Denver Software Club - PowerPoint PPT Presentation

1 / 54
About This Presentation
Title:

Denver Software Club

Description:

... SEGA, Sony, Symbian, Tata Infotech, Vtech Communications ltd, Ubisoft, Yahoo! ... German legislation does not address specific technical security measures. ... – PowerPoint PPT presentation

Number of Views:237
Avg rating:3.0/5.0
Slides: 55
Provided by: fae7
Category:
Tags: club | denver | german | mail | software | yahoo

less

Transcript and Presenter's Notes

Title: Denver Software Club


1
Denver Software Club
  • Rob McNeill
  • Philip Haleen
  • John Enstone
  • May 9, 2007

2
(No Transcript)
3
  • Market Entry into the UK
  • Rob McNeill
  • Vice Consul (Trade Investment)
  • British Consulate-General Chicago

4
Overview
  • UK Software Market
  • UK Market Opportunities
  • IT Hotspots in the UK
  • Methods of Entry into the UK

5
UK Software Market
  • UK Enterprise Products Services market is
    largest in the EU
  • IT professional services around 33Bpa, growing
    at 1.75Bpa
  • Computer hardware Office equipment around
    23Bpa, growing by 550Mpa
  • Support software products over 12Bpa, growing
    950Mpa
  • IT support services around 12Bpa, growing at
    550Mpa
  • Application software products over 9.5Bpa,
    growing at 680Mpa
  • 120,000 firms employing over 500,000 staff
  • All the worlds major software firms are in UK
  • Accenture, EDS, Google, IBM, Infosys, Microsoft,
    Oracle, Tata
  • UK firms include Asidua, Autonomy, Capita, Lagan
    Technologies, LogicaCMG, Misys, nCipher,
    Northgate, RM, Sage
  • UK-based software businesses invest nearly 1.4
    billion pa in RD

6
UK Software Market
  • Government invests heavily in IT systems
  • E-Government
  • NHS spending around 40B on new IT systems over
    10 years
  • Home Office - National Identity Card programme
  • Transport for London - Congestion Charging and
    Oyster card
  • Many other government contracts, especially in
    shared services area
  • Universities share over 340 million of software
    research funding
  • Especially Southampton, Edinburgh, Nottingham,
    Newcastle, Imperial, Surrey, Bath, Oxford, UCL,
    Cambridge, Manchester, and Warwick
  • Knowledge Transfer Networks
  • Cyber Security, Displays, GRID Computing

7
UK Market Opportunities
  • Software Market
  • Customer Relationship Management (CRM)
  • Business Intelligence (BI)
  • Enterprise Resource Planning (ERP)
  • Compliance Solutions
  • Finance Sector
  • Multinationals
  • Software as a Service (SaaS)

8
Strong Vertical Marketsfor IT
  • Aerospace major roles in civil and military
    projects
  • Airbus, Joint Strike Fighter, and helicopters
  • Automotive UK still manufactures over 600,000
    cars pa
  • Major investments by BMW, Honda, Nissan, Toyota
    less by Ford and GM
  • Financial Services
  • London becoming global 1 in financial services
  • Healthcare NHS has worlds largest civilian IT
    project
  • 10B development project with further 20B
    implementation
  • Pharmaceuticals World leading pharmaceutical
    players
  • Astra Zeneca, GSK, Pfizer etc research and
    manufacture in UK
  • Retail Worlds leading on-line retailer
  • Tesco, Sainsbury, Marks Spencer ..
  • Security 2nd largest market in Europe for IT
    Security
  • UK leads international security standards
    initiatives
  • Transportation London tackling public transport
  • Largest smartcard project in Europe (Oystercard)
    now has 4M daily users

9
IT Hot Spots in the UK
10
East of England IT Overview
  • Scale
  • 14,500 IT/Telecomms companies employing 300,000
    staff
  • Key Vertical markets/clusters
  • Aero, Auto, Biotech, Financial Business
    Services, Food Drink, Energy, Film Media
  • Regional Business Clusters
  • Cambridge, Chelmsford, Ipswich, Norwich, South
    Hertfordshire
  • Key IT/Digital Media firms
  • 3Com, ANT, ARM, Accelrys, Autonomy, BT, CCL,
    Citrix Systems, Convergys, CSR, Domino Printing
    Sciences, Elstree Studios, Microsoft, Nortel, PA
    Technology, Philips, Pointsec, Sagentia, Short
    Fuze, Symbian, T-Mobile, TTP, Wanadoo, Xaar, Zeus

