SlideShare a Scribd company logo

Selling Data Security Technology

Flaskdata.io, profile picture
Flaskdata.io

The document discusses strategies for selling data security solutions to CEOs, highlighting the importance of understanding data security, the evolution of threats, and the need for a strong sales strategy. It emphasizes building business pain and securing sponsorship from top executives to drive the adoption of data security measures. The content also suggests ways to calculate the value at risk and address vulnerabilities within organizations.

1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Selling Data security to the CEO Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
Sell high “it's a lot easier to manage a  big project than a small one” Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.    
Agenda • Introduction and welcome • What is data security? • Defining the problem • After Enron • Weak sales strategy • The valley of death • Strong sales strategy • Execution    
Introduction • Our mission today – How to sell data security to the CEO    
What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
Defining the problem • You can't sell to a need that's never been  observed(*) – Little or no monitoring of data theft/abuse • Perimeter protection, access control – Firewall/IPS/AV/Content/AD     Lord Kelvin (*) Paraphrase of 
What happened since Enron • Threat scenario circa 1999 – Bad guys outside – Lots of proprietary protocols – IT decides • Threat scenario circa 2009 – Bad guys inside – Everything on HTTP – Vendors decide    
Weak sales strategy IT –  data security is  “very important” ...Forrester Management board –  fraud/data theft can maim or  destroy the company ...Sarbanes­Oxley    
Mind the gap IT –  We can get DLP  technology for 100K  and the first 6  months are free. ...Websense Management board – We  have Euro 100M VaR ...PwC    
The valley of death Logical &rational Emotional & Political IT Requirements  Compliance  requirements Meet Close vendors Evaluate alternatives Capabilities Project Presentation Talk to analysts Losing control Month 1 Month 5 Month 12­18    
Why you lose control • Issues shift – Several vendors have technology • Non-product differentiation • Divided camps – Nobody answers all requirements • Need a political sponsor • Loss of momentum – No business pain – No power sponsors    
Strong sales strategy • Build business pain – Focus on biggest threat to the firm – Rational • Get a power sponsor – CEO,COO, CFO,CIO – Personal    
Close the gap Toxic customer data  ­ VaR: 100M ­ VaR reducation: 20M ­ Cost: 1M over 3 years ...Security & Risk Management board – We  have 100M VaR ...PwC    
Execution – building business pain • Prove 2 hypotheses: – Data loss is happening now. – A cost effective solution exists that reduces risk to acceptable levels.    
H1: Data loss is happening • What keeps you awake at night? • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
H2: A cost effective solution exists • Value of information assets on PCs, servers & mobile devices? • What is the Value at Risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
What keeps you awake at night Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
Calculating Value at Risk Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
Learn more • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/ • Software to calculate Value at Risk PTA Professional http://www.software.co.il/pta    

More Related Content

PDF
Fns Incident Management Powered By En Case
tbeckwith
 
PPTX
People are the biggest risk
Evan Francen
 
PPTX
Business Intelligence In Cloud Computing A Tokenization Approach Final
Hossam Hassanien
 
PPTX
Harry Regan - It's Never So Bad That It Can't Get Worse
centralohioissa
 
PPTX
What if
sc00777
 
PPTX
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
 
PPT
ZENDAL BACKUP
Néstor Alemán Esteban
 
PPTX
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Fns Incident Management Powered By En Case
tbeckwith
 
People are the biggest risk
Evan Francen
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Hossam Hassanien
 
Harry Regan - It's Never So Bad That It Can't Get Worse
centralohioissa
 
What if
sc00777
 
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
 
ZENDAL BACKUP
Néstor Alemán Esteban
 
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 

What's hot (15)

PDF
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
PPTX
Cloud Computing Legal for Pennsylvania Bar Association
Amy Larrimore
 
PDF
Yakhouba
yakhouba sall
 
PPTX
Hp Fortify Pillar
Ed Wong
 
PPTX
On Common Ground: The Overlap of PCI DSS and Data Protection
Tripwire
 
PDF
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
PDF
Responding to and recovering from sophisticated security attacks
IBM
 
PDF
Robert beggs incident response teams - atlseccon2011
Atlantic Security Conference
 
PPTX
Zenith Infotech Mirror Cloud Presentation. 112211
hdmchughgmailcom
 
PDF
Gateway RIMS (Remote Infrastructure Management Services)
sonnysonare
 
PPT
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
Karen Graham
 
PDF
Managing Risk in IT
NTEN
 
PPTX
You Will Be Breached
Mike Saunders
 
PPT
College Presentation
scottfrost
 
PDF
Afac device-security-july-7-2014v7-2
KBIZEAU
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
Cloud Computing Legal for Pennsylvania Bar Association
Amy Larrimore
 
Yakhouba
yakhouba sall
 
Hp Fortify Pillar
Ed Wong
 
On Common Ground: The Overlap of PCI DSS and Data Protection
Tripwire
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
Responding to and recovering from sophisticated security attacks
IBM
 
Robert beggs incident response teams - atlseccon2011
Atlantic Security Conference
 
Zenith Infotech Mirror Cloud Presentation. 112211
hdmchughgmailcom
 
Gateway RIMS (Remote Infrastructure Management Services)
sonnysonare
 
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
Karen Graham
 
Managing Risk in IT
NTEN
 
You Will Be Breached
Mike Saunders
 
College Presentation
scottfrost
 
Afac device-security-july-7-2014v7-2
KBIZEAU
 
Ad

Viewers also liked (17)

PPTX
Campbell’s Pitch presentation
LexyKhoo
 
PDF
Win more ad agency new business pitches. It’s easier than you think.
Fuel Lines Business Development
 
PPTX
Pitch Perfect: Agency Secrets to Winning More Business
WP Engine
 
PPT
Selling Value
★ Scott Schnaars ★
 
PDF
How To Get Clients & Sell Without Selling (Social Selling)
Jane Frankland
 
PPTX
Arming Agencies for the Pitch
Crimson Hexagon
 
PDF
Airbnb pitch brief
Cubeyou Inc
 
PDF
Via NYC Agency Brand pitch
Mathias Jakobsen
 
PPTX
Chesamel Communications Creds
jncofie
 
PPTX
Cadbury campaign pitch presentation (naked idea agency)
yanahada
 
PDF
Star Group - Digital Agency Of Record Pitch
Lyndon Hale
 
PPTX
Selling Agency Ideas to Clients (Or Account Executives)
Second Wind
 
PDF
From Selling Technology to Selling Value (2008)
Marc Jadoul
 
PDF
The Pitch Process: Turning client briefs into great ideas, then selling them
Beyond
 
PDF
Business Development Frameworks & Tips for Agencies
Leslie Bradshaw
 
PDF
The art of selling value
Thorleif Astrup Hallund
 
PDF
Build a Better Entrepreneur Pitch Deck
Center For Entrepreneurial Innovation
 
Campbell’s Pitch presentation
LexyKhoo
 
Win more ad agency new business pitches. It’s easier than you think.
Fuel Lines Business Development
 
Pitch Perfect: Agency Secrets to Winning More Business
WP Engine
 
Selling Value
★ Scott Schnaars ★
 
How To Get Clients & Sell Without Selling (Social Selling)
Jane Frankland
 
Arming Agencies for the Pitch
Crimson Hexagon
 
Airbnb pitch brief
Cubeyou Inc
 
Via NYC Agency Brand pitch
Mathias Jakobsen
 
Chesamel Communications Creds
jncofie
 
Cadbury campaign pitch presentation (naked idea agency)
yanahada
 
Star Group - Digital Agency Of Record Pitch
Lyndon Hale
 
Selling Agency Ideas to Clients (Or Account Executives)
Second Wind
 
From Selling Technology to Selling Value (2008)
Marc Jadoul
 
The Pitch Process: Turning client briefs into great ideas, then selling them
Beyond
 
Business Development Frameworks & Tips for Agencies
Leslie Bradshaw
 
The art of selling value
Thorleif Astrup Hallund
 
Build a Better Entrepreneur Pitch Deck
Center For Entrepreneurial Innovation
 
Ad

Similar to Selling Data Security Technology (20)

PDF
Data Security Metricsa Value Based Approach
Flaskdata.io
 
PPTX
Gainful Information Security 2012 services
Cade Zvavanjanja
 
PPTX
Secure Iowa Oct 2016
Larry Slobodzian
 
PDF
Sexy defense
Iftach Ian Amit
 
PDF
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
PPTX
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
PPTX
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Damir Delija
 
PPTX
Oracle security-formula
OracleIDM
 
PPTX
MIS: Information Security Management
Jonathan Coleman
 
PDF
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStormSolutions
 
PDF
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
Raleigh ISSA
 
PDF
Why Have A Digital Investigative Infrastructure
Kevin Wharram
 
PPTX
The Perils that PCI brings to Security
Tripwire
 
PPTX
Top 12 Threats to Enterprise
Argyle Executive Forum
 
PDF
Presentation crafting your active security management strategy 3 keys and 4...
xKinAnx
 
PDF
James Beeson SOURCE Boston 2011
Source Conference
 
PPTX
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
PPTX
Information security for business majors
Paul Melson
 
PDF
InformationSecurity_11141
sraina2
 
Data Security Metricsa Value Based Approach
Flaskdata.io
 
Gainful Information Security 2012 services
Cade Zvavanjanja
 
Secure Iowa Oct 2016
Larry Slobodzian
 
Sexy defense
Iftach Ian Amit
 
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Damir Delija
 
Oracle security-formula
OracleIDM
 
MIS: Information Security Management
Jonathan Coleman
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStormSolutions
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
Raleigh ISSA
 
