Data Protection &
Security for SME
Challenges & Praxis
Global Ideas for CRM + Competitive Intelligence + Mobility 2
Agenda
• Introduction
• Goals for this presentation
• Data protection and data security – understanding of differences • IT solutions for SMEs market segment - importance & challenges
- Personal data over-usage protection - Data loss prevention
- Data access viotation and protection tools
• Modern data protection challenges in the IT solution design - Business Case - SaaS CRM applications in the cloud
- Importance of IT security for Small Business & SMEs - Potential topics to be discussed
• Conclusions
• Questions & Discussion • Closing remarks
What we want to achieve !
Goals:
• To show the modern challenges in Data Usage and Protection
• To show that not all SMEs can get sufficiently protected
• To show that not all SMEs can have sufficient resources
• To start discussion on:
UNIFIED SENSITIVE DATA INTEROPERABILITY
&
DATA EXCHANGE SECURITY
STANDARDS
Also:
• To show huge potential market depth of Data Protection &
Global Ideas for CRM + Competitive Intelligence + Mobility 4
About the Speaker
• Since 1992 expert in expert involved in deployment of
innovative, modern technologies and modern management methods including ERP/IT systems
• Since August 1996 leads own consultancy registered in North
Bavaria (Oberpfalz, Bayern, DE)
• Co-owner of several small companies in PL
Areas of Expert Knowledge:
• Integration and optimizing of supply chain planning processes & ERP systems after Merger & Acquisitions
• Consulting focused on ERP systems (SAP, JDA, Oracle, Movex, etc.), mainly for lobal MNCs
• Design and deployment of regional operational planning
systems S&OP supported by IT systems (e.g. SAP APO, JDA/Manugistics, etc.)
• Designing and deployment of Competitive/Business
Intelligence solutions for stacjonary and mobile business
• Designing and deployment of mobile solutions for sales forces
• Training in modern management methods and technologies
• Evaluation of innovative potential for enterprises and dedicated projects
â
Po co się spotykamy i co chcemy osiągnąć
INCREASING
ROLE
OF
Global Ideas for CRM + Competitive Intelligence + Mobility 6
http://www.gartner.com/newsroom/id/281991 8
Gartner Hype Cycle Curve
Data Protection & Security for SME –
- Challenges
Personal Data Over-Usage Protection
- Sensitive Personal Data Access
- Data Anonymisation - Cross Country
Pers. Data Sharing
Data Loss Prevention
- Data Redundancy - Cloud Storage Solutions
-- Data Centres
Data Access Violation
- Usage of SSL Certificates
- BYOD Protection - SME as threat for LE
Global Ideas for CRM + Competitive Intelligence + Mobility 8
Personal Data Over-Usage Protection
- Challenges
Data anonymisation:
• Right to be forgotten
• Loss of marketing and social media
related data
• Over-usage of e.g. Facebook data sharing • Big Data extracting algotithms
Sensitive Personal Data Access:
• E.g. Medical Data
• Regulations different per country • European e-SENS interoperability
Cross-Country Personal Data Sharing:
• Customer Data for commercial usage (Ebay, Amazon) • EU-Regulations v.s. Country Regulation
• Shared Services and data ownership
Personal Data Over-Usage Protection
- Sensitive Personal Data Access
- Data Anonymisation - Cross Country
Data Loss Prevention
- Data Redundancy - Cloud Storage Solutions
-- Data Centres
Data Loss Prevention – modern expectations
Methods used for data
protection:
• Data redundancy – own intranet
servers
• Cloud double-storage – offered as
standard by cloud service providers
• Dedicated Data Storage
– redundant mass storage PLUS data recovery backup
Conclusion:
• We need the easy and cheep
standard for SME data
Global Ideas for CRM + Competitive Intelligence + Mobility 10
Data Access Violation – What can help us?
