Technology, particularly around mobility and communications, has moved IT beyond a simple utility service, to becoming a source of strategic value creation, sustainable competitive advantage, and a contributor to the management of risk. Technology is a prime enabler of business agility and provides the opportunity to innovate, and delight customers, stakeholders, and citizen by enabling new ways to work, interact, and live.
Digital transformation is where an organisation implements strategic change through the adoption of new technologies, organisational structures, and operations. It is often driven by the need to adapt to new operating environmental norms.
An organisation’s digital transformation drives security transformation too. New ways of organising, working, new systems, and particularly new equipment all bring changes that can include new vulnerabilities and an extended attack surface.
With an influx of IoT and mobile devices, CISOs need to ensure they can exert appropriate controls, based on their policies, on these devices wherever possible. And, as devices often get deployed without announcement to security teams, as minimum they need to be able to identify and monitor them for suspect and malicious behavior.
CISO’s should also be mindful of the increased value their organisation will be placing on data, and so its management, use and storage will almost certainly have compliance requirements to consider.
Too often security is seen as inhibitive by their internal stakeholders. CISOs need to be trusted advisors that partner with the lines of business, having shared discussions about risk, and being part of the solution that appropriately secures new business initiatives.
In progressive organisations, cybersecurity is not just seen as a technology and policy issue. Security has to be a shared issue across the enterprise. This changing of organisational mindset is not easy, takes time, and requires an adept CISO who can move, influence and carry respect in both the business and security and risk domains.
Digital transformation invariably demands a grass roots review and analysis of what new risks the digital transformation will create, the organisation’s risk appetite for them, and the identification of acceptable risk management approaches.
In fact, security should be an integral element of the transformation project planning itself, not as a consequence of it. New security capabilities may often be needed and require resourcing. An organisation’s security posture is not a static thing, it needs to adapt and grow with the organisation as it deals with both internal changes and shifts in the external environment.
Finally, end customers want solutions that work, deliver on their promises, and make work easier.
Key takeaways
- An organisation’s security posture is not a static thing and grows as it deals with internal, external changes.
- An organisation’s digital transformation drives security transformation too.
- New ways of organising systems and equipment bring changes that can include new vulnerabilities and an extended attack surface.
- Digital transformation invariably demands a grass roots review and analysis of what new risks transformation will create.
- Security should be an integral element of the transformation project planning, not a consequence of it.
Digital transformation demands a grass roots review and analysis of what new risks transformation will create.