11
East of England IT Overview
  • Key Universities
  • Cambridge, Essex, Hertfordshire
  • IT/Digital Media Strengths
  • Low power Mixed-mode chip design, Wireless
    technology, Communications, Photonics, Displays,
    Internet Security, GIS, Speech Recognition,
    Virtual Reality, Database management, e-business,
    Engineering, Healthcare, Banking Insurance,
    Inkjet
  • Key Enterprise Zones, Science Parks, and
    Incubators
  • Capability Green, Woodside, Luton Hertfordshire
    BIC
  • Cambridge Business Park Cambridge Science Park
    St Johns Innovation Centre
  • Key Agencies / Networks
  • East of England International Cambridge Network,
    Cambridge Wireless, CETC, CHASE, EMMA

12
London IT Overview
  • Scale
  • IT/Telecomms sector is the largest in Europe with
    22,600 companies
  • 19 of 25 software and services suppliers have
    their HQs in London
  • Key Vertical Markets/Clusters
  • Financial, Business, Life sciences,
    Environmental, Creative Industries, Government,
    Aerospace, Hospitality
  • Key IT/Telecomms Firms
  • Amstrad, Atos Origin, BT, Bloomberg, CSC, EDS,
    EiDOS, France Telecom, Glu, IBM, Infosys,
    Infogrammes/Atari, I Play, Fujitsu, Konami,
    LogicaCMG, Microsoft, Oracle, Fujitsu, Samsung,
    SAP, SCI, SEGA, Sony, Symbian, Tata Infotech,
    Vtech Communications ltd, Ubisoft, Yahoo!

13
London IT Overview
  • Key Universities
  • Imperial College of Science, Technology and
    Medicine, Birkbeck College, Goldsmiths College,
    Queen Mary College, University College
  • IT/Digital Media Strengths
  • Software, Business Financial Services,
    Hardware, Creative and Digital Media, Telecoms,
    Internet services, Mobile telephony
  • Key Enterprise Zones, Science Parks, and
    Incubators
  • The Thames Gateway Technology Centre Innova
    Science Park
  • Brunel Science Park South Bank Technopark
  • Key Agencies / Networks
  • BCS, IET, Intellect, London Technology Network
    (LTN), New Media Knowledge

14
South East IT Overview
  • Scale
  • 30,000 IT/Telecomms companies in the region
    185,000 people employed
  • Key Vertical Markets/Clusters
  • Aerospace, Built Environment, Marine, Health/Life
    Sciences, Environmental Technologies, Digital
    Content
  • Regional Business Clusters
  • Brighton, Guildford, Oxford
  • Key IT/Digital Media Firms
  • Babel Media, Climax, Dell, Electronic Arts, Epic,
    Ericsson, Fujitsu, Hitachi Data Systems,
    Hutchinson 3G, Kuju, LG Electronics, Lionhead
    Studios, Microsoft, Mobisphere, Motorola, Nokia,
    Oracle, O2, Panasonic, Philips, Pinewood Film
    Studios, Rebellion, Sage, Shepperton Film
    Studios, Siemens, Virgin Media, Vodafone

15
South East IT Overview
  • Key Universities
  • Oxford, Southampton, Kent, Sussex, Surrey,
    Reading
  • IT/Digital Media Strengths
  • Software, Information Security, Hardware,
    Creative and Digital Media (inc Film), Computer
    Games Development, Opto-electronics,
    Telecommunications, 3G Comms, Satellite
    Communications, Publishing
  • Key Enterprise Zones, Science Parks, and
    Incubators
  • Science Parks in Oxford, Surrey and Southampton
    22 Enterprise Hubs
  • Key Agencies / Networks
  • SE Media Network Wired Sussex mVCE Royal
    Holloway Security Group, Screen South

16
Methods of Entry into the UK
  • Distributors and Sales Agents
  • Partnerships
  • Sales Office
  • Research Development Facility

17
Distributors Sales Agents
  • Often the first point of entry into a foreign
    market
  • Done right can present the lowest risk with a
    minimal financial outlay
  • Important to ensure distributor/agent meets your
    needs

18
Distributors Sales Agents
  • Support from the US Export Assistance Center
  • Identify Distributors and Sales Agents in the UK
    through the work of the US Embassy in London
  • Local contact
  • Suzette Nickle
  • Senior International Trade Specialist
  • suzette.nickle_at_mail.doc.gov
  • Tel (303) 844-6623 ext 16
  • www.buyusa.gov