Why Have A Digital Investigative Infrastructure
Kevin Wharram
 
The Perils that PCI brings to Security
Tripwire
 
Top 12 Threats to Enterprise
Argyle Executive Forum
 
Presentation crafting your active security management strategy 3 keys and 4...
xKinAnx
 
James Beeson SOURCE Boston 2011
Source Conference
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Information security for business majors
Paul Melson
 
InformationSecurity_11141
sraina2
 

More from Flaskdata.io (18)

PDF
Flaskdata - Observability for clinical data
Flaskdata.io
 
PDF
The travel industry does real-time. Why doesn't clinical research?
Flaskdata.io
 
PDF
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io
 
PPTX
How to write secure code
Flaskdata.io
 
PDF
The insights that will help your medtech clinical trial succeed
Flaskdata.io
 
PDF
2017 02-05 en-eu-data-security_v2
Flaskdata.io
 
PPTX
Quick user guide to the Clear Clinica Cloud EDC system
Flaskdata.io
 
PPTX
Killed by code 2015
Flaskdata.io
 
PPTX
Killed by code 2015
Flaskdata.io
 
PPTX
Pathcare: Patient-issue oriented healthcare
Flaskdata.io
 
PPTX
The Tao of GRC
Flaskdata.io
 
PDF
Will Web 2.0 applications break the cloud?
Flaskdata.io
 
PPTX
Killed by code - mobile medical devices
Flaskdata.io
 
PPTX
Grc tao.4
Flaskdata.io
 
PPT
Data Security For Compliance 2
Flaskdata.io
 
PDF
Data Security For SMB - Fly first class on a budget
Flaskdata.io
 
PDF
Homeland Security - strengthening the weakest link
Flaskdata.io
 
PDF
Writing An Effective Security Procedure in 2 pages or less and make it stick
Flaskdata.io
 
Flaskdata - Observability for clinical data
Flaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io
 
How to write secure code
Flaskdata.io
 
The insights that will help your medtech clinical trial succeed
Flaskdata.io
 
2017 02-05 en-eu-data-security_v2
Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Flaskdata.io
 
Killed by code 2015
Flaskdata.io
 
Killed by code 2015
Flaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Flaskdata.io
 
The Tao of GRC
Flaskdata.io
 
Will Web 2.0 applications break the cloud?
Flaskdata.io
 
Killed by code - mobile medical devices
Flaskdata.io
 
Grc tao.4
Flaskdata.io
 
Data Security For Compliance 2
Flaskdata.io
 
Data Security For SMB - Fly first class on a budget
Flaskdata.io
 
Homeland Security - strengthening the weakest link
Flaskdata.io
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Flaskdata.io
 

Selling Data Security Technology

  • 1. Selling Data security to the CEO Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
  • 2. Sell high “it's a lot easier to manage a  big project than a small one” Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.    
  • 3. Agenda • Introduction and welcome • What is data security? • Defining the problem • After Enron • Weak sales strategy • The valley of death • Strong sales strategy • Execution    
  • 4. Introduction • Our mission today – How to sell data security to the CEO    
  • 5. What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
  • 6. Defining the problem • You can't sell to a need that's never been  observed(*) – Little or no monitoring of data theft/abuse • Perimeter protection, access control – Firewall/IPS/AV/Content/AD     Lord Kelvin (*) Paraphrase of 
  • 7. What happened since Enron • Threat scenario circa 1999 – Bad guys outside – Lots of proprietary protocols – IT decides • Threat scenario circa 2009 – Bad guys inside – Everything on HTTP – Vendors decide    
  • 8. Weak sales strategy IT –  data security is  “very important” ...Forrester Management board –  fraud/data theft can maim or  destroy the company ...Sarbanes­Oxley    
  • 10. The valley of death Logical &rational Emotional & Political IT Requirements  Compliance  requirements Meet Close vendors Evaluate alternatives Capabilities Project Presentation Talk to analysts Losing control Month 1 Month 5 Month 12­18    
  • 11. Why you lose control • Issues shift – Several vendors have technology • Non-product differentiation • Divided camps – Nobody answers all requirements • Need a political sponsor • Loss of momentum – No business pain – No power sponsors    
  • 12. Strong sales strategy • Build business pain – Focus on biggest threat to the firm – Rational • Get a power sponsor – CEO,COO, CFO,CIO – Personal    
  • 14. Execution – building business pain • Prove 2 hypotheses: – Data loss is happening now. – A cost effective solution exists that reduces risk to acceptable levels.    
  • 15. H1: Data loss is happening • What keeps you awake at night? • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
  • 16. H2: A cost effective solution exists • Value of information assets on PCs, servers & mobile devices? • What is the Value at Risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
  • 17. What keeps you awake at night Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
  • 18. Calculating Value at Risk Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
  • 19. Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
  • 20. Learn more • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/ • Software to calculate Value at Risk PTA Professional http://www.software.co.il/pta