Upload
ow2-consortium
View
154
Download
0
Embed Size (px)
Citation preview
© PAC 2015
Open Source at the core of Cyber Security innovation
Mathieu Poujol Principal Consultant PAC – a CXP Group Company
September, 2016
© PAC
Why are we speaking a lot about Cyber Security those days?
2015 2
With is very day more value and criticality in the IT systems
PAC Horizons - Paris Edition - 21 Janvier 2016
The Digital Transformation
Big Data Co-innovation Collaboration Cloud As a service model
For business systems that are more and more open
…
© PAC
Cyber security is a critical catalyst of the digital transformation
3 2016
“People ask me all the time, 'What keeps you up at night?' And I say, 'Spicy Mexican food, weapons of mass destruction, and cyber attacks.’
Dutch Ruppersberger US House of Representatives
67% of European firms have Had a cyber breach in the last year, 100% reported a breach at some time in the past
V.High High Med
23%
Low
Breach severity
9%
35% 34%
WHY?
It’s serious It will happen
© PAC
17%
17%
21%
22%
40%
31%
32%
26%
29%
28%
31%
32%
26%
27%
16%
16%
15%
20%
16%
11%
6%
4%
6%
5%
4%
0% 20% 40% 60% 80% 100%
Internet of Things (IoT) / machine to machine (M2M)
Digital workplace / UCC
Cloud computing
Analytics (big data & BI)
IT / cyber security
How do you rate the topics on your IT agenda?
Very important Important Partly important Less important Not important
© P
AC
- a
CX
P G
roup
Com
pany
, 201
5
Shares in percentage of all companies surveyed, n = 2927
So it is at the top of the IT agenda
PAC Horizons - Paris Edition - 21 Janvier 2016 4 2015
Survey realised by PAC in 2016 with 150 Cyber Security decision makers
© PAC
Cyber security in the digital age: from the fortress to the airport
PAC Horizons – London Edition – 13 April 2016 5 2016
• Perimeter-based security • Minimal and controlled end points • Non flux / ecosystem based
businesses • Segmented approach • Company based
• Security in depth, multi-layered • Protection of critical data /processes • Adaptable to digital demands, IoT,
transformation etc. • Holistic approach • Collaborative approach
Ø It is too complex, too much human interactions, too much attacks… Ø “Traditional” approaches are too limited Why?
© PAC
How? Cyber Security’s paradigm shift
A big change in the market • Technology shift, that will soon be mandatory • Lower entry barriers & gives access to more powerful capacities to more
enterprises
It redefines competition
Behavioural & Contextual Analysis Machine learning Human enhancement
Artificial Intelligence Big Data
2015 PAC Horizons - Paris Edition - 21 Janvier 2016 6
© PAC
And don’t forget complexity
2015 PAC Horizons - Paris Edition - 21 Janvier 2016 7
Visibility Complexity
• Your security level is equal to the security level of the weakest link
• More links, more vulnerabilities
Holistic
• You cannot protect what you don’t know and don’t manage
• Cyber Security is a complete system, inside other systems
© PAC
A market that is at the same time mature and emerging • The lack of competencies promotes automat ion,
industrialisation and optimisation • An IT service intensive market, now and in the future as the
growth of the IT services remain higher
• A strongly segmented market, with large dynamism differences between the segments:
• Security Governance • Data & Application Security • ID & Access Management • Infrastructures Security
Market characteristics
2015 PAC Horizons - Paris Edition - 21 Janvier 2016 8
© PAC
• A specialist market • A technology centric market, with companies that remain strongly technology oriented • Many small local services and software providers • Still well linked with reseller activities especially in the least advanced countries • Many different players • Governments have a strong influence
• New players • Consulting companies • Start-ups betting on new technologies • Defence, homeland security, electronics… • Middleware generalist • Data specialist
• Consolidating market
• Fragmented and siloed technologies and services • Merger & Acquisitions
• An innovative market • That’s where open source and open innovation jump in
2015 PAC Horizons - Paris Edition - 21 Janvier 2016 9
As the result, an atypical market
© PAC
• First, the Digital is quite fuelled by the OSS • Social, Mobile, Analytics, Cloud, so does Cyber Security, often the second S at the
end of SMACS
• Collaboration in Cyber Security is mandatory. The OSS is collaborative by design • Project CHESS from the French IRT SystemX: more innovation with open innovation • Cyber Security collaboration between intelligence agencies, universities, research
centres, companies, etc…
• The new security paradigm is full of OSS • Cloud/Big Data & Artificial Intelligence
• Cyber Security is critical • Control over the code is important for certain companies and for sovereignty issues • The SIEM Prelude used by the French Army • Code review
• Cyber Security is also a mature market dominated by non European companies. • The OSS permits the development of cyber security solutions based on an open
platform • It lowers the entry barriers on a mature market
2015 10
The OSS and Cyber Security (1)
© PAC
• The “open” part of the OSS could be a problem for certain usages
• Pure OSS approaches tend to be not well adapted to certain business needs
• Founding the development of marketable solutions remain problematic
2015 11
But it’s not the panacea (there is no panacea in IT…)
• As for many new concept the solution is often around hybrid models that are able to take the best of the two worlds:
• R&D and platform approach with the OSS • Specific, stabilized and marketable solutions with the commercial
software model
© PAC
• To resume what is this platform behind the crypto currencies that will not have existed without the OSS:
• Totally based on the OSS platforms, • A prime example of all its advantages for
Cyber Security • A disruptive innovation that changes part of
Cyber Security approaches (like IAM), but also impact some businesses
2015 12
An example to summarize all of this: BlockChain
• But it also has some limitations: • Its openness make it unsuitable for some critical workloads • The development of chains seems entropic • Governance
• Again the solution comes from hybrid approaches such as Hyperledger
• A private permission based Blockchain • Hosted by the Linux Foundation and supported by large
global corporations and many start-ups
• Open Innovation in Cyber Security with the OSS
© PAC
PAC Horizons - Paris Edition - 21 Janvier 2016 13
MATHIEU POUJOL PRINCIPAL CONSULTANT [email protected] +33 (0)6 85 42 77 56 84 +49 (0)171 222 37 72
PAC – Groupe CXP 8 avenue des Ternes 75017 Paris www.pac-online.com www.cxpgroup.com
Let’s stay in touch! www.pac-online.com/cybersecurity
2015