Headline Verdana Bold - Deloitte US...IoT Designing a risk-based IoT architecture for data...

Headline Verdana BoldDigital RiskPlan. Design. Implement.

© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 2

Digital Transformation has gone mainstream in the Industry and certain challenges are emerging

5.5

Million

Number of new devices connected daily to the enterprise platforms

$400

Million

Average global annual fines levied for non compliance with Risk standards

70%

Cross Functional teams leading Business Transformation activities in Digitally Mature organizations

+


In the Digital ecosystem, Enterprises have a larger threat surface to protect

Traditional vs Futuristic view of Risk

Risk Scenariosin Digital

Environment

Old Risks in a new

lens

Reputation

• High customer expectations

• Mistakes go viral

Business Environment

• Increased competition

• Changing regulatory landscape

Third party

• New Types of relationships

• Greater Dependencies

• Less oversight

People

• New skillset

• New mindset

• Employee presence in social media

Fraud

• Fraudsters have access to more data

• Need for Frictionless Authentication

Continuity

• Higher Interconnected dependencies coupled with lower controls

Traditional View

1. Organization-Centric

2. Status Quo accepted in Design

3. Risk seen as a hurdle

4. Approval when fully built

5. Not agile friendly

6. Risk as a constraint

Futuristic View

1. Customer-centric

2. Solutions targeting specific risk scenarios

3. Risk management drives growth

4. Integrated control design

5. Plug and play approach

6. Challenge to perceived boundaries

+


Digitalization means

different things for different

stakeholders

For an effective digital environment to meet the desired

objective, it is critical to consider risk areas beyond traditional risk.

Strategy and Vision

• Define a digital vision and strategy

• Conduct a feasibility assessment of the initiatives which can undergo digital transformation

Implementation

• Transforming the tools and capabilities used to deliver services

• Identify the key stakeholders in the ecosystem aiding the digital transformation

Program Management

• Focus on timely and cost effective implementation of the digital initiative, for the respective business teams.

Risk ViewContextual Risk

• Adequacy of selection of digital enablers of the digital program, in the context of the business objectives.

• Setting the tone of risk management at the design stage of the digital program.

• Prioritization of initiatives ensuring minimal impact or disruption of service.

Implementation Risk

• Risk based architecture for the digital enablers w.r.t technology, operations, vendors, compliance, security and resiliency.

• Right digital technologies for different business processes.

• Culture of a digital mindset and a secure usage of the digital components.

Governance Risk

• Focus on timely and cost effective implementation of the digital initiative, for the respective business teams.

Enterprise View

+


Creating an opportunity to undertake enterprise wide Digital Risk Management

with a view to +

Improving Reducing Assuring Buildingcustomer experience through Digital Governance

cycle time for operational and compliance/ regulatory processes

mitigation of security, privacy and compliance risks in Digital implementations

a culture to integrate risk as part of digital DNA


+

Understanding and managing Digital Risk is key to growth for the modern enterprise.


En

terp

ris

eExte

nd

ed

En

terp

ris

eR

isk A

reasAdditive

Mfg. Cloud

Horizontal and vertical system integration

Industrial Internet of things

Augmented Reality

Autonomous Robots

Strategic

Resilience

Privacy

Cyber

Operations

Technology

Third-Party

Data Leakage

Regulatory

Forensics

Digital Governance Customer Experience

Employee Lifecycle

Data Lifecycle

Asset Lifecycle

Customer Lifecycle

Big Data Analytics

Simulation

Cyber Security & Risk

Holistic Approach to Digital Risk

Mitigation

Risk areas spread across different digital ‘touch-

points’ to be considered for effective digital governance

+


OUR CURRENT OFFERINGS FOR MANAGING DIGITAL RISK From Roadmap to Monitoring

Strategy & Maturity

• Design/optimize the digital roadmap factoring in Digital Risk scenarios

• Assess maturity and define roadmap for increasing maturity level

+

Digital Risk Integration

• Integrate risks in the digital journey

• Managing program risks in large digital implementations

Digital Risk Assessment

• Risk based review and design of privacy and compliance controls in digital projects

• Technical security assessment of implemented advanced technologies

Risk and Reputation Monitoring

• Devise strategy for monitoring reputation risk at enterprise digital touchpoints

• Build culture and mindset of digital risk with proactive periodic interventions for all internal and external stakeholders

Centre of Excellence

• Establish a CoE for identifying, analyzing and embedding risks in digital program

• Extend support for providing thought leadership, trainings, specialized assessments on digital security


DISCOVERAligned to the organization’s

Digital vision, study the selection of digital enablers, and analyze the risk so as to

assess the digital footprint and its impact.

