a delicate balance: a visual guide to secured business operations
TRANSCRIPT
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
1/32
A Delicate BalanceA Visual Guide to
Secured Business Operations
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
2/32
Today, as a business leader,youre on the hook. And too often in the dark,
pressured by the Three Rs of global management: Regulation, Reputationand Risk. Regulation: CEOs sign off on Sarbanes 404 processes, and
government leaders design the regulations to protect all interestseach
not always knowing the best blueprint for implementation. Reputation:
Reputations can vanish overnightall by what you dont know. Risk: From
mergers and acquisitions, to global trade, to immigration snafus, cascades
Its big.
Its bright.Its vulnerable.
Introduction
Introduction
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
3/32
3
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
4/32
Introduction
of undetected risks can be unleashed throughout the extended enterprise.
And there lies the issue. Today, the devils bargain of globalization is the demon of
complexity: More to go right, and more to go wrongfaster, farther, and deeper than
ever before. But today, there is a way to minimize global meltdownswith holistic
solutions that converge logical security with physical security, helping you to better
manage risk and optimize operations. That way, you avoid or take the bad
risk in stride, while focusing on the risks that truly drive shareholder
value. Balancing good risk with the bad: This is the challenge of this
new environment. One system. One view of physical and digital
reality. All driving stronger control and greater competence.
So Whats New Here?
Not the hardware or necessarily the technology. In this new world, from RFID
to iris scanners, the technology is all out there, mature, proven and affordable.
What isnew is the demand to converge physical security with data security, thereby
connecting all your data and technology on a single global infrastructure. Power grids.
Air trafc control. Financial systems. Emergency response networks. Everything that
matters. All in one highly controlled, tightly connected network.
Today, these once separate worlds can be connected and protected on a single
seamless platform. This is what we mean by converged security: security in which
inside merges with outside, meaning where the world of data and IT merges
BRAZIL
$762 billion
$1.69 trillion
$6.07 trillion
UNITED KINGDOM
$1.44 trillion
$2.46 trillion
$3.78 trillion
More than
5,000%
2,000%
to 5,000%
1,000%
to 2,000%
500%
to 1,000%
Less than
500%
Source: The Goldman Sachs Group, Inc. (2003)
UNITED STATES
+357%BRAZIL
+797%
A Look at the Future
FRANCE
+219%UNITED KINGDOM
+262%GERMANY
+193%
UNITED STATES
$9.82 trillion
$18.3 trillion
$35.1 trillion
The map above shows projected GDP growth between 2000 and 2050, accordingto a Goldman Sachs report. The projected gures at right show China overtaking theUnited States as the nation with the worlds largest gross domestic product sometimearound the year 2040.
YEAR
2000
2025
2050
Introduction
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
5/32
with the world of physical security. The result is an ability to manage across the
entire enterprise in terms of protecting people, data, places, and things. The power,
then, is in the integration. And often, that means better integrating the resources
and technologies that you already have.
Whats more, by using open architectures, your network can be future-
proofed, with more advanced technologies easily added in orderly sequences,
without a lot of costly rework. By integrating these two worlds, your system gains
an enhanced ability to spot, respond, and avoid threats. With autonomics
self-healing IT technologiesyour system better balances capacity, uses fewer
resources, and quickly heals itself in the event of a disruption.
As a result, you can focus more on value-added investments and
correspondingly less on re drills and damage control. As Coca-Cola Chairman and
CEO Neville Isdell puts it, The companies that succeed in the 21st century will be
those that manage change without disruption.
Transformation #1: A Growing Threat Environment
The trouble is, the threat environment is constantly changing.
As FBI Director Robert Mueller observed not long ago, In
this world of technological advances, every 18 months the
threats will change, and we have to be agile enough to
5
INDIA
+5,928%RUSSIA
+1,501%JAPAN
+159%
GERMANY
$1.87 trillion
$2.60 trillion
$3.60 trillion
ITALY
$1.08 trillion
$1.62 trillion
$2.06 trillion
RUSSIA
$391 billion
$2.26 trillion
$5.87 trillion
INDIA
$469 billion
$3.17 trillion
$27.8 trillion
CHINA
$1.07 trillion
$10.2 trillion
$44.5 trillion
JAPAN
$4.18 trillion
$5.57 trillion
$6.67 trillion
FRANCE
$1.31 trillion
$2.09 trillion
$3.15 trillion
ITALY
+190%
CHINA
+4,159%
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
6/32
90 percentAmount of world cargo thatmoves by sea.
35 percentAmount of world trade thatmoves along the MalaccaStraits, the worlds most pirate-infested waters.
$50 millionRansoms paid to Somali pirates.Unprecedented, says Lloydsof London.
18.5 millionNumber of containers thatarrived in U.S. ports in 2007.
5 percentAmount of containers physicallyscreened each year.
2,777 per dayMalicious code threats worldwide.
1 millionNumber of computers hit byviruses or Trojan horses in 2007.
116 hoursAverage time ID theft victimsspend repairing the damage.
address those threats when they do change. The simple truth is, we do not protect
cyberspace to the same extent that we protect our physical space. We have left
our doors open to our business practices, our sensitive data, and our intellectual
property. Case in point: In just one haul, 40,000 credit cards were stolen. And 70
percent of those victimsex-customers, ratherreported spending 12 months to
restore their credit. Staggeringan annual cost of almost $50 billion. And for too
many organizations, business as usual.
The other related challenge is risk management, but here again, its a delicate
balance. In this case, it means balancing compensatedriskthe risk that
the marketplace rewardswith uncompensatedrisk, never rewarded but only
punished if you miss.
But just what is the nature of this risk? It is the risk of an almost fathomless
complexity unleashed by everyone and everything that your organization is
connected to within a vast global network. In the old days, when organizations
could build a moat and control everything within their four walls, they never had to
deal with such risk and complexity. Today, the opposite is true, and the result can
be like a vast power gridterric to behold when the lights are on and the sun is
shining. But what about when risk spikes? The result then is not unlike the domino
effect of a power-grid blackout, when one node or tree can trigger a cascade of
outages, taking down states and even whole regionsagain, because of how
much larger, complex and densely interconnected the system is.
