Security has evolved since the days when cybersecurity systems were evaluated by the number of incidents handled by the InfoSec team over a year. IT departments and organizational leadership adopted the attitude that no news (or no data breaches) meant no security problems, so all was well.
That approach wasn’t true then, and it certainly isn’t true now. Over time, the record has proven security to be the business enabler in digital transformation (DX), by most effectively protecting and managing the most valuable asset:data.
DX has been the force behind the rapid pace of innovation. Successful innovators must juggle the uncertainty of DX processes and security risks. One approach is based on the “fail fast, learn fast” rule. Cryptography is an example of this rule: Instead of giving mathematical proof that an algorithm is safe, the community accepts (and considers trusted) a cryptographic scheme because it is very unlikely it could be broken in foreseeable future.
Emphasizing Security in Digital Transformation (DX)
Threat actors, however, are diligent in their attempts to break into new technologies and find ways to get to the data. Security plays a vital role in any data-driven DX by staying ahead of such dangerous threat actors. Here are three examples of how companies in different industries are successfully managing DX, thanks to data security.
- Digital Transformation in the Medical Industry
CheckPoint Cardio invented a wearable device that constantly sends dozens of raw health data (like ECG, pulse, blood pressure, etc.) to a remote center that correlates them in heart-related events and responds in real-time. Medical professionals use this information to treat patients and respond quickly to health emergencies.
But what happens if this medical data ends up in the wrong hands? It not only holds business value to healthcare facilities, but threat actors could manipulate the data that impacts patient health. Also, because there are strict regulations surrounding health data, compromised data could result in massive fines and penalties.
To protect the data, security such as client-side encryption decreases risks caused by third-party providers. The greater emphasis on security of the data makes it easier for hesitant companies to adopt this innovative and useful technology.
- Digital Transformation in the Media/Social Platforms Industry
Facebook always sold information generated by users to external advertisers who, in turn, often resell the same information. The data mining and sharing by Cambridge Analytics showed both the value of the data to outside entities and the security and privacy implications for the Facebook users. Facebook’s reputation was seriously damaged by the scandal.
Since then, the company changed its data security and privacy approach to meet GDPR compliance (in all its technical and organizational measures) and this has become a compelling security requirement for the company to assure its ads-based business to flourish.
- Digital Transformation in the Financial Industry
Consumers increasingly want a fully personalized offering from their financial providers. The more contextualized data the company accumulates from its customers, the easier it is to improve and personalize its service. A traditional data-lake system that follows security and privacy best practices would do the job, but companies are also constantly researching new security tools to best protect consumer data and increase its marketing appetite. One such tool (even with its security and privacy shortcomings) is blockchain technology.
The Challenge of Legacy Systems
DX opens the doors for new revenue opportunities for companies, and data-driven security is designed to enable such DX by keeping the additional information safe. However, organizations that rely on legacy systems lack data-driven security awareness. A Cambridge University research survey reveals that “71 percent of respondents agreed that there are data quality and integrity issues that make it difficult or impossible to implement a data-driven business model, as users quickly abandon apps that provide incorrect information.”
John Chambers, CEO of Cisco at the time, commented that dynamic companies, i.e., the ones who adapt services to customer needs, will gain a competitive advantage. “Forty percent of businesses in this room, unfortunately, will not exist in a meaningful way in ten years,” he said in a keynote address. Additionally, while 70 percent of companies will attempt to go digital, only 30 percent will actually succeed.
At the heart of successful digitalization is data security. But success of DX security is the responsibility of corporate leadership:
- The CEO is the main sponsor of the DX project and is the individual ultimately accountable for its success (or failure) in front of the steering board and investors.
- The CIO (or CTO) reports to the CEO and is accountable for the Business-as-Usual (BAU) IT Operations during all phases of the DX.
- The CISO reports to the CEO and possibly the CIO and is accountable for unforeseen malicious threats happening during or after the DX.
Accountability and Predictability in Secure Digital Transformation
To meet the challenge of a secure digital transformation, leadership needs to emphasize two areas: accountability and predictability.
- Accountability Security should always be a shared-responsibility matter that concerns everybody in the company. To promote that mindset, security behavior should be incentivized with bonuses and rewards. This way employees will not see security solely as checkbox-tasks dictated from above, but as a real added value to the organization for protecting core assets, businesses and, ultimately, reputation.
- Unpredictability This has to do with lateral thinking, but will be treated in my next article, more oriented to the architect and technical fo
Although security should be deemed mandatory by everyone, it is rarely seen as the main enabler for DX itself. As seen by the examples from different industry verticals, security shall own this active role to make business advance in digitalization.
A small change to your mind set can result in a big change to your bottom line. You will save resources from a breach that could disrupt operations, damage brand, or make you go bust. But you will also find new markets and generate new income sources with a security-by-default mindset.
Whether you’d prefer to embrace a potential win or avoid a sure loss, it is definitely worth digging into the topic more.
- Data Security as a Business Enabler - June 15, 2021
- “Security and Cloud, What Is the Right Recipe?” The Technologies - May 9, 2019
- “Security and Cloud, What Is the Right Recipe?” The Processes - April 23, 2019