Wednesday 2 December 2015

#1 - World Cyber Security Order

World Cyber Security Order. 세계 사이버보안 질서.

"국제금융질서"[1]  
"세계경제질서"
"세계무역질서"
"세계질서"[2]

역사적으로 과거부터 현재까지, 카오스(혼돈)에서 시작하여 지속적으로 질서있는 형태로 변화하고, 다시 그 질서가 붕괴되면서 카오스로 돌아가는 현상이 반복되고 있다.

그리고 카오스에서 벗어나 질서가 형성될 때 보다 안정적인 Society가 이뤄졌다. 전세계적으로 모든 영역에서 각 국가/조직들이 자신들의 주도로 새로운 질서를 구축하고자 하는 노력이 일어나고 있다.

사이버보안(Cyber Security)은 점차적으로 중요해지고 있으며, 앞으로 금융, 경제, 무역에 버금갈 규모로 중요해질 영역이기에, 여기에서도 질서가 필요해지고 있다. 
사이버시큐리티가 중요해지는 이유로는 다음과 같은 fact가 있기 때문이다.

  • Cyber는 비즈니스 리스크에서 가장 큰 우선순위로 측정되었다. (Global Risk Survey)[3]
  • 매우 빈번히 대량의 사이버 사고가 금융[4], 유통[5], 엔터테인먼트[6], 헬스케어[7], 정부[8][9]에서 발생하고 있다. 
  • 사이버보안은 이제 최고 경영진, 최고위층의 이슈가 되고 있다.[10]
  • 가트너는 2020년까지 사이버 서비스 시장의 규모를 US$71 billion으로 예상하고 있다. 

여기에는 국제사이버보안 질서와 관련하여 현재 동향과 미래 전망에 대해 하나씩 조그마하게 알아보는 과정을 담을 것이다.

나와 비슷한 생각을 이미 하고 있는 사람들이 있는지, 국내에서도[11], UN에서도 사이버보안 국제질서와 관련하여 논의를 본격화 하고 있다고 한다.[12]

사이버시큐리티의 국제질서를 살펴보기 위해서 중요한 것은 Key Player들에 대한 조사와 동향흐름이다. Key Player 들은 개인이 될 수도 있고, 민간 기업이 될 수도 있고, 국가가 될 수도 있다. 그리고 한국이라는 하나의 국가는 자그마한 조사 영역이 될 수 있고, 나아가 아시아 지역, 그리고 전세계 지역으로 살펴볼 필요가 있다.

한국의 상황에 대해서는 기본적으로 알고 있다보니, 전세계 사이버시큐리티 영역에 중대한 영향을 끼치는 Giant Players에 대해 살펴볼 예정이다. 내용은 지속적으로 수정/보완이 될 예정이다.

먼저 Private Sector를 살펴보자. Private Sector에서는 전세계 사이버시큐리티 marker의 key players들에 대해 살펴보면 될 것이다.

가트너에서 발표한, 전세계 시큐리티 컨설팅 Market Share Report에 따르면[13], Deloitte가 전세계 1위(3년 연속)라고 발표했다.[14] 그리고, 2위, 3위, 4위, 5위는 각각 IBM, EY, PwC, KPMG라고 발표했다.[15]

그럼 1위부터 5위까지 회사에 대한 가트너 보고서의 요약내용을 살펴보자.

Deloitte
Deloitte is the largest consulting firm in the world, and the largest provider of information security consulting services (see "Market Share: IT Services, 2014" for Gartner's consulting estimates). Deloitte's information security consulting grew by 7.7% in 2014, and its corresponding revenue rose from $2.1 billion to $2.3 billion. Deloitte continues to fortify its security services. It has created a new service offering, the Deloitte Center for Crisis Management, to serve its security and risk clients better. It has subsequently enhanced this by acquiring Urgentis Digital Crisis Solutions. Deloitte has an advantage in that it can use an expansive network of client roles (such as internal controllers, CFOs and CROs) derived from its assurance, forensic, strategy and risk management practices. To complement its information security offerings, Deloitte's Highly Immersive Visual Environments (HIVEs) and Greenhouses have also grown organically worldwide to incubate ideas for its clients and to drive sales in risk and security analytics areas.

딜로이트는 전세계에서 가장 큰 컨설팅 펌이며, 정보보안 컨설팅 서비스 영역에서도 가장 크다. 정보보안 컨설팅 매출은 글로벌 기준으로 $2.3 billion(한국돈으로 2조 6760억원, 환율 1163원 기준, 2015년 12월 2일)

IBM
IBM is ranked second in the information security consulting service market, with estimated revenue of $1.3 billion in 2013 and $1.8 billion in 2014. Across the company, IBM's IT Services reported growth of 2.1%. Security consulting services had estimated growth of 39%. IBM's growth is driven by its significant information security consulting practice, which aims to provide a balance between technology and business consulting for information security engagements. Its growth in 2014 was attributed to an increase in demand for services in strategy, risk and compliance and security intelligence, as well as the need to build SOC operations. Its acquisition of Lighthouse Security Group also enabled IBM to grow its IAM services.