Now consider some of the triggers in your world.
Your system gets hacked or a hard drive disappearstens of thousands of
Introduction
The U.S. FBI estimates there are 100,000computer viruses on the Internet, andcopyright and trademark theft costs$25 billion annually. It has becomesuch a concern that computer crimesonly rank behind stopping terrorism and
counterintelligence as FBI priorities. C O MPU TER C R I ME RESEARC H C ENTER
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
7/32
Our ability to compete in theglobal economy, to protectourselves against crime andterrorist attack, depends noton walls and fences but on our
ability to use information. U K P R I M E M I N I S T E R G O R D O N B R O W N
20-plusNumber of freighters owned orcontrolled by Al Qaeda.
165 millionNumber of records exposedglobally in 2007.
20 percentPortion of the U.S. Federalbudget spent to fight terrorismannually.
14,000Terrorist attacks globally in 2007.
81 millionNumber of fingerprint records onthe FBI database.
$3.5 trillionAmount of U.S. commercesupported by air shipmentsannually.
158 percentIncrease in cyber-attacks in
2007.
55 percentIncrease of attacks on U.S.Military networks.
$2 trillionEstimated cost of a bird flupandemic.
20 percentWorld population potentiallyaffected by a bird flupandemic.
35 percentAmount of world trade thatmoves by air.
$650 billionWorldwide counterfeit theftannually.
50 percentPercentage of counterfeitpharmaceuticals, according to theWorld Health Organization.
$200-250 billionEstimated U.S. losses fromcounterfeit drugs.
$1 trillionAmount of money laundered
globally each year.
$911 billionBad debt carried in Chinesebanks40 percent of GDP.
7
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
8/32
identities lost, as T.J. Maxx and Marshalls owner, The TJX Companies, discoveredwhen 45.7 million credit and debtor records went missing. Or the wrong person is
waved across a border. Or a rogue medicine bottle bearing your name becomes
the lead story on CNN. Whatever happens, in a global world, it happens fast, as
what carried your fortunes up carries them down with the force of a wrecking ball.
What you feel then is literally the connected weight of the world as everything
youre connected to spirals out of control. Like hitting the brakes on black ice
ill-prepared and seeing only part of the pictureorganizations can over-react and
skid out in such situations, with no good way to steer and no way to stop.
Take cyber-crime. In a 2007 Deloitte survey of the top global nancial
institutions in 32 countries, 65 percent reported external breeches. Of these,25 percent involved more than $1 million in losses, and 4 percent experienced
losses that ran as high as $49 million. And why? Often because of the sheer
complexity of the circuitry, stretching through dozens of nodes. Thats a lot to go
wrong, especially at Internet speeds.
And look at what can happen. Weeks after the fact, whipsawed by events
amid nes, lawsuits and damaged careersexecutive teams are still struggling
not only to contain the damage, but to trace its spreading effects. How many
records lost? What did those records contain? How might this information affect
our partners and theirpartners? In an economy in which 70 to 80 percent
of market value comes from brand equity, intellectual capital and other
intangibles, were talking about the kind of event that can severely
damage your enterprise, or even take it down.
Transformation #2: A Changed Regulatory Environment
Consider some of the transformations in the global
competitive environment over the past decade.
On the downside, leaders now need to deal with
regulations, like Sarbanes-Oxley and 404; with stakeholders and activist shareholders;with round-the-clock, whistleblower stock news; with the new global high-bar of
global corporate responsibility; and nally, with the new dynamics of the stakeholder
revolutionmany more people and groups to keep happy.
Then there are the effects of globalization itselfbeginning with the huge rise
in global standards and regulation, and continuing with the ever-mounting risk as
organizations expand their footprints. Take food security, one of the top risks noted by the
2009 World Economic Forum. Already this year, there have been multiple scares. But why?
With new technology and sensors, supply chain managers can track food in real time,
registering every detail about its condition, temperature or location.
Transformation #3: A Loss of Control with Critical Information
Finally, there are the competitive risks of Globalization 3.0, when virtually
every organization has a hub in India or China, if not both. One big issue is how to
control intellectual property from thousands of miles away. The simple fact is, most
organizations cannot: At two removes, the typical organization loses control of its
IP, as suppliers swiftly turn into fast-learning, price-advantaged predators. How to
protect IP from such new competition, much less against state-sponsored systems of
industrial espionage?
Yet another feature of our time: the swings between the publics exceptionally low
tolerance and extraordinarily high expectations. In a world tired of market meltdowns,
there is arguably more public and regulatory fervor (and market punishment for perceived
transgressors) than at any time since The Great Depression. At the same time, with more
customer information on le than ever, the public has a much higher expectation that
organizations will keep their critical personal data secure. Or else.
For all these reasons, integrity or controls lapseswhether intentional or
unintentionalcarry a much higher price than they did a decade ago. Indeed, enough to
take down your company, or set it back for years.
Introduction
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
9/329
But Now For the Good News: There Is Far More to Go RightThe good news is, the upside has changed as well, as much because of
plethora of new technologies, as because of a revolution in standards and
improved business processes that make digital change faster, easier and
cheaperand far more predictable. Today, as a result, there are many, many
things to go rightwith your enterprise:
Rightabout the availability, reliability, predictability and purity of your
products.
Rightabout the ability to uncover business patterns and customer needs.
Rightabout the ability to turn from playing defense to driving innovation.
Rightabout the ability to recover faster and more nimbly than competitors.Above all, security demands balance. Over-balance the equation in favor of
security, and an enterprise loses efciency and agility. Under-balance it, and the
enterprise opens itself to dangerous levels of risk. Or stagnates through the risk-
aversion and lack of innovation that so often goes with it. Either way, the days are
gone when global players can, or should, manage the process alone.
