PLATFORM SECURITY

Deloitte Launches Zero Trust Access, a New Managed Security Service

Deloitte | July 12, 2022 | Read time : 3 min

Deloitte
To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that offers a cloud-native approach to securing communications between users, on any device, and enterprise applications, wherever they may reside.

The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise.

Part of the newly expanded Zero Trust by Deloitte, Zero Trust Access facilitates zero trust adoption and the evolving needs of organizations in protecting their applications, infrastructure, and data. Following the integration of recently acquired talent and technology into existing Deloitte services, the Zero Trust Access managed service connects users to applications through a frictionless cloud-native solution that is inherently scalable, resilient, agile, and secure. Further, the managed service is available standalone, integrated with other Deloitte offerings, or as part of a broader solution leveraging technologies from Deloitte's alliances ecosystem.

"As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust.  "Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogenous solutions to achieve similar outcomes."

Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP

With innovative data protection leveraging device-level secure microcontainer technology, Zero Trust Access helps protect infrastructure while also enabling organizations to protect sensitive enterprise data and enforce least privilege through dynamic access control to enterprise assets. The managed service can replace remote access solutions inclusive of virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS), all of which typically require significant capital expenditure for infrastructure, high operating costs, and technology management overhead.

Zero Trust Access includes features such as ephemeral connectivity built upon secure peer-to-peer (P2P) communication, conditional access and continuous authorization, as well as robust data protection for data at-rest, in-use, and in-transit are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Implementation of Zero Trust Access can help organizations leverage outcome-based solutions that improve business agility, enhance user productivity, and reduce cost and complexity of security operations. 

"Beginning zero trust adoption isn't simple, fast or easy for most organizations," Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. "We're launching Zero Trust Access as the first in many adoption-enabling services and solutions to come, so that our clients are better able to modernize their security programs, enable agile operations and confidently advance with emerging technologies and transformative risk management principles that can build more resilient security practices."

About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.

Spotlight

Following an Executive Order issued by President Obama in February 2013 (Executive Order 13636, Improving Critical Infrastructure Cybersecurity) the National Institute of Standards and Technology (NIST) worked with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. This work is based on existing standards, guidelines, and practices. The first version of the Framework for Improving Critical Infrastructure Cybersecurity was released on February 12, 2014.

Spotlight

Following an Executive Order issued by President Obama in February 2013 (Executive Order 13636, Improving Critical Infrastructure Cybersecurity) the National Institute of Standards and Technology (NIST) worked with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. This work is based on existing standards, guidelines, and practices. The first version of the Framework for Improving Critical Infrastructure Cybersecurity was released on February 12, 2014.

Related News

SECURITY AUDIT AND COMPLIANCE

Balbix Announces New Integrations with ServiceNow to Further Automate and Improve Cyber Risk Quantification

Balbix | August 09, 2022

Balbix, the leader in cybersecurity posture automation, announced today new integrations with ServiceNow (NYSE: NOW), the leading digital workflow company. As a result of the integrations, customers can automatically augment cyber risk data with business context and integrate remediation efforts with their existing security and IT workflows. CISOs can eliminate thousands of hours from the time required to operationalize cyber risk quantification (CRQ) in dollars and close the gap between cybersecurity and the business. The integration with ServiceNow's configuration management database (CMDB) allows Balbix customers to automatically ingest business context from their CMBD into the Balbix platform and combine it with asset, vulnerability and risk data from their other IT and security tools, and Balbix sensors to create a unified cyber risk model presented in dollars. Data is automatically deduplicated, correlated and inferenced to drastically reduce the manual labor required for teams to add business context to cyber risks, and prioritize and measure them. For example, with the integration businesses can now: Measure and report on the dollar amount of risk by business unit, business leader, asset type, application, regulatory requirement and geographic location (cities, countries, regions). Quantify the dollar amount of risk related to externally facing assets, internal assets, assets that the IT department manages, and assets not managed by the IT department. "Historically, Fortune 500 companies would spend thousands of hours of manual labor mapping business context to their risk data for board reporting, risk analysis and cybersecurity decision making, Our integration with the ServiceNow CMDB, has enabled us to sharply reduce the time needed to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk to their business hierarchy and prioritize their highest-risk issues for response." Chris Griffith, chief product officer at Balbix. Businesses are struggling to report concrete CRQ results with 62% indicating they cannot calculate their breach risk in monetary terms, according to Balbix's own 2022 State of Security Posture Report. Furthermore, according to the report, 51% of organizations indicated they lack continuous visibility into asset inventories making it difficult to correlate risk with business context, and instead relying on siloed tools, manual workflows, and qualitative analysis to quantify the exposure. "Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize initiatives to mitigate it, These integrations address the growing needs CISOs have to report on cyber risk in a way that their business leaders can clearly understand, to make the right investments and to remediate their riskiest vulnerabilities faster." Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. In addition to automating advanced CRQ capabilities, the integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by enabling security teams to create ServiceNow remediation tickets from within Balbix. This enables security and IT teams to increase productivity by using a familiar and shared system for remediation workflow. Moreover, security analysts can create tickets to remediate a vulnerability for a single impacted asset or for a group of assets to specify remediation tasks more efficiently and reduce the mean time to remediate (MTTR) risk issues. About Balbix Balbix enables organizations to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. The Balbix Security Cloud™ platform ingests data from organizations' security and IT tools to understand every aspect of their cybersecurity posture, build a unified cyber risk model and then provide actionable insights for risk reduction. With Balbix, enterprises can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions. A rapidly growing set of Fortune 500 companies trust Balbix as the "brain" of their infosec programs and are realizing the benefits of maximally automated workflows and measurably lower cyber risk. Balbix was ranked #32 on the 2021 Deloitte Fast 500 North America, and has been recognized for innovation by Gartner.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Information Management Leader Archive360 Launches Developer Program to Extend Business Users’ Access to Archived Data with Zero-Trust APIs

Archive360 | August 29, 2022

Archive360™, the archiving and information management leader trusted by enterprises and government agencies worldwide, today announced its Archive360 Extend developer program, giving customers and partners access to the company’s unique APIs (application programming interfaces) so they can leverage the market-leading information governance capabilities of the Archive360 Open Archiving Platform, extending capabilities of customer in-house developed applications as well as third party applications. As the only true Platform-as-a-Service (PaaS) solution provider, Archive360 enables organizations to migrate and onboard massive volumes of data to the cloud, with full control over data security, privacy, access, and compliance. With Archive360 Extend, users can now benefit from one search to directly access, manage and extract relevant data from the Archive360 archive in the comfort and familiarity of their preferred applications, while professionals in the legal, IT and compliance units are assured that all data is being appropriately managed. “Companies offering vital services such as eDiscovery, internal and external audits and core business applications are not in the business of archiving and managing information - that’s our specialty,” said Robert DeSteno, co-founder and CEO of Archive360. “In today’s operating environment, skilled professionals prioritize working from the applications they access daily. Archive360 now makes it possible for these users to access and leverage data in Archive360’s repository from those apps with one search - in most cases, they won’t even know where the data is, only that their access is fully authorized and secure. More than a dozen partners have already joined this program, and over the next few weeks we’ll be announcing key partnerships with specific companies. Archive360 Extend represents a new advance in archiving and information management, and we’re just getting started.” The new program enables a seamless, secure and compliant connection between two complementary forces: the Archive360 information management platform’s ability to onboard, manage and store massive volumes of business data - including files, videos, audio, CRM, ERP, emails/electronic communication, social media and more - and companies specializing in complex disciplines such as eDiscovery and data analytics, serving business users who need immediate, authorized, and secure access to all relevant data resources without having to switch between applications. Archive360 enables participating companies to promote their offerings to a much broader market, including large and heavily regulated enterprises with massive amounts of data that need to be retained and managed securely in compliance with internal and external mandates. One Search User Access Archive360 APIs enable end users, with one search, to quickly, easily, and cost-effectively access, review and act on data from any system across their organization. And while the company leads the market with a unified platform - massive data volumes offering enhanced flexibility for easy and secure access - its APIs also come with major advantages. The collective benefits include: One Search: Greater visibility into any data source connected to the Archive360 archive, and greater control over that data: how it’s processed, stored, protected and managed, with performance tailored to meet specific business needs Scalability: Process and manage petabytes of data, rapidly, cost-effectively and dynamically scale horizontally and vertically to meet any workload Security: True Zero Trust data security with unparalleled PII protection - even system administrators can’t access the data without explicit approval Defensible Compliance: Ensuring data accuracy, compliance and reliability through immutable storage, data localization, and an audit trail to capture the complete chain of custody. Separate micro-APIs run in the right place across on-premises, in-country or overseas cloud infrastructures ensuring compliance with data localization requirements Risk Management: eliminating redundant, obsolete and trivial (ROT) information; replacing legacy systems; and optimizing storage Comprehensive Functionality: There’s one front-end API for ingestion, operations, monitoring, admin, records, discovery, machine learning and analytics, along with micro-APIs Open Framework: The APIs are extensible - for example, Archive360’s archive functionality can be seamlessly embedded into independent software vendors’ applications and customer portals Archive360 APIs are managed with a Zero-Trust framework that encompasses data threat surfaces, lifecycles, governance and more - a critical advantage in today’s operating environment. The company also adheres to an API-first philosophy: The APIs are consistent and reusable across the Archive360 platform and applications or portals accessing the data. Customers and partners can learn more about the Archive360 Extend developer program by speaking with their account representative or registering to become an Archive360 partner. About Archive360 Archive360 is the enterprise information archiving company that businesses and government agencies worldwide trust to securely migrate their digital data to the cloud, and responsibly manage it for today’s regulatory, legal and business intelligence obligations. This is accomplished by applying context around the search, classification, security, retention, disposition and indexing of data including files, videos, and emails—all while allowing organizations to maintain full control over privacy, access, and compliance. Archive360 is a global organization that delivers its solutions both directly and through a worldwide network of partners. Archive360 is a Microsoft Cloud Solution Provider, and the Archive2AzureTM solution is Microsoft Azure Certified.

Read More

SOFTWARE SECURITY

McAfee and Telstra Partner to Bring Privacy, Identity and Security Solutions to Customers Across Australia

McAfee | July 11, 2022

Today, McAfee Corp., a global leader in online protection, announced a multi-year partnership with Telstra, Australia’s leading telecommunications and technology company, to deliver comprehensive protection to safeguard the privacy and identity of consumers across activities, devices, and locations. The partnership will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. “A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers.” Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online. “In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.” To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after. About McAfee McAfee Corp. is a global leader in online protection. Focused on protecting people, not just devices, McAfee’s solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protect their families and communities with the right security at the right moment.

Read More