EY
Gartner estimates EY as the world's third-largest information security consulting company. Its information security consulting revenue grew from $1.5 billion in 2013 to $1.7 billion in 2014, a 14.3% growth rate. EY's growth is driven by its strength in risk management and its strong relationships from its finance and accounting practices. These include its assurance and endpoint forensic practices, which address information data owners' concerns about the risks and challenges of information security. EY has combined its risk assurance and risk management capabilities (which include its security resources) into a single practice. As well as offering threat and vulnerability assessment services and traditional security services, EY has also increased its SOCs and Advanced Security Centers (ASCs) worldwide. It has also developed a fraud and forensic analytics solution using IBM Infosphere BigInsights. This includes its forensics data analytics (FDA) practice used across various industries and social media.

PwC
PwC is the fourth-largest technology service provider in the information security consulting market, growing from $1.4 billion in 2013 to $1.5 billion in 2014, a growth rate of 6.9%. Like its accounting peers, PwC's growth comes from its strong business risk management capabilities, which enhance its pre-emptive information security capabilities. In addition, PwC's assurance heritage has enabled it to use its risk assurance and endpoint forensic practices through firm relationships with financial controllers, CROs and CFOs. These executives, like CISOs, face information data security challenges. Its acquisition of Minnesota Privacy Consultants in 2014 enhanced its expertise in privacy, especially in the areas of healthcare, cloud computing and complying with European privacy-protection laws.

KPMG
Gartner estimates KPMG as the world's fifth-largest information security consulting company. Its revenue grew from an estimated $1.2 billion in 2013 to $1.3 billion in 2014, a growth rate of 7.6%. Like some of its accounting peers, KPMG's growth comes from a combination of two factors. First is its ability to address both risk management and information security challenges at the enterprise level, capitalizing on its assurance and endpoint forensic practices. Second is its influence with top functional leaders (such as internal controllers and CROs) in client organizations. KPMG acquired I-4 in 2009 and leads a group of security leaders that share ideas and thoughts on the current and future challenges in security and risk management operations. In addition, KPMG also has another network of leaders, called the Security Leadership Network, which looks into cyber security issues and experiences. KPMG has been building up its security consulting capabilities via its acquisitions of Qubera, P3 and Trusteq Oy. Its funding engine, KPMG Capital, enables it to have a global, focused strategy for investing in growth initiatives that include security and risk management.

다음 글에서는 Deloitte의 Cyber Security Services에 대해 상세히 다뤄볼 것이다.

참고사이트
[1]국제금융질서와 G20, http://jungbyungkee.net/internationalrelation/internationaleconomy/%EA%B5%AD%EC%A0%9C%EA%B8%88%EC%9C%B5%EC%A7%88%EC%84%9C%EC%99%80%20G20.pdf
[2]헨리 키신저: 새로운 세계질서를 말하다, http://kr.wsj.com/posts/2014/09/01/%ED%97%A8%EB%A6%AC-%ED%82%A4%EC%8B%A0%EC%A0%80-%EC%83%88%EB%A1%9C%EC%9A%B4-%EC%84%B8%EA%B3%84%EC%A7%88%EC%84%9C%EB%A5%BC-%EB%A7%90%ED%95%98%EB%8B%A4/

[3]http://www2.deloitte.com/us/en/pages/governance-risk-and-compliance/articles/reputation-at-risk.html
[4]http://www.theatlantic.com/business/archive/2014/10/why-the-jp-morgan-data-breach-is-like-no-other/381098/

[5]http://www.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571
[6]https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
[7]http://www.forbes.com/sites/danmunro/2014/12/21/the-top-u-s-healthcare-story-for-2014-cybersecurity/
[8]http://www.wsj.com/articles/irs-says-cyberattacks-more-extensive-than-previously-reported-1439834639
[9]http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
[10]https://iapp.org/news/a/cybersecurity-in-the-boardroom-the-new-reality-for-directors/
[11]국가보안기술연구소 채용 모집 요건 중, 국제 사이버보안 질서 확립 방안 연구, http://www.boan24.com/bbs/list.html?table=bbs_11&idxno=146&page=6&total=121&sc_area=&sc_word=
[12] UN에서의 사이버보안 국제질서 논의 본격화, http://isis.nic.or.kr/mobile/ebook/2015/ebook_2015_5.pdf
국제정보안보행동수칙, https://ccdcoe.org/sites/default/files/documents/UN-150113-CodeOfConduct.pdf
[13]https://www.gartner.com/doc/3019226/market-share-security-consulting-services
[14]http://www2.deloitte.com/cy/en/pages/about-deloitte/articles/deloitte-ranked1-security-consulting-gartner.html
[15] http://www.gartner.com/technology/reprints.do?id=1-2E9NX2X&ct=150430&st=sb

No comments: