftheofferingsthattheyprovide.Traditionally,companiesareforcedtoworkwithseveralthirdpartyproviderstomanagetheirdatasecurity–sometimesseveraldifferentcompaniesoffersolutionstoeachuniqueproblem.Thiscanbestrenuousonafirm’sITdepartmentparticularlyhavingtokeeptrackofwhichserviceproviderresolveswhichsolution.Thisisinefficient,costly,andtimeconsuming.VirtualArmoractsasanumbrellaserviceproviderensuringthatallsecuritymeasuresarecoveredbyonecompanywith24/7supportwhiletakingadvantageofitsrelationshipswithstrategicpartnerstoensurethehighestqualityofprotection.Theseproductsinclude:

• PerimeterNetworkSecurity:Althoughthenetwork“perimeter”continuestogrowandtoblur,traditionalandNextGen(NG)firewallsarestillahighlyeffectivefirstlayerofprotection.Asstatedbefore,thesearefirewallsthatactasafirstlineofdefenseagainstinboundandoutbounddatabothfromtheofficeandremotely.Aswell,thefirm’stechnologyprotectsagainstlowlatency,DDoSattacksandoutlinessinglepointsoffailureimmediately.

• PublicandPrivateCloudSecurity:Currentlyamajortrendincybersecurity,VirtualArmoroffersawidevarietyofsolutionstohelpensurethesecurityofacompany’spublicorprivatecloud.Usingvirtualization-awarestoragesolutionsandvirtualizednetworkfunctionslikesecureroutersandfirewallshostedinthecloud,VirtualArmorworkscloselywithindustryleadingpartnerstoensurethesecurityofthecontentswithinacloud.

• RemoteandMobileAccess:Withindividualmobiledevicesandworkingawayfromthe

officebecomingcommonplaceintheworkforce,thesecurityofremoteaccessandmobiledeviceshasneverbeenmoreimportant.VirtualArmorisabletoworkcloselywithanycompany’sITdepartmentstoensurethatremoteaccesshaslow-latencyandthatthereisminimalriskfromemployeesaccessingsensitivematerialfromtheirremotedevicesoroutsidetheoffice.

Aswecansee,cybersecurityanddatamanagementhasbecomeanincreasinglygrowingconcernforcompaniesofallsizes.Theintroductionofcloudbasedcomputinghasentirelyshiftedtheparadigmofthinkingforcompaniesacrosstheworld.Datamanagementisnowattheforefrontofthemindsofcompaniesthatseektomaintainproductivityinthisnewdigitalageaswellaskeepinformationoutofthehandsofthoseseekingtocauseharm.TheTargetleakandAshleyMadisonleakareonlytwoofcountlessexamplesofbusinessesbeingtakenadvantageofandtheybothgotoshowthedamagethatcanbedonefrombothafinancialperspectiveandreputationperspective.Theseexamplesaretwoofmanythathavealreadyoccurredandwithoutadoubttherewillbemanymoretocome.Asdatasecuritystrengthens,hackersandill-intentionedgroupsfindnewwaystogainaccesstoinformationandcauseharm.Asbusinessesandconsumerscontinuetonavigatetheirwayinadigitaleconomy,cybersecuritywillplayaneverincreasingroleinensuringthatsafetyofallpartiesinvolved.ContactInformationBabakPedramPresidentbpedram@virtusadvisory.com

PritSinghAccountManagerpsingh@virtusadvisory.com

CoreyCohenAssociateccohen@virtusadvisory.com

VirtusAdvisoryGroupInc.1FirstCanadianPlace100KingStreet,West,Suite5600Toronto,ON,M5X1C9T:416-644-5081|f:416-644-8801www.virtusadvisory.com|twitter.com/Virtus_Advisory

AboutVirtusAdvisoryGroupVirtusAdvisoryGroupisanindependentcapitalmarketsadvisoryfirm,providingselectprivateand publicly listed companies with capital markets strategy, investor relations and businessconsulting services. We specialize in helping technology, healthcare and clean energycompaniesstrategicallynavigatethecapitalmarkets,growretailandinstitutionalinvestorbaseandeffectivelycommunicatewithallstakeholders.

DisclaimersTheinformationandrecommendationsmadeavailableherebyTheVirtusAdvisoryGroupInc.(“VirtusAdvisory”)and/orallaffiliatesisforinformationpurposesonly.Theopinionsexpressedinthisarticlearebaseduponouranalysisandinterpretationofwidelyavailablemarketandcompanyinformation,andnottobeusedorconstruedasanoffertosellorsolicitationofanoffertobuyanyservicesorsecurities.VirtusAdvisorynoritsprincipals,officers,directors,representatives,andassociateswillbeliablefortheaccuracyoftheinformationincludedinthisarticlenorshallbeliableforanylossesorliabilitiesthatmaybeoccasionedasaresultoftheinformationorcommentaryprovidedinthisarticle.VirtusAdvisorymayactascapitalmarketsadvisorforcertainorallofthecompaniesmentionedinthisarticle,andmayreceiveremunerationforitsservices.VirtusAdvisoryand/oritsprincipals,officers,directors,representatives,andassociatesmayhaveapositioninthesecuritiesmentionedinthisarticleandmaymakepurchasesand/orsalesofthesesecuritiesfromtimetotimeintheopenmarketorotherwise.Donotconsiderbuyingorsellinganystockwithoutconductingyourownduediligence.Priortomakinganyinvestmentdecision,itisrecommendedthatyouseekoutsideadvicefromaqualifiedorregisteredinvestmentadvisor.

Copyright©2016byVirtusAdvisoryGroup

Allrightsreserved.Nopartofthispublicationmaybereproduced,distributed,ortransmittedinanyformorbyanymeans,includingphotocopying,recording,orotherelectronicormechanicalmethods,withoutthepriorwrittenpermissionofVirtusAdvisoryGroupInc.,exceptinthecaseofbriefquotationsembodiedincriticalreviewsandcertainothernoncommercialusespermittedbycopyrightlaw.

1TheTargetBreach,BytheNumbers2CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20203CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20204CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20205CybersecurityMarketReached$75Bin2015;ExpectedtoReach$170Bby20206CloudUsageRisksandOpportunitiesSurveyReport7CloudUsageRisksandOpportunitiesSurveyReport8Ponemon–DataBreachCloudMultiplierEffect9Ponemon–DataBreachCloudMultiplierEffect10Ponemon–DataBreachCloudMultiplierEffect11Ponemon–DataBreachCloudMultiplierEffect12Ponemon–DataBreachCloudMultiplierEffect13UniqueSecurityChallengesintheDatacentreDemandInnovationSolutions14Ponemon–DataBreachCloudMultiplierEffect15Ponemon–DataBreachCloudMultiplierEffect