Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

An Outside-In Look at Digital Transformation

Digital Transformation is a Massive Undertaking and Must be Entered into With Equal Thought to Security and Business Strategy

Digital Transformation is a Massive Undertaking and Must be Entered into With Equal Thought to Security and Business Strategy

It’s summer time and vacations are top of mind. If you want to relax, then a trip to the beach may be on your agenda. Or you may enjoy spending your time learning something new, so an instructor-led educational trip might sound good. If you want to exercise, then a hiking expedition could be just the thing. Or perhaps you want to help others and a mission trip makes sense. The point is, to get the most value from your precious vacation time, you start with the desired outcome and work back from there – investigating options, making reservations, and packing accordingly. 

The same holds true for your business as you begin your digital transformation journey – start by looking at the outcomes you want to achieve. 

Tele-medicine is making it easier and more effective for many in rural areas and the elderly to get prompt, quality care and access to specialty services without the time, expense and sometimes physical pain of travel. This entirely new way of looking at healthcare delivery is creating a healthier and happier population. The connected car promises to make automobile transportation a safer, more enjoyable experience for everyone. In effect, your car becomes a smart device on wheels with services such as location-based hotel and restaurant recommendations; the ability to order and pay for your pizza as you pick it up on the way home from the office; facilitating ride sharing and car sharing; and even tracking your speed and alerting you to unsafe conditions. 

In these examples it’s easy to see that security is an enabler of digital transformation. Success depends on secure transmission of sensitive data and protecting the systems that store and use that data. Unfortunately, many organizations are not achieving the full benefits of digital transformation because they lack a comprehensive security program. A recent survey of more than 1,000 senior executives across industries and regions found that over 70% attribute security risks for slowing down their digital transformation efforts, and 39% have stopped projects altogether due to cybersecurity concerns.

Digital transformation is a massive undertaking and must be entered into with equal thought to security and business strategy. So what should organizations consider as they reimagine their business models to achieve a desired outcome? Here are five questions to ask that will guide you toward a strong cybersecurity foundation that will position you for success. 

1. Are we ready for secure digital transformation? The journey begins by identifying an advocate across the C-suite who can gain alignment between IT and the business, and help to champion the people, processes, and technologies that will make digital initiatives more secure. With a proactive approach to cybersecurity you can stay ahead of the curve – assigning dedicated cybersecurity resources, allocating funding for cybersecurity initiatives, and actively incorporating cybersecurity tools and best practices into your operations – with the aim of enabling innovation and growth.

2. Do we have the security essentials covered? Assess your current security posture to determine whether you have an appropriate starting point, or the “security capability essentials” that you can build on to reach your transformational outcomes. Ideally you should have a security program that is enterprise-wide in scope with an appropriate risk management platform and security governance mechanisms in place. The basic security technologies should include perimeter protection, identification and authentication, anti-virus and malware detection, network segmentation, intrusion detection/prevention, remote access, and event monitoring and response.

Advertisement. Scroll to continue reading.

3. Now that we know the essentials are in place and effective, what advanced capabilities do we need? Technologies like micro-segmentation, advanced malware protection, advanced threat intelligence and analytics, and encryption can help you move forward with confidence with projects that extend beyond traditional boundaries. Working together these tools can provide the right level of control based on criticality of systems and data and who needs access to what, from where, and through what type of device. 

4. How are we tying security to business outcomes? This requires a mind shift from viewing security as a “cost center“ to a “strategic enabler“ where security investments are prioritized based on the potential business gain. As business leaders develop digital initiatives, they proactively collaborate with IT to ensure that security is designed-in from the earliest stages. When security capabilities are embedded into core business processes, ownership of security risks is appropriately allocated across IT and business leaders. 

5. Do we have capabilities in place so that we can continually optimize security? Digital transformation isn’t a “one-time deal.” Smart security investments will allow you to be responsive to business climate changes, new or faster competitors, shifts in regulations, and global economic factors. You also must be able to respond to advanced and evolving threats. Adaptive security architectures allow for that without adding complexity and over-burdening resources. And to build a strong case for additional investment to enhance protections, board-level security metrics must tie directly to business outcomes. Security effectiveness is measured by understanding the value of what you are protecting, and optimized using simulations to continuously test the efficacy of your security operations. 

Organizations must capitalize on digital transformation, not just because they need to keep up with competitors, or because it’s in the headlines, but because when done right it will allow your company to capture more value while making a real and positive difference in people’s lives.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...