Striking the Right Balance Between Security and Innovation
Striking the right balance between risk and innovation is what this brief visual
book is about: To visualize a world buffeted by so many forcesmany all but
invisiblethat the system is almost better visualized than explained.
In a people context, theres the need to identify, track and protect individuals.
Here positive identication not only means having the right systems and
processes, but the control to see inside those processes, with data-rich views
that can precisely authenticate identities.
For highly dispersed databases in different agencies and governments,
enhanced visibility improves their ability to interactto follow the same
protocols, search the same elds, speak the same language and draw common
assumptions. Including the ability to safely collaborateeven globallyknowingtheir intellectual property is truly secure.
Or consider a large bank. With disconnected legacy databases, the typical bank
is often dangerously fragmentedripe for the lone operator who, with a laptop and
the right algorithm, can take down whole networks.
On the business front, meanwhile, the same bank blankets an existing
customer with credit card solicitations, all while missing the fact that Ms. Doe is
ready for a car loan or a home renance. Add an M&A and the chaos factor only
growsa digital hall of mirrors. Before organizations can collaborate effectively, they
need to trust. But to trust, they need better security, together with the kind of clarity
and condence that go along with it.
Tomorrow: Timely, Comprehensive Intelligence
So how can organizations make it happen?
Not through any one solution.
First, success demands a comprehensive system able to identify, track and
trace people, goods and information systems. The key here is not a new system,
but rather a better architected and integrated system with far better sensors. The
resultshown schematically throughout this visual bookis a new era of visibility
and control into everything that your organization touches.
But again, the ultimate goal is tipping the good-risk/bad-risk equation inyour
favor. It means knowing the landed costs of goods once they arrive. Or controlling
the quality, accuracy, predictability and freshness of your product, whether it be heat-
sensitive drugs or sushi-grade toro.
Above all, security means an organization that inspires condence in the
marketplacea trusted leader with the situational awareness needed to correctly
read the patterns and run the right plays. And today theres a path to achieve it, only
this time by better deploying the assets that you already have.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
10/32
Your new world is
one with
Risk Factors
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
11/32
in which problems happen
faster, spread farther, and create
more havoc than ever before.Why? Because of everything your
enterprise is connected to.
no off switch
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
12/32
How GoodsMoveTHE TYPICAL SHIPPING CONTAINER can pass
through 17 handoffs, or nodes, each posing a
new risk. This routefrom Karachi, Pakistan,
to a Midwest department storeinvolves
four modes of conveyance, ve countries, one
ocean and two seas. The bigger risk: too many
teams in too many places.
Here, a reputable global clothing
manufacturer stuffs and seals the containerin Karachi, a city with a history of unrest.
Eventually, the container is hoisted aboard
a ship: globally speaking, a needle in the
proverbial haystack.
Consider, too, the risk picture of Pakistan.
Surprisingly, for a poor country, theft (a huge
problem in Latin America, for example) is
relatively minor. More likely: plentiful heroin
from nearby Afghanistan. And arms: AK-47s,
rocket-propelled grenades, even shoulder-red
missiles capable of bringing down an airliner.
Then theres the risk of hitchhikers, like thepresumed terrorist who was found hiding
inside a container with airport maps and a
phony mechanics ID.
Current remedies: Measuring the
container (has a double wall been created?)
and weighing cartons (too heavy for shirts?).
More ambitious: radiological and biological
inspections, GPS, and even RFID knowledge
down to size, color and numbers.
From Pakistan to Peoria . . . Seventy-ve days and 14 handoffs later, how one cotton shirt
1 2 3 4 5 6
A container truck picksup the loaded container
and transports it toQasim International
Container Terminal.
The consolidationwarehouse loads cartons
into a 20-foot container,then seals the container
using a barrier sealand indicative tape.
Cartons of nished goodsare delivered by truck
to the consolidationwarehouse.
A purchase order is
cut for 600 cartons of
shirtssome 75,000in all. The order is then
lled by a contractmanufacturer in Karachis
Textile District.
DAYS 2-24KARACHI, PAKISTAN
DAYS 24-26KARACHI, PAKISTAN
DAYS 28-29KARACHI, PAKISTAN
The container is checkedinto Port Qasim. There,
after being released bycustoms and terminal
authorities, it is loaded
onto the feeder vessel.
DAY 30KARACHI, PAKISTAN
The feeder vessel sailsfrom Karachi to Sri Lanka
by way of Mumbai, India.This rst part of the
journey takes ve days.
DAYS 31-35ARABIAN SEA
DAY 1KARACHI, PAKISTAN
Busiest PortsRanked by Container Trafc
PORT CONTAINERS PER YEAR
1. Singapore, Singapore 24,792,000
2. Hong Kong, China 23,539,000
3. Shanghai, China 21,710,000
4. Shenzhen, China 18,469,000
5. Busan, South Korea 12,039,000
Source: 2006 American Association of Port Authorities rankings
Peoria,Illinois
Chicago Cleveland
Newark
Halifax, Nova Scotia
Atlantic
Ocean
11
9
10
1413 12
Risk Factors
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
13/3213
makes its way from Karachis garment district to a Midwest department store.
7 8 9 10 11 12 13 14
The mother vessel
arrives in Nova Scotia.
More containers aredischarged. The vessel
then departs for thenal leg of its journey
to the United States.
The mother vesselsails 18-19 days to
Halifax, Nova Scotia,traveling through the
Suez Canal, across theMediterranean, then
across the Atlantic.
Vessel arrives at Colombo
Port. There, the shippingcontainer is trans-loaded
from the feeder vessel tothe mother vessel, bound
for the United States.
The vessel arrives at
Mumbai Port. After
discharging somecontainers, the
vessel then departsfor Sri Lanka.