19
Partnerships
  • Collaborative Partnerships with a like minded UK
    company
  • Sales focussed or RD focussed
  • Relatively inexpensive
  • Results depend on resources allocated to
    selection of partner and maintaining partnership

20
Partnerships
  • Global Partnerships Program run by UKTI
  • RD focused matchmaking program
  • Typical report identifies 10-20 potential
    partners
  • Free to US qualifying US companies

21
Sales Office
  • Typically companys first physical presence in UK
  • Company employees on the ground in the UK
  • Transfer US staff to UK or hire locally
  • More control over direction company and product
    line is taking in the UK
  • Relatively easy to establish
  • UK as a Gateway to Europe

22
Research Development Facility
  • UK-based software businesses invest nearly 1.4
    billion pa in RD
  • Government continuing to develop tax credits for
    companies investing in RD in the UK
  • Access to large talent pool of qualified
    graduates and highly skilled software engineers
  • Links with UK Universities and Research
    Institutes
  • All the worlds major software firms are in UK
  • Accenture, EDS, Google, IBM, Infosys, Microsoft,
    Oracle, Tata
  • UK firms include Asidua, Autonomy, Capita, Lagan
    Technologies, LogicaCMG, Misys, nCipher,
    Northgate, RM, Sage

23
Help from UK Trade Investment
  • Comparative research across UK and Europe
  • Identify suitable locations in the UK
  • Registering as a company
  • Employment law
  • Taxation advice
  • Resolve visa issues
  • Legal, Accounting Banking Introductions

24
Funding Options
  • Government Funds
  • Financial Incentives
  • RD Tax Credits
  • Training Grants
  • Venture Capital
  • Alternative Investment Market (AIM)

25
  • Rob McNeill
  • Vice Consul (Trade Investment)
  • British Consulate-General Chicago
  • Tel (312) 970-3844
  • Rob.McNeill_at_fco.gov.uk

26
Best PracticesConfidentiality and Data Protection
  • Philip Haleen
  • Faegre Benson LLP
  • Frankfurt

27
Setting the Stage
  • Of the various consequences of the Internet Age,
    one area of particular interest is the impact of
    the computer and the Internet on issues of
    CONFIDENTIALITY.
  • The computer and the increased storage
    capabilities available have enabled vast amounts
    of data to be accumulated, stored and transmitted
    electronically. These new technological
    capabilities have not yet fully found their legal
    or contractual response in the business world.

28
Traditional Approaches to Confidentiality
  • Confidentiality agreements are signed with
    employees and third party vendors
  • Access controls to business premises or sensitive
    areas within those premises are initiated and,
  • In the transactional setting, a standard
    boilerplate confidentiality clause is included.
    Such clause can be as simple as

29
Traditional Approaches to Confidentiality
  • The Parties agree to keep confidential all
    information constituting trade secrets of the
    other party known to it and will not disclose
    such information, directly or indirectly, to any
    third party. The foregoing obligations of
    confidentiality shall not apply to confidential
    information, which was or is lawfully obtained by
    a Party from other sources, which was or is or
    becomes generally available to the public, which
    ceases to be a trade secret, or which is required
    to be disclosed to a competent tribunal or
    government agency or other regulatory body.
  • Note Focus is on deterrence through threat of
    liability rather than prevention.

30
Traditional Approaches to Confidentiality
  • In the Internet Age, can these traditional
    measures still be adequate to assure an adequate
    level of confidentiality?
  • Simply put More data is available and is more
    easily accessed, copied and transmitted over
    computer networks than was ever possible before.
  • What then does this mean for efforts to protect
    the confidentiality of such data?

31
The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
  • A good place to turn for comparison purposes
  • However, the EU Data Protection Rules only apply
    as to personal data.
  • Personal data is data on individuals that can
    serve to identify a particular individual.
  • Should not the same principles apply with to
    business data, especially in the context of
    outsourcing?

32
The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
  • Section VIII, Confidentiality and Security of
    Processing
  • (Articles 16 and 17)
  • The Directive obligated Member States to
    transpose the following requirements into their
    respective national laws
  • Article 16
  • Confidentiality of processing
  • Any person acting under the authority of the
    controller or of the processor, including the
    processor himself, who has access to personal
    data must not process them except on instructions
    from the controller, unless he is required to do
    so by law.