Usage of SSL Certificates:
• Domain Certificates (standard + EV) • Document Sign-Off certificates
• European e-SENS cross-certificates
Firewalls:
• Hardware Firewalls for single & multiple servers & VLAN • Centerprise Class Firewalls
• Software Defined Firewalls – gateways for router & VPNS
Security Software:
• Network, Application & Security
Optimizers (e.g. CITRIX)
• Virus & Host Intrusion Protection • Vulnerability Scanners
• Authentication Improvement for Applications and Infrastructure • Mobile Device Management including BYOD devices
Data Access Violation
- Usage of SSL Certificates
- BYOD Protection - SME as threat for LE
Po co się spotykamy i co chcemy osiągnąć
TOOLS
FOR SECURITY
PROTECTION
Global Ideas for CRM + Competitive Intelligence + Mobility 12
Elements of Data Protection & Security
Security Software (examples):
• Citrix NetScaler
Application, Network, and Security Optimization
• McAfee® VirusScan Enterprise
Anti-virus, Anti-spyware, Firewall, and Intrusion Prevention
• McAfee® Host Intrusion Protection with Reporting
Pro-active Security Against Known and New Threats
• Nessus Vulnerability Scanner
Vulnerability, Configuration, and Compliance Assessment
• Two-factor Authentication for SoftLayer Portal
Higher Security for Logging in to Your Infrastructure and Accounts
• Mobile Device Management
Purpose-built platform for enterprises to secure and manage mobile devices
Elements of Data Protection & Security
Firewalls (examples):
• Hardware Firewall
e.g. 10Mbps to 10Gbps protection for single servers.
• Hardware Firewall (Dedicated)
e.g. 1Gbps protection for single, multiple, or all servers on same VLAN.
• Hardware Firewall (High Availability)
e.g. redundant 1Gbps protection for single, multiple, or all servers on same VLAN
• Fortigate® Security Appliance.
e.g. high-performance, enterprise-class firewall protection.
• Gateway Appliances
Global Ideas for CRM + Competitive Intelligence + Mobility 14
Elements of Data Protection & Security
SSL Certificates (Secure Sockets Layer):
• GeoTrust SSL Certificates
- GeoTrust QuickSSL Premium Certificates
- GeoTrust True BusinessID® Server Certificates • Symantec Website Security Solutions
- Symantec Secure Site
- Symantec Secure Site with EV
Elements of Data Protection & Security
Compliance Security Standards:
• SOC Reports • ISO 27001 • ISO 27001
• Cloud Security Alliance – STAR Registrant • PCI Compliance
Global Ideas for CRM + Competitive Intelligence + Mobility 16
SaaS CRYSTAL CRM – Business Case for
Small & Smaller Medium Size Enterprises
METODOLOGIA
SCRUM
CRYSTAL CRM – SaaS Solution for Small &
Smaller Medium Size Enterprises
Why Small & Smaller Medium Size Enterprises ?
• Small companies have no funds for Mid Size Solutions (like MS Dynamics) • Small companies have no own IT-staff… 90% of IT services are external • Small E-Commerce (e-Shops) and field operating service companies
(brokers, sales forces, equipment repair, etc.) have no idea what CRM system is
• Estimated IT market depth for Small Enterprises in Poland may be as high as 2 ÷ 3 billion EUR (8 ÷ 12 billion PLN)
• Estimated IT market depth for Small Enterprises in Germany may be as high as 10 ÷ 20 billion EUR
Security Challenges:
• Prepared for hundreds of personalized users expected • Domain certification deployed
• Cloud data storage under deployment... Not easy
• Mobile devices security… not yet under control
Global Ideas for CRM + Competitive Intelligence + Mobility 18
RTM - Collaboration with Distributors
(example from Mobile CRM praxis)
Data flow between outlets and host brewary
Data collector Data collector Early Warning system Distributor Performance Dashboard at Brewary Brewary Distributors At Distributor Field Force Data Collection Data Handling at Distributor
Data Protection & Security in CRM Praxis
Data Protection and handling:
• Secure storage and handling of personal and commercially
sensitive data
• Must support Data Protection Act in Poland • Must ensure data anonymisation
• Must ensure safe and effective data backup and data recovery
Data Security:
• Secure profile creation and handling (using domain certificate) • Must minimize risk originated in usage of mobile devices
• Must incorporate certified documents sign-off
Global Ideas for CRM + Competitive Intelligence + Mobility 20
Conclusions
Presentation has tried to show:
• Different aspects of Data Protection & Security • Complicity of technologies to be integrated
• Small & Medium Size Enterprises DO NEED a cheep and unified
standard of Data Interoperability and Security
Worthwhile to start discussion on:
UNIFIED SENSITIVE DATA INTEROPERABILITY
&
DATA EXCHANGE SECURITY
STANDARDS
• Especially SMEs may profit from cheaper future solutions • New challenges nock to the doors:
Global Ideas for CRM + Competitive Intelligence + Mobility 22