DAY 36MUMBAI, INDIA
DAY 39COLOMBO,SRI LANKA
DAYS 40-59AT SEA
DAY 59HALIFAX,NOVA SCOTIA
The mother vessel arrivesat the Port of New York/
New Jersey, where thecontainer is ofoaded.
After customs and
terminal releaseapainstaking process
with cargo from SouthAsiait is then hoisted
onto a container truck.
DAY 62NEWARK, NJ
The container arrives bytruck at the distribution
center. Here, ofciallytaking control, the
shipper breaks the
lock, unloads thecontainer, then enters
relevant trackingand location data
into the warehousesreceiving system.
DAY 65CLEVELAND, OH
Final delivery. Shirts areremoved from the carton
and placed on sale for$24.99. Youll take the
blueand wear it that
night at the barbecue, alittle more than 10 weeks
after it was ordered.
Three hundred cartonsof shirts arrive by truck
at the warehouse of amajor department store.
There, the cartons arereceived and put away.
Then, after the store
sends a demand signal,the selected cartons are
packed and shipped.
DAY 69CHICAGO, IL
DAY 75PEORIA, IL
1
6
Karachi,Pakistan
2
4
Colombo, Sri Lanka
Mumbai, India
Arabian Sea
Suez Canal
9
3
7
8
5
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
14/32
Risk Factors
THEYRE NEXT-DOOR NEIGHBORS, growing faster than any
two economies in history. And, at 2.5 billion strong, they
offer two massive labor pools the size and quality of whichthe world has never seen. Yet as China and India become
the worlds largest economies, each brings the risk of
political turmoil (Kashmir, Taiwan), environmental collapse (20
of the worlds most polluted cities are in China), and social
tension. (In 2005 alone, China saw 87,000 protests and
public disturbances.)
For business partners, these two economies present
still other risks: counterfeiting, IP theft, suspect food
and toys. Finally, there is perhaps the biggest risk of all:
environmental catastrophe. Then theres perhaps the most
rampant risk of alllosing control of your intellectual
property. Without the latest privacy tools, in as little as two
removes, an organization effectively loses control of its IP.
In 2006, the U.S. did $343 billion in trade with China.
But what if Chinas industries are caught selling tainted
toys or food? Where to turn? And what about the alarmingamount of non-performing loans that Chinese nancial
rms are carrying, estimated to exceed $1 trillion, or a
staggering 40 percent of GDP.
India presents similar riskshighest of all, political
risks, with its 10 million-strong bureaucracy and culture
of corruption holding back the tens of millions of ordinary
Indians who struggle just to meet lifes basic needs.
Will these two titans break down, or break through?
One thing for sure: Partners will need robust contingency
plans and tight controls.
The China-India Effect
The Weather ChannelWHATS UP WITH this crazy weather? During 2004 and
2005, the U.S. saw seven of the most damaging storms
in the past 106 years. Including Katrina.
In any case, wherever you stand on the Global
Warming debate, there is no denying the growing severity
of tropical storms. Today, the number of intense Category
4 and 5 hurricanes has nearly doubled. Or consider 2008
alone: In the space of two weeks, Hurricane Gustav
caused an estimated $3 billion in damage in the U.S.,
while catastrophic oods in northern India left a million
people homeless.
The other wild card is the ever-mounting value of
what hurricanes can destroy. By some estimates, that
damage-potential is doubling every 10 years. Over the
next ten yearseven at a conservative multiplier of 4
percentthe cost of a once-in-a-century storm could
soar to $200 billion.
Then theres the oil factor. With the U.S. Gulf
accounting for 30 percent of the nations oil production
and 20 percent of its natural gas, storms can severely
cripple the economy. Witness Katrina, which damagedalmost one-fth of U.S. oil production. In any case, the
severity of stormsand the connected infrastructures
they disruptnow vastly exceeds the power of
government to contend with them. Enter Walmart, which
stepped up during Katrina, supplying its customers with
batteries and food, water and ice. The goodwill that such
hardiness and versatility engenders is incalculable.
Survivable systems. Variable plans. Redundant
capacity. All help organizations lessen the chaos that
storms can unleash.
Risk Factors
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
15/3215
THE CNN EFFECT is the BBC, Facebook, and Matt
Drudge Effect. Its the herd effect of rampant news 24/7,
all driving the kind of mass speculation and worry thatsparks global stampedes.
Its the stock that takes a beating, often on little
more than rumors. Its the gravity-defying story that wont
go awayan eternity if its your story. Above all, its how
stories can accelerate and mutate in a world with no off
switch. All with huge impacts on global business.
It wasnt always so. Until 1980, when CNN
opened its doors, people got their TV news in
modest, meal-like doses. But then with the revolution
in telecommunicationsespecially in instant live
coveragecame the rise of truly global stories like
the O.J. Simpson trial, 9/11 (half the TV-owning public
watched) or the Beijing Olympics.
Omnipresence has its costs, however. In fact, it
could cause a rethinking of the old adage, Theres no
such thing as bad publicity. Several years ago, when amajor oil company was caught overstating its reserves, its
stock sank 10 percent in the rst two weeks. Unfortunately,
the bad news only continued, triggered by government
investigations, high-level executive resignations, and a
review of the companys management structure.
As The New York Times put it, When the Terrorist
Era meets the Information Age, a Time of Confusion
results. The issue is managing the confusion, rather
than succumbing to it. The real task is nding a safer
harboror at least a better workaround.
The Media Effect
The Regulatory WaveTHE ASIAN FINANCIAL CRISIS. The Argentine
nancial collapse. The dot-com crash of 2000, and now
the sub-prime melt-down, bringing down giants like Bear
Stearns, Fannie Mae and the UKs Northern Rock.
The result: Waves of national and global
regulation... Sarbanes, IFRS, Basel II, and much
more to come. Add to that wave after wave of corporate
governance. Security breach reporting. Privacy and data
protection. Not to mention industry-specic regulation.Further confusing matters is the global dimension,
in which laws and regulation founded on territorial
jurisdictions are often imposed on cross-border
transactions and information ows. The resulting
complexity and compliance risk poses one of the great
pressures on 21st-century leaders. Beginning with a
tab that, for the top 100 institutions, could reach $100
billion by 2010.
Such overwhelming complexity likewise explains
why a recent survey revealed that only 41 percent of
the companies surveyed felt their boards really have a
handle on it. In this sense, the Regulation Wave is reallya security concern. Not to mention a brand risk for
those organizations that drop the ball.
Today, theres a better way: Doing a full
regulatory inventory, then rationalizing the necessary
controls and responsibilities. In other words, by treating
compliance holistically as a securitymatter, with the full
cooperation of IT.
Against the regulation wave, there is only one
optionswim faster. Fortunately, next-level integration
can keep the leaders well ahead of the wave.
CORBIS(2)
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
16/32
SNAP. China stumbles, or Avian Flu boils
up. Or a container scare triggers a rolling
port shutdown.
A hyper-connected world is loaded
with traps, and anything can trip them. In
a connected world, the effects are vastlymagnied in force and speed, especially if
your organization lacks connections needed
to negotiate the best path. The result is a
world of big winners and big losers in which
acting rst is critical. This also explains how
small players can fast become huge, while
the big players can fall faster and harder
than ever. Why? Because of the domino
effects of a connected world.
Risk Factors
TerrorismIn 2007, there were 14,000
terrorist attacks resulting
in over 22,000 deaths. Of
the total reported attacks,
about 43 percent occurred
in the Middle East/Persian
Gulf, while some African
countries experienced
a staggering 96 percent
increase in violence. Today,
each year the U.S. spends
about $500 billionor roughly
20 percentof the federal
budgetin its efforts to combat
or prevent terrorism.
Anti-GlobalForcesWhat if activists or failing
states make doing business
prohibitive in parts of the
world? What if China exes
its muscles, as Europe
does the same? In time,
will 9/11 come to be seen
as globalizations rollback?
What if U.S. unilateralism
continues to polarize?
Apparently, globalization
has its antimattercan youcounter it?
OutbreakGlobalization is the ultimate
Petri dish, spawning, even
in the past few decades, at
least 35 new diseases. Take
Avian Flu. It is now estimated
that an outbreak could cost
between $1.5 to $2 trillion,
while affecting one of out
ve people. What if your
workforce suddenly had to
spend months working from
home? Do you have the plans
and system security able to
support it?
PotentialTraps andEffects
Risk Factors
ShareholderPressureIt began with Enron and
WorldCom, with investors
sacking CEOs, disrupting
meetings and shaking up
boardsanything to make
the numbers. Today,
shareholders and stakeholders
putyour business under
more scrutiny than ever. Add
to that the era of corporate
responsibility and enhanced
scrutiny, and the stakes have
never been higher.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
17/32
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
18/32
Your new world is aone-strike-
heavily
Solutions
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
19/32
youre-out world,punishing mistakes.
New regulations and standards. An era of
corporate responsibility. Activist stakeholdersand a hyperactive press. All have ratcheted up
the expectations around security. Or else.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
20/32
TELEGRAPH INVENTOR Samuel F.B. Morse
spoke of his great aim to annihilate
distance. Today, the challenge is invisibility:
The millions of products and shipments that
can be lost, pilfered or counterfeited as they
traverse the world.
Ocean-going shipments hold a special
danger: Just try to nd out who really
owns a ship. As William Langewiesche
observes in The Outlaw Sea, forty thousand
merchant ships . . . wander the wor ld with
little or no regulation. This includes the
20-plus freighters estimated to be owned or
controlled by al Qaeda.
The high ground for business and
government is control in all modes: sea,
air and land. For high-value or high-danger
goodspharmaceuticals, for instance
electronic pedigrees offer a detailed log of
every stop, from plant to loading dock to
checkout scanner.
What is it? Who wants it? Where is it?
The difference is, real-time knowledge of
whats in the box, down to granular detailsof sizes and colors. Its a stronger demand
signal, along with the real-time ability to
satisfy customers with accurate and timely
shipments. And its the wealth creation of
precision pricing.
Today, secured trade is a driving force in
shareholder value. As business follows the
sun, success demands a bigger picture and
a brighter, sharper lens.
ControlFrom SpaceGPS and other tracking
technologies follow
the container through
every conveyance,
ship, truck, rail or air.
Meaning, the ability to
commit-to-order, with a
sure delivery date.
ControlIn the ContainerEverythingin detail. Where through
GPS. Whatthrough RFID. Who had it,
when. The result is a rolling inventory,
protecting every pallet. Technologies:
pallets shrink-wrapped, RFID-tagged,
then smart-sealed with currency-like
tape that exposes tampering. Plus,
monitoring devices that send alerts
about excessive heat or vibration.
Maintaining SecurityOn Every LevelOn air, land and at sea, goods are locked
and locatedat every step, even when
switching teams and modes. And people
are fully accounted for.
LABEL
LABEL
8 FEET WIDE
KEEPING CONTAINERS SAFE
8 FEET TALL, 40 FEET LONG (2 1/2 CAR LENGTHS)
FALSE WALL
Each container is
measured to ensureagainst false walls that
might conceal illegaldrugs, weapons or
immigrants. Radiological and
biological tests are
performed. High-tech deterrents
are deployed insideand out. Can include
radiation sensors,GPS devices, smart
container sensors,
barrier seals, indicativeseal tape, RFID seals
and ber-optic seals. Filled weight is
checked against
empty weight. Does itconform to the size of
the cargo? Does it alladd up?
SecuredTrade
Solutions
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
21/32
Control In the AirSince 9/11, U.S. regulations require greater visibility into shipments. Air carriers handling imports
will have to transmit cargo data four hours before arrival. The solution: Neutral, Web-based portal
brings together shippers. Add to that the precision of bar codes and RFID. Meaning, mastery of
the real-time details: who, what, where and when.
