De-perimeterisation Risk & Security
Adapting to the erosion of the security perimeter
The traditional perimeterised architecture was perfectly adequate for an organisation that simply wanted to operate inside its own controlled environment, with e-mail to the outside world.
Today, this type of organisation has almost ceased to exist because today’s business needs demand wider connectivity to support sharing of sensitive information over the Internet (e.g. cloud computing) and IT consumerisation (e.g. Mobile devices & BYOD). While developing online collaboration with business partners, customers, suppliers, and outworkers, organisations have to carefully consider new threats and risks posed by de-perimeterisation principles and related technologies.
How Deloitte can help?
Deloitte can help organisations to address the underlying challenges raised by de-perimeterisation and the move of IT assets, users and data outside of the traditional network perimeter:
- Security – Assessing and Defining security solutions which are effective in a de-perimeterised architecture
- Data Privacy – Protecting confidential and private information which migrate to places outside the network boundaries
- Regulatory Compliance – Ensuring compliance with national and industry regulatory requirements
- Social & Legal – Defining policies that comply with the applicable legal and social requirements
Deloitte proposition overview
- Mobile Device & Bring Your Own Device (BYOD) – Assistance for ensuring a controlled deployment of Mobile devices solutions: Defining mobile device strategy and policies, Securing and testing mobile applications and infrastructure, BYOD Readiness, etc.
- Cloud Computing – Manage risks from adopting cloud services and models (IaaS, PaaS or SaaS) across their deployment lifecycle.
- End-Users Networks – Assistance for managing risks related to the introduction of end-users networks (i.e. guest/visitor networks): Security policies including Acceptable Use Policy, Wi-Fi security assessment, Legal assessment, etc.
- Social Media Risk Assessment – Analyse social media strategic objectives and reconciliation with organisational goals and objectives, including assessment of policies, procedures, and technology practices
- Digital Trust Services – Design, assess and improve digital trust architecture (PKI, Federated IAM, Digital Signature, etc.) for providing organisation with IT security as well as legal value and interoperability of their communications with trust operators, service providers, etc.
Our approach & methodology
Deloitte has developed mature proprietary risk assessment frameworks as well as a specific security methodology in order to address de-perimeterisation challenges:
- Deloitte Mobile Security Framework
- Deloitte Cloud Computing Risk and Control Framework
- Deloitte Social Media Risk Intelligence Map