33
The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
  • Section VIII, Confidentiality and Security of
    Processing
  • Articles 17
  • Security of processing
  • Member States shall provide that the controller
    must implement appropriate technical and
    organizational measures to protect personal data
    against accidental or unlawful destruction or
    accidental loss, alteration, unauthorized
    disclosure or access, in particular where the
    processing involves the transmission of data over
    a network, and against all other unlawful forms
    of processing.
  • Having regard to the state of the art and the
    cost of their implementation, such measures shall
    ensure a level of security appropriate to the
    risks represented by the processing and the
    nature of the data to be protected.

34
The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
  • Section VIII, Confidentiality and Security of
    Processing
  • Articles 17, Security of processing (continued)
  • The Member States shall provide that the
    controller must, where processing is carried out
    on his behalf, choose a processor providing
    sufficient guarantees in respect of the technical
    security measures and organizational measures
    governing the processing to be carried out, and
    must ensure compliance with those measures.

35
The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
  • Section VIII, Confidentiality and Security of
    Processing
  • Articles 17, Security of processing (continued)
  • The carrying out of processing by way of a
    processor must be governed by a contract or legal
    act binding the processor to the controller and
    stipulating in particular that
  • The processor shall act only on instructions from
    the controller,
  • The obligations set out in paragraph 1, as
    defined by the law of the Member State in which
    the processor is established, shall also be
    incumbent on the processor.
  • For the purposes of keeping proof, the parts of
    the contract or the legal act relating to data
    protection and the requirements relating to the
    measures referred to in paragraph 1 shall be in
    writing or in another equivalent form.

36
The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
  • Note
  • The controller not only must fulfill the
    requirements itself (Article 17(1)) but also
  • The controller must require from any third party
    processor that it provides sufficient guarantees
    in respect of the required technical security and
    organizational measures and ensure compliance of
    the processor with those measures. (Article
    17(2)) and finally
  • The agreement between the controller and
    processor must be governed by contract and the
    provisions relating to these measures must be in
    writing (Article 17(3) and (4)).

37
Data Protection Law in the European Union
(Organizational Measures)
  • What are these appropriate organizational and
    technical measures that must be implemented
    pursuant to Article 17(1)?
  • Specifically, under the transposed data
    protection rules in Germany (from the Annex), the
    organizational measures are to be designed
  • To prevent unauthorized persons from gaining
    access to data processing systems with which the
    confidential information is processed (entry
    control)
  • To prevent data processing systems from being
    used by unauthorized persons (user control)

38
Data Protection Law in the European Union
(Organizational Measures)
  • To ensure that persons entitled to sue a data
    processing system have access only to the data to
    which they have a right of access and that the
    confidential information cannot be read, copied,
    modified or deleted by unauthorized persons
    (access control)
  • To ensure that the confidential information
    cannot be read, copied, modified or deleted when
    they are transferred electronically or
    transported, and that the confidential
    information can only be reviewed and verified, at
    which point or stage of the process a transfer of
    the confidential information by data transmission
    facilities is foreseen (communication control)

39
Data Protection Law in the European Union
(Organizational Measures)
  • To ensure that it is possible to check and
    establish, after an input, which confidential
    information has been input, modified or deleted
    in data processing systems by whom and at what
    time (input control)
  • To ensure that, in the case of commissioned
    processing of the confidential information, the
    confidential information is processed strictly in
    accordance with the instructions of the principal
    (outsourcing control)

40
Data Protection Law in the European Union
(Organizational Measures)
  • To prevent unauthorized input into the memory and
    the unauthorized examination, modification or
    erasure of stored confidential information
    (memory control)
  • To ensure that the confidential information that
    is collected for different purposes is processed
    separately (which I would describe as integrity
    control).

41
Data Protection Law in the European Union
(Technical Security Measures)
  • German legislation does not address specific
    technical security measures.
  • The legal literature suggests a company will need
    to ensure of itself and of its third party
    vendors that information systems are not
    installed/used in a manner
  • Which could provide the opportunity to create
    unauthorized links to other systems,
  • Thereby allowing the ability to bypass
    authentication mechanisms,
  • Circumvent data access control procedures, or
  • Otherwise jeopardize the security of the
    companys computer systems.