MONITOREmbed a continuous review

process that evolves in response to disruption and new developments across the digital

estate, legal and regulatory requirements.

DEVELOPBased on Deloitte’s Digital Risk Framework, develop a risk based digital architecture customized to the organization’s digital needs and operating environment.

IMPLEMENTIn the context of business, implement the risk based digital architecture for the selected digital enablers supported by an overall risk governance.

Navigating Digital Risks

+

Design a strategic roadmap for Digital Risk


Digital Risk Maturity Model

Deloitte’s Digital Risk Maturity Model aims to assess and disclose current and desirable risk management maturity levels for an

organization undergoing digital transformation. This maturity model can be used as a diagnostic tool for an ‘as-is’ assessment of an

organization's digital risk management capabilities and practices whilst on its road to digital. The intention here, is to detect and

eliminate inadequate risk management practices and map the way for continual improvement.

Levels of Maturity Benefits of the Digital Risk Maturity Model

Enables organizations across sectors to derive maximum benefits from digitalization by inculcating a consistent risk based approach to digitalization

Helps organizations to improve on their capability to adopt digitalization and consistently deliver products/ services in line with customer demands

Provides a competitive advantage to organizations in the market by enabling enhanced risk management practices & opportunities for self improvement

Enables earlier and more effective error/ incident detection, reducing large amount of costs associated with remediation

Provides a framework to standardize an organization’s risk management practices, ensuring that leading industry practices are considered, shared & adopted

The organization has not taken any steps towards digital or digital risk management.

The organization has is taking initial steps towards digitalization.

Digital Risk Practices are

ad-hoc and not considered during design phase.

The organization's digital initiatives & risk management capabilities are being integrated

across the organization to support end-to-end capabilities.

The organization is breaking new ground and advancing the state of the practice in digitalization & digital risk

management.

Non Existent

Developing

Defined

Advanced

Leading

Desired Level of Maturity

The organization's digital initiatives & risk management capabilities are being fine-tuned and

used to increase performance.

1

2

3

4

5


SampleScreenshots


STRATEGY AND MATURITY

Assess the maturity levels of your Risk Management of Digital Initiatives with our Maturity Assessment Tool. We classify Risk preparedness of Digital initiatives into five levels

+

01 Lagging

Digital risk processes are not

defined, not considered

during design.

02 Reactionary

Digital Risk Practices are developed

based on the situation and not

considered during design phase.

03 Emerging

Digital risk areas and or associated

controls are partially implemented

04 Proactive

Digital risk processes and controls

are implemented and measured

periodically

05 Optimized

Digital risk processes and controls

are continuously optimized


DesignIntegrate Risk Management in the design phase of your digital transformation strategy

BuildEstablish digital risk management process controls for the program

OptimizeEvolve the digital risk

framework with changing ecosystem and identification of

new risk vectors

RunManaging program

risks in large digital implementations.

Digital Risk Integration

+


Center of Excellence

+

Setting up a Center of Excellence for identifying, analyzing and embedding risks in digital program

Future Proof Build specialized solutions for the

organization considering evolving

threat vectors

Thought Leadership

Develop thought leadership on key

domains and processes of Digital Risk

Proactive Intervention

Continuous monitoring and

update the Digital Risk Framework

Awareness Create awareness

amongst stakeholders to identify and manage

risk in your digital initiatives


+Reputation Monitoring:

Leverage analytics to monitor and identify risks to the brand reputation from internal and external stakeholders at various digital touchpoints

Risk and Reputation Monitoring

Proactive Intervention:

Identify evolving threat vectors and integrate risk management for ongoing monitoring

Digital Risk Reputation Training and Workshops:

Build culture and mindset of digital risk with proactive periodic interventions for all internal and external stakeholders.


