In the very near future, a sustainable and resilient organization will be able to combine accurate business continuity assessments & planning with comprehensive risk management in order to better and proactively face the “dreaded” and inevitable digital and business disruption that’s been coming everyone’s way for years now, and that will continue, with no end in sight, to exert incredible pressure on all organizations to re-invent themselves or perish.
It is the case that most times a business sets to deliver the value of new and innovative business models, shaped by digital transformation, to the hands of their end users and clients, the CISO and rest of information and cyber security experts in the organization are not invited to sit in at the design phase. This only leads to products and processes with no security and protection by design, which in turn makes it extremely difficult – and expensive – to integrate at later stages, when reality makes you realise the business risks incurred by not having them present in the strategy phase and service design process from the beginning.
The main areas to take into account when planning a digital transformation roll out in an organization are:
• Cloud computing, including hybrid cloud and virtualization.
• Customer analytics, B.I. analytics, and big data analytics.
• Robotic Process Automation (RBA) and Business Process Outsourcing (BPO)
Project and Programme management in these areas are highly complex and expensive, and their interfaces and business risks are somewhat hard to manage. However, when planned and executed conscientiously and with agility in mind, the results can be exquisite in terms of information security and protection of all organizational assets. But, managing such projects and programs effectively, certainly implies having security and protection embedded in all services and processes by design. From the outset.
But, what role does information security play in digital transformation?
Information and Cybersecurity continue to gain prominence in all strategic approaches by an organization. The CISO and the CIO are ever more part of all strategy discussions and, more often than not, they are the ones leading such discussions. The CISO and CIO are becoming more of a type of Chief Culture Transformation Officer (through the use of technology and innovation) on a mission to transform the IT and business culture within their workplaces.
The CISO and the CIO are evolving and taking on the role of internal advisors. For years, CISOs have been insisting that information and cyber security must be imbedded at the very beginning of the service design process. Nowadays, thanks to more agile and flexible components and methodologies, this integration is much easier to achieve.
In addition, in order to achieve true digital & business transformational readiness, security teams MUST evolve as well. The real challenge for most security teams across the board is still that of “how to integrate security at the same speed, or faster, than that of digital & business transformation and ensure that security is imbued in every new internal digital process, every new business model, every new product or service, and even every new external collaborator or provider. And it all comes down to one thing: company culture.
But, how can we tackle the challenge of transforming company culture?
Some of it can be accomplished through re-organization and experimenting. Or you may decide to bring in external talent to coach you on where to begin, how to measure the progress, and how to proceed after they are gone. The world is just moving too fast. However, the good news is that security teams nowadays are far more approachable than they were a decade ago and they understand the importance of the work they do as part of the business value delivered.
In general, we are on the right track, but there is still a lot of work to be done. Just as it took a while for software development to be embedded in every single process and service offered by most companies – but in the end, it happened, the same is true about digital and business transformation. It will take time, but we will all get there.