Control at the PortWhats in the box? The ships
captain, Customs, port security
all have complete control
from arrival to departure.
FINGERPRINT READERS:
With a touch, authorizedlongshoremen gain instant,
point-specic access.
21
SecuredBorders
SCANNERS: Handheld scanners
track and verify contents.
Gamma-ray scanners ensureagainst false walls, contraband
and radiological devices.
THE NUMBERS ARE DIZZYING 4000 global
ports 300 U.S. ports of entry processing 400
million people traveling across our borders in
133 million cars. Add to that another 4,000
ports globally, and its easy to see why customs
agents are so stressed.
The good news is, border security has
never had so many toolsglobally integrated
databases merging country databases with
criminal databases like INTERPOL.
For example, with globally integrated
databases and license-plate readers (able to
read the tags on cars traveling up to 60 m.p.h.),
border control agents can know whether the car
is stolen before it hits their station.
But there are other tools as well. Smart
Cards with smart chips contain rich information
on the holdings, and Business Intelligence
validates the credentialing documentation.
Borders and facilities can be better secured
with ID technologies, ranging from intelligent
video to iris or nger vein pattern recognition.
And, because they are built on Service-Oriented
Architecturesindependent of the underlyingtechnologiessystems are future proof. In
other words, easily and inexpensively updated.
Today, the hero of this story is not the
technology, which is now fairly mature. Rather, it
is the ability to integrate these systems, locally,
nationally and globally. The result is positive
identity and secure bordersall translating into
more secure and satised citizens, travelling with
greater condence and ease.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
22/32
FINGERPRINTS
YOURE IN! Facility accessor access to PCs and
other systems. Electronic
keypad collects image and
scans zones against a
known image or database.
The FBI ngerprint
database now holds some
81 million records.
ID CARDSID CARDS SMART EVERYTHING:
Cards can be single-use (drivers
license) or multipurpose (health,
immigration, ATM and more).
National ID cards? Controversial. But
more countries are going that way.
FEATURES: Rainbow printing, micro
letter, holographic overlay, ultraviolet
and more.
PLUS, SMART CHIP: 32K of personal
history, medical, thumbprint
minutiae, color photo.
RETINAL SCANNINGIN THE EYES: Identity based on blood
vessel patterns in the back of the
eyeunique as snowakes. Can be
active (range: 6-14 inches) or passive
(more user-friendly, up to 3 feet). Then
theres iris-on-the-move, scanning theiris while the person is in motion.
MakingCertainMr. JonesReally IsMr. Jones
Technologies that help
verify identities
creating a more secure
environment by linking
each citizen withthe relevant data.
BIOMETRICSPERSON POSITIVE: Automated
authentication through physiological or
behavioral characteristics: ngerprint,
retina, voice, hand geometry, etc. Scans
against a known database.
CITIZEN TRAVEL: Faster travel throughbetter recognition, or even traveler
speed passes. (But only with
voluntary background checks.)
GOVERNMENT FACILITIES: High-security
environments use corroborating checks:
ngerprint, face and more.
HIGH-RISK FACILITIES: Power plants,
reservoirs, drivers of radiological waste.
ONCE, TRUST WAS a known facenolonger. As we travel, faces grow hazy, with
dangerous consequences when we trust
the wrong person.
As The 9/11 Commission Report
observes, Today, a terrorist can defeat the
link to electronic records by tossing away an
old passport and altering slightly the name
in the new one. Fortunately, with biometrics,
this once blurry picture is fast coming into
focus. Another big advantage: Speed. Better
identication means citizens and goodsand
economiesmove more efciently. Today,
around the world, retinal scanning, ngerprint
identication and advanced facial recognition
are protecting key infrastructure.
At the same time, with smart passports
containing digital photos, ngerprints and
chips, Customs and law-enforcement
personnel have the full picture. With powerful
databases, they can see connections
around the world. With biometrics, those
who transport dangerous cargo are in fact
the people authorized. Similar trackingtechnologies mean that elections are fair and
democratic, and that citizens are connected
to government and vital services.
Take MyKad, the digital ID card now
carried by 22 million Malaysians. Consolidating
drivers licenses and identication cards,
this one card can do virtually everything:
bill payment (ePurse), tolls, parking/public
transport, ATM banking, health services and
more. And, Malaysias smart card is moving
citizens through immigration checkpoints.
SecuredIdentity
Solutions
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
23/32
MAKING IT VISIBLEFirst used for critical
military shipments like
blood and munitions, RFID
and GPS technologies are
steadily gaining commercial
acceptance, especially
as they get cheaper. The
payoff: real-time information
improves decision-making.
And reduces the errors and
delays of intermediaries.
PROACTIVETRACKINGTracking is best done by
exceptionfocusing on
problem shipments rather than
routine shipments. Deeper
control, less wasted time.
CONNECTINGTHE PLAYERSShippers, forwarders,
airlines, Customsall
require the same
information. But who
wants to wade through to
multiple sites to nd it?
The future: Neutral portals
for booking and tracking. A
one-stop shop for multiple
carriers.
From Timbuktu
To YouThe heavy freight industry gets seriouslyconnectedwithout the heavy lifting.
NO MODE OF TRANSPORT is rising fasterthan heavy air cargo. But to continue its
ascent, the industryfreight airlines,
forwarders and carriers with belly
spacemust collaborate as never before.
Especially if it is to compete with carriers
offering guaranteed service and real-time
tracking. Yet look at the challenges.
First, the industry needs to embrace
the latest in digital technologyespecially
next-generation Web integration. It
must contend with aging airports and
spaghetti-like legacy networks. And, it
must better manage todays disruptive
givens: terrorism, military action, economic
turbulence, health outbreaks, and more.
Finally, the system needs dynamic decision-
making to better manage assets, capital
and information.
Solution: Create a new virtual
network, with seamless reach, total
control and on-time accountabilitybut
with a key twist. Consider: When asked,
the major shippers will offer real-timepackage tracking. But what if the shipper
wants customized proactive alertsat any
milestone? Say, a beep on your PDA or cell
phone: Shipment confrmed.
With an online portal, customers
nd easy access, competitive
efcienciesand alerts. Edge-to-edge
control, all seamlessly connecting
customers and real-time tracking. On time.
Theirway.
23
SecuredAir Cargo
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
24/32
Solutions
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
25/32
25
Secured InformationCYBER SECURITY: It touches everything the security of
your information, your partners informationand that of
your customers. Thats a lot to potentially go wrong. And, as
the numbers show, disaster potential is real and growing.
But look at the deeper potential costs: Bad publicity
millions lost in reparations lost customers the
demoralization and distraction factor and, nally, a
serious hit to your brand. And why? Because of what
organizations too often leave outend-to-end control.
But improved control yields even larger business
outcomes. It includes improved enterprise performance,
say, with in-transit control and tracking management. It
means better managed operational risk, especially when it
comes to people, security, IT systems, goods and assets.
And it means business optimization through improved
supply chain efciencies and IT systems protection.
Imagine weather prediction without satellite images.
Imagine ight without radar. Thus, to change the cyber
security picture, organizations need control inside and
outside their four walls. In short, to see the full picture of
enterpriseand extra-enterpriserisk.
Connected enterprises are more secure because they
can better grasp the full picture. They can read changing
patterns of risk. They can see interdependenciesthe
gapsbetween them and their extended network. And they
can play outin advancea path through potential risks.
Cyber security: Today, the path is not more locks and
keys. Its the end-to-end connection that helps you secure
your world and better focus your creative energies.
Secured BanksBANKS CAST A LONG SHADOW. Shackled in security,
they are perversely vulnerable to the gaps that phishers
and data poachers are quick to exploit. Blanketed with
accountability, too often they cant be counted in to
manage their own growth. Or keep count of their own
customers. As the analyst Tower Group observes,
A history of tactical cost-cutting and duplicativemaintenance efforts has left nancial services institutions
mired in a maze of barren business operations,
fragmented technologies, redundant controls, and
information integrity issues.
But what about a bank built with end-to end
securitysecurity that allows it to better spot
problems and adapt to changing business and
customer requirements? In other words, what if a bank
not only had better integration, but also the ability
to secure its assets? Today, such security is very
achievableand long overdue.
The secure bank begins by giving people at all levels
from boardroom to the data centera complete digital
map of branches, consumers, corporations, business,
regulators and partners: everything and everyone the bank
touches. Bankers get real insight into which operations
and which customersare really driving prots.
Instead of losing track of its customers, the Secure
Bank has deep insight into the customers changing
needsin real time. And, with a real-time infrastructure,the bank knows what systems it has on line, just as it
can monitor over-or under-capacity, then act to balance
it. Security: With zero-gap protection, the bank can see,
trackand thwartthreats. And, with a hot-spare of
virtual capacity, it can recover systems within 30 minutes.
The Secure Bank sees the true path to change. It
adapts in real time. And it can spotand secure itself
against this ever-moving storm of digital risk. Today, through
next-level security, the banking industry can emerge from its
long shadow. And shine.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
26/32
The 21st CenturyOrganizationBy creating a digital model of a
process, organizations can see
how one layer of the business
affects another. The payoff:
quick, well-formed insights
into unfolding events.
FROM CHALLENGE COMES OPPORTUNITY
and those who best innovate in times of
struggle win. Too often innovation, however,
has focused on the what -- the latest and
greatest gadget. While perhaps successful
in solving a very specic challenge, point-
solutions are at best inefcient, and at worst
they create a whole new set of challenges,
the least of which being their expense.
What is required is innovation of the
how. And often it is the elegantly simple,
unied approach that best strikes the
delicate balance between competing forces:
between agility and assurance, between
physical and data, between old and new,
between security and innovation.
An elegant, unied approach means
less complexity from one-off point solutions,
yet more agility and control. Less loss from
counterfeiting, spoilage, and fraud, moreoperating continuity & performance. Less
restriction of end-user technology choice
and social networking, more empowerment
and employee satisfaction. Less risk,
more protection, trust, and assurance.
Less compromise, more value and success.
Less fear, more freedom.
STRATEGY MAP
The layer where the
business vision and
operations model is
established. Also,
where economic
value, security,
partner interaction
and standards
adherence are
determined.
PROCESS MAPThe layer where thevision is carried into
core operations.
Deals with virtually
every process that
touches the identify/
track/ trace/protect
framework. Example:
Supply chain.
APPLICATIONSMAPThe layer where data
is analyzed to assess
opportunities and
threats. Also where
modeling is done based
on data captured from
RFID devices, readers,
sensors, bar codes
and other tracking
technologies.
INFRASTRUCTUREMAPThe layer that provides
a road map to eliminate
redundancy, leverage
functionality and identify
how to best implement
your technology
investment in devices.
SecuredEnterprise
Solutions
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
27/32
27
Our Portfolio
UNISYS. SECURITY UNIFIED
At Unisys, we assess, design, develop,
and manage mission-critical solutions
that secure resources and critical
infrastructure for governments and
businesses. Our approach unies
resource and infrastructure security,
creating the most effective and efcient
security environment possible and
freeing our client to focus on best
serving its citizens and customers.
Our people security solutionsidentify, credential, verify, and prole
citizens, travelers, and employees,
for both physical and digital facilities.
Our asset security suite of
solutions allow you to track and trace
goods, physical and nancial products,
and data, both in motion and at rest.
Our critical infrastructure security
solutions for facilities, borders, and
networks -- save life, property, and
forensic evidence, and restore life to
normal after natural or man-made attack.
