Outsourcing it security yes, it’s still your problem

The views and opinions expressed within this presentation are solely my own and do not necessarily reflect the position of my employer, nor are they intended to be

taken as business, security, financial or legal advice.

Outsourcing IT Security:Yes, it’s still YOUR problem

Jay Leek

A history of hi-techand innovation

• 1865: Founded• 1898: Finnish Rubber Works Ltd. • 1967: began electronics• 1992: Launch 1st GSM device• 1999: World’s #1 manufacturer of

mobile devices • 2009: World’s 5th most valued brand with ~38%

global market share

Our global footprintis a key strength for Nokia ensuring that we retain an

international perspective

Over 1000 Collaborators worldwide

Device manufacturing in 9 countries

Over 125,000 employees

Europe

North AmericaLatin America

Asia-Pacific

Middle East & Africa

Greater China37%

22%14%

13%10% 4%

Nokia sales BreakdownOver $70 Billion

Ask theaudience

Outsourcing is nothing new…

Maturity ofIT Security Outsourcing

The question is not if, but when… Embrace it while you still have an option

Getting there will not be easy

Good days…

Normal days…

Challenging days…

The key is to notjust take a plunge

Must select the

right provider

Know who is in control

Owning risks

Architecting the right solution for YOUR company

Architect:Antoni GaudíFacts and storiesVisitor tours

Flexibility

DISCLAIMER: Because safety is a priority, "You Got 30 Minutes™" is not a guarantee, but an estimate.

30 minute guarantee?

Manage your SLAs

Balance

Establishing a partnership via collaboration governance

ExampleGovernance Model Strategic

Tactical

Operational

Your company

Service Provider

Executive Board

Operational Management Board

Business LevelManagement Board

Opportunity

Meet with your vendor regularly

You must consider them part of YOUR team to achieve success

Governance is not free

Getting the deal done

Take away:•Industry has changed

•Threat landscape has evolved more quickly than most companies can manage

•As IT Security professionals, we must evolve our mindset

•Reward vs. Risk