42
Data Protection Law in the European Union
(Technical Security Measures)
  • There must be notification procedures
  • Actual or suspected instances of information
    asset theft or abuse, as well as
  • Potential threats (e.g. hackers, viruses, fire
    etc.) or
  • Obvious control weakness affecting security, are
    to be reported immediately to IT security
    personnel at the company.

43
Data Protection Law in the European Union
(Technical Security Measures)
  • Further policies, procedures/guidelines to
    enhance technical security would
  • Protect all information technology resources
    (e.g. computers, communications, software etc.)
    from theft, tampering, misuse, malicious software
    (e.g. viruses, hackers etc.), destruction and
    loss.
  • Ensure that all individuals who come in contact
    with the confidential information have completed
    the appropriate written confidentiality,
    nondisclosure and policy compliance documents.

44
Data Protection Law in the European Union
(Technical Security Measures)
  • Ensure individual and organizational
    accountability for the use and protection of
    information systems, through the assignment of
    unique identification codes and authentication
    procedures (e.g. respectively user ids and
    system passwords).
  • Prohibit the sharing and other unauthorized
    disclosures of passwords and other confidential
    system access controls through areas such as dial
    up or system passwords.

45
Data Protection Law in the European Union
(Technical Security Measures)
  • Ensure supplemental user authentication processes
    and access controls for individuals entering the
    systems through dialup, Internet or other
    communications.
  • Provide prompt notification to system/security
    administrators of changes in status (e.g.
    transfers, terminations) of employees,
    contractors, clients, or other users that
    could/will affect their access privileges.

46
Data Protection Law in the European Union
(Technical Security Measures)
  • Control access to confidential information based
    on criteria defined by the company. The level of
    default protection for all proprietary
    information, including software, must allow no
    access unless specifically authorized.
  • Apply additional controls to ensure the proper
    protection and use of security software features
    (e.g. security administration commands) to
    prevent unauthorized bypassing of implemented
    security procedures.

47
Data Protection Law in the European Union
(Technical Security Measures)
  • Produce, review, follow-up and retain audit
    trails of all security relevant logs, data access
    and administration events for ALL systems that
    process the confidential information.
  • Regularly perform self-assessments and audits to
    detect security vulnerabilities and
    non-compliance to the companys security
    policy(s) and policy derivatives.

48
Data Protection Law in the European Union
(Technical Security Measures)
  • Define and apply appropriate procedures for the
    use of cryptography (encryption/decryption) where
    it is deemed information may be sensitive or
    business critical (e.g. Laptops, Dial-in). This
    must include systems that store such information
    with limited physical protection (e.g.
    desktops).
  • Ensure that all information technology is
    procured and/or designed with security control
    features that include
  • User identification
  • Authentication
  • Data and software access authorization
  • System integrity protection and ability to audit
    use.

49
Data Protection Law in the European Union
(Technical Security Measures)
  • Apply appropriate authorization, copy protection
    and non-disclosure controls for all confidential
    information, released to third party entities.
  • Maintain, test and update business continuation
    plans and procedures (e.g. backup, disaster
    recovery), to ensure continued availability of
    systems resources, particularly business critical
    systems.

50
Data Protection Law in the European Union
(Technical Security Measures)
  • Define and apply all information retention
    procedures that are necessary to satisfy all
    internal and external requirements, including
    notification requirements for security breaches
    and loss of personal data under local law.
  • Properly erase, shred or otherwise dispose of
    information that is no longer needed.

51
Best Practices, Confidentiality and Data
Protection
  • Conclusion
  • EU data protection rules only apply in the EU,
    and only as to personal data.
  • Will not global companies will start to demand
    the same or similar confidentiality standards for
    its business data?
  • IT departments and software vendors will need to
    provide the software and system solutions
    necessary to meet these legal and business
    obligations for enhanced protection of personal
    and sensitive business data.
  • As representatives of the software industry, you
    will find abundant opportunities in assisting
    your customers to meet these challenges of the
    global workplace.

52
  • Thank you for your time and attention.

53
Best Practices
  • John Enstone
  • Faegre Benson LLP
  • London

54
The Opportunities and Challenges for Outsourcing
in the UK
  • By 2009 the combined outsourcing market for the
    UK, France and Germany will be worth more than 40
    billion dollars (UK National Outsourcing
    Association)
  • Impact of mature outsourcing experience among UK
    users on consultants and suppliers
  • Opportunities for new EU members in Central
    Europe
  • Impact of new EU members on the outsourcing
    market
  • Potential legal issues
Write a Comment
User Comments (0)
About PowerShow.com