And our advisory and analysis suite
of services provide a strategic security
roadmap and a real-time, predictive
risk intelligence solution.
All of our security solutions
deter, protect, and defend against
tampering, fraud & attack at all points
of vulnerability. They consistently and
fully enforce a customers policies,
mandates, and regulations. They
increase organizational clock speed,
self learn, and ultimately reduce cost
and avoid loss.
We have an extensive heritage
working with defense, security, and law
enforcement agencies, particularly inmission-critical operations, which places
security at the core of all that we do.
For example, the U.S. Army needed to
know the exact location and contents of
thousands of containers and air pallets
of cargo in transit per day for military
personnel across 1,500 nodes in 25
countries. Unisys implemented a unied
4m+ RFID tag solution that provides the
Army with instant access to equipment
and supply information. It has increased
productivity, improved war ghter safety,
and reduced costs.
We have created industry-
transforming systems where information
is unied, intelligently and securely
shared amongst partners. For example,
the Government of Malaysia wished
to provide a single citizen ID card,
consolidating drivers license, bill
payment, tolls, parking/public transport,
ATM banking and health services. Unisys
brought to them a unied solution that
utilizes a state-of-the-art MyKad (My
Card) -- a secure multipurpose smartcard
for all citizens over 12. Now Malaysias
23 million citizens get faster service and
better information privacy, plus economic
activity increased.
We unify the how. We integratesecurity domains, employ an aligned
methodology, develop and reuse linked
models, and share a common desire
with our clients to allay their customers
fears. For example, Chiles Santiago
airport must securely process 3 million
people per year. Unisys delivered a
unied solution that identies travelers
via passport readers and facial and
ngerprint recognition and automatically
evaluate against watch lists supplied by
Interpol and local police agencies.
For us, its not just about security;
its what security enables our clients to
do. When you are secure, you are in
control. You are efcient and effective.
Your citizens and customers trust and
value you. You are fearless. You win.
Complementary Unisys offerings.
Unisys Application Modernization and Outsourcing
makes operations more agile, secure and efcient
while lowering overall costs. Our approach
leveraging over 1,400 unique, pre-built application
and process models and grounded in our 30 years
of experience and leadership in mission critical
and open technology -- delivers faster, cheaper
and with the least risk of disruption to our clients.
Unisys End-User Outsourcing provides anywhere,
anytime, one-call support that increases user
satisfaction while driving down support costs.
We leverage the combination of our global
ITIL-based Resolution Optimization Model
and network of 31 ITO Operations Centers
with 6,000-person strong eld force to deliver
measurable cost reductions, improved satisfaction
levels and faster time to incident resolution.
Unisys Data Center Transformation and Outsourcing
leverages our long heritage of expertise in the
data center. Combined with our independentthinking, innovative infrastructure and sourcing
capabilities, Unisys delivers data center solutions
that are more secure, more productive, and more
reliable while decreasing operating and capital
costs and increasing business performance.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
28/32
Your walls. Their walls, inside and outside.
In an era of rising threats, your perimeter is
ever-expanding. Andunless you get the full
picturepotentially riddled with dangerous gaps.
Winning today begins by acknowledging the
changed risk equation. In a connected world, when
things go wrong, they will go wrong faster than ever.
A converging world
needs the seamlessnessof converged security.
Conclusion
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
29/32
29
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
30/32
Moreover, the system effectslike that of a power
grid crashingwill be faster and more far-reaching
and far more opaque, as the subprime crisis so
clearly shows.
Fortunately, thanks to converged security, just
as the world has grown larger and more chaotic,
improved integration technologies and clear
standards make the necessary integration a more
predictable and less costly process. At the same
time, converged security means your organization
can easily integrate a host of stable and mature
security technologies: iris scanners, license plate
readers, RFID and more. And we integrate it with
platforms and systems that you already have.
The result is a powerful merging of two, once-
separate realms: your IT systems with your physical
assetsthe whole enchilada. The result is a truly
enterprise-level ability to protect people and data,places, and things. Further, by using the latest in
open-source technologies, systems can be future-
proofed against the next generation of change.
Physical Security, IT SecurityConverged
Again, the most obvious difference here is
an all-new level of integration. The less obvious
Conclusion
more on paying risks, as opposed to thankless
risks, like phishers and hackers.
A System That Can Secure Itself
The result is a system that can secure itself
against theft and counterfeiting, or fend off electronic
attackers. Or send instant alerts, say, when a hard
drive has been damaged or compromised, or medicinehas been subjected to too much heat or vibration.
After all, if we can sift and test the soil on Mars, surely
we can know the facts vital to our products, fortunes
and reputations. Or, for that matter, with whom we are
really communicating.
Today, converged organizations deliver exceptional
performance and exceptional control over costs. And
they have an inherent capacity to manage risk, all while
delivering the enhanced productivity and efciency
and the ability to innovatethat delivers true growthand reward in the marketplace.
An always-on world needs always-on security.
And now that day is here. Today, the two once-
separate worlds of physical security and IT are
converging. One system. One comprehensive view
of physical and digital reality. One secure path to
innovation. All under total controlyourcontrol.
difference is an organization with the clarity and
control to collaborateand innovatewith much
higher condence, and thus a much greater degree ofsuccess. In both the public and private sectors, the
benets are as powerful as they are wide-ranging.
To be sure, bad things will happen, as they always
do. The difference is, far fewer will snowball and wreak
havoc. Why? Because organizations have the real-time
ability to sense and respond, whether to competitive
change or actual threats. Meaning, you can focus
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
31/32
31
Specications are subject to change without notice. 2008 Unisys Corporation. All rights
reserved. Unisys is a registered trademark of Unisys Corporation. All other brands and
products referenced herein are acknowledged to be trademarks or registered trademarks
of their respective holders. Printed in United States of America. October 2008.
This book was illustrated and designed by Splashlight.
-
8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations
32/32