Unauthorized access to

original content

Intellectual property

infringement

Breaches in technology

security

Breach of privacy

Inventories and asset

impairment

Theft of personal data

Attack on internet

connected IT

infrastructure

Large scale hacking

Threat Vectors

Dependence on third

parties

Brand dilution

Goodwill impairment

Financial loss

Distrust of sponsors

Decrease in listeners

and viewership

Risks AssociatedCurrent Landscape of Original Content across Media

Companies

Content Lifecycle

1. Collect

2. Create

3. Distribute

4. Monetize

5. Archive

Advanced Technologies

Mobile Devices

Internet of Things

Social Media

Cloud

Web

Digital Content Security Assessment

Media companies need to build a holistic, business-focused digital defense approach.


Digital Identity

Having an effective authentication & authorization mechanism across all digital enablers

Blockchain

Leveraging Blockchainarchitecture to secure against internal and external threats

RPA

Enabling a secure RPA implementation and leveraging of RPA for Cybersecurity & Risk management

IoT

Designing a risk-based IoT architecture for data collection and management of remote systems

OT (SCADA)

Protecting the OT infrastructure through secure integration with enterprise technology eco-system

Digital Payments

Secure digital payment offerings using a structured risk based approach

Cyber Analytics

Analytics based risk and compliance monitoring supported by advanced technologies

Digitalization of RM

Enabling the risk management leveraging digital technologies

Digital Risk Strategy

Our service line offerings factor in

the new digital enablers

+


+

Case Studies Digital Risk


Risks Roadmap for Digital customer centricity initiative for leading automobile manufacturer

Key R

isks

Business Functions

Impacted

Productivity Efficiency Effectiveness

Failed driver assistance equipment such as Blind-spot marking, collision warning, brake-assist that are digitally embedded in the vehicle causing poor vehicle performance/ breakdown/ fatalities.

Failed onboard diagnostics that account for incompatibility between systems such as mobile applications, smart sensors leading to incorrect metrics captured for the vehicle thus impacting performance.

Higher complexity of devices running autonomous vehicles with advanced software and equipment leading to more production time and testing periods

Failure to collaborate with CSPs, OEMs, financial firms, etc. to enable digital drivers services such as In-Car content, Payment models, communication links, etc.

Loss of customer data captured from vehicle leading to privacy issues and customer identification which can result in lawsuits, penalties, loss of customer trust or faulty servicing.

Inability of car engines to receive over-the-air updates just like apps and software are updated leading to vehicle malfunctioning or breakdown.

IT Service Sales

IT Service Sales

IT Supply Chain Sales

IT Service

IT Sales

IT Service Sales


Deloitte’s Digital Risk Roadmap helps large financial services player identify risks in branch customer lifecycle management

D

Branch visit

Onboard

Service & Resolve

Optimize

Service catalogue management (Brand and Reputation)

Customer onboarding compliance (KYC regulations)

Service fulfillment and assurance (SLA)

Analytics based process optimization

A Analytics

Digital Enablers

• IOT enabled ambience

monitoring, network

monitoring

• Digital Identity

• Secure Digital Payments

• Data privacy

Digital

• KYC compliance

• Supporting processes

• Compliance reporting

• Payments and receipts

• Customer Credit

Management

Bot

• Regulatory Risk

• Process Optimization

• Branch Operations –

Service KPIs

• Network performance

• Cyber Analytics

Analytics

Monitoring of:

• Branch environment

metrics

• Technical connectivity

• Security monitoring

• System monitoring

CIC

Key areas enabling digital risk identification and management

BotB

Digital RiskD

CICC

DB

A

D AB

CC AA DD


Assessment of risks in key Digital initiatives for a leading manufacturing company in India

Objective of the EngagementThe client engaged Deloitte to help them identify risks that respective functional teams would be required to manage / mitigate whilst adopting digital initiatives to achieve their stated objectives. As part of the engagement, the client expected to have an independent assessment to perform a study on their Digital Transformation initiative from a contextual and governance risk perspective.

Existing Environment • The client had a vision of becoming a digital leader

in the manufacturing sector. To achieve this vision, a core team was constituted to identify and oversee major digital implementations across all its business units/ functions.

• There were 60+ digital initiatives that were identified and categorized using a staging process. These projects were primarily focused on increasing EBIDTA. Implementation of these projects is being facilitated and overseen by Digital Service Providers, chosen from the client’s key business functions.

Activities Performed As part of the engagement, Deloitte performed the following activities:• Developed an understanding of the digital

program by conducting discussions with relevant teams involved in implementing digital initiatives;

• Studied the existing digital program and digital initiatives undertaken by other departments, from a coverage and completeness perspective w.r.t the client’s strategic intent;

• Leveraged leading practices across the manufacturing industry to ascertain if any additional areas/ ideas could be considered for digital;

• Evaluated coverage/ contextual risks in accordance with the identified digital practices across the manufacturing industry;

• Discussed recommendations with the digital team, on feasibility of implementation to manage the risks identified.

Key Recommendations • Manage risks in implementation of digital

initiatives right from the ideation stage;• Develop a talent pool on digital technologies; • Ensure cross-functional representation and

involvement in the digital program;• Create a ‘Digital-First’ mindset among all

employees;• Define a detailed reference framework of ‘digital’

w.r.t. applicable digital enablers (e.g. IoT, RPA, Analytics, Block chain, AI, Machine Learning), which will be considered for meeting improvement objectives.

Value Delivered • Embedding a culture of ‘pro-digital’ across all business functions of the client by extending support in understanding a common definition for Digital;• Creation of a risk view for sampled digital initiatives at all levels (ideation to execution);• Assistance in increasing the current maturity of digital implementation;• Governance support for smooth execution of digital projects undertaken.

22 | Copyright © 2015 Deloitte Development LLC. All rights reserved.

Risk assessment and Risk

Treatment Plan

Performed risk assessment and developed risk treatment plans for 28 in-scope departments such

as brand solutions, distribution, marketing, media planning, commercial, syndication, brand

strategy, sales strategy, advance sales, programming, and scheduling) based on ISO 27001,

Indian IT Act, and industry leading practices.

Configuration reviewPerformed configuration reviews (console and checklist based) on operating system and databases

for Hyperion, OnAir, ERP, SAP, and PeopleSoft to identify data leakage related risks.

Third Party Risk Management Assisted in improving third party risk management and security management practices (For

example, vendors and business partners).

Digital content security assessment for a major TV network


Why Deloitte for Digital Risk?

Close collaboration with

Deloitte Digital and Digital

Studio

Partnerships with large Digital Platform Organizations to bring the best in Digital and Risk to the customers

Marquee credentials

Deloitte Risk Advisory consultants have worked with some of the largest enterprises in India to develop comprehensive Risk Management strategies

Key differentiators

Strong Digital Risk Framework

Digital Risk framework to identify and manage evolving business transformation scenarios in India

Sector-focused Risk Advisory Practice

Drawing on in-depth sector experience and Risk Management knowledge on engagements

State of the art labs for areas like Cyber Security, IoT and RPA


Assessing your Digital Risk Readiness

+

“An approach to digital risk management should begin with an understanding of the organization's digital foot print and creating a register of digital risks”

1Ownership: Do you

know what digital activity

you own and how others

use your brand online? 2Alignment: Is your

digital activity aligned

with your business

objectives?

3Operations: Have you set

the rules of engagement

with digital through

appropriate policies and

procedures? 4Assurance: Do you

regularly monitor the

performance and

compliance aspects of

your digital footprint?

Evaluate digital risk readiness by asking questions based on these dimensions+


Let’s get started on

your Digital Risk Journey

+2 hour

workshop

Engage with our Digital Risk team on a 2 hour hands on workshop, to understand your key

Digital touch points and how to identify the key

drivers.

2 day strategy session

Co-create your high level strategic roadmap with experienced Digital

Risk consultants. Identify key areas of

Digital Risk and establish controls to

mitigate them.

1 week digital risk assessment

Create a enterprise wide Digital Risk

assessment report. Use this report as a blue print to drive your

Digital Risk initiatives.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (DTTL), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.

This material has been prepared by Deloitte Touche Tohmatsu India LLP (DTTI LLP), a member of Deloitte Touche Tohmatsu Limited, on a specific request from you and contains proprietary and confidential information. This material may contain information sourced from publicly available information or other third party sources. DTTI LLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance placed on information sourced from such sources. The information contained in this material is intended solely for you. Any disclosure, copying or further distribution of this material or its contents is strictly prohibited.

Nothing in this material creates any contractual relationship between DTTI LLP and you. Any mutually binding legal obligations or rights may only be created between you and DTTI LLP upon execution of a legally binding contract. By using this material and any information contained in it, the user accepts this entire notice and terms of use.

©2018 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited

Headline Verdana Bold - Deloitte US...IoT Designing a risk-based IoT architecture for data...

Documents

Transcript of Headline Verdana Bold - Deloitte US...IoT Designing a risk-based IoT architecture for data...