SECURING THE DIGITAL TRANSFORMATION
Why Security is at the Forefront
With increased deployment of technology, we increase our dependence on digital processes, which in turn makes us more vulnerable as these systems will be increasingly targeted by cyber criminals. Consider for example critical Industrial Control Systems (ICS) such as those used in power generation, and the Oil & Gas industry. Now that they are becoming part of the broader IT network, they too are exposed to attack. By disrupting these services, there is a huge potential impact on not only the convenience, but also the safety of individuals. As we make systems smarter and connected, we are also making the attack surface bigger, so we need to implement robust security technologies.
For these reasons, it has often been argued that cyber security is the biggest barrier to digital transformation, and I don’t think anyone who reads even mainstream news underestimates the challenges of securing IT. Even so, I would argue that security is not a barrier but instead a fundamental pillar in digital transformation. Digital transformation is the way forward so as we move processes to IT platforms, we also need to ensure these platforms are secure.
The Real Barriers
Most public and private sector organizations have already evaluated how they can start their digital transformation journey, but the real barriers that present themselves are inflexibility of existing systems, siloed IT systems, lack of technical resources as well as defining the strategy of what needs to be achieved.
We have the tools and security systems available today to mitigate the large majority of attacks, so the risk actually lies in the organization’s failure to implement a cyber security strategy through every step of its digital transformation as well as failing to understand the ongoing proactive security requirements.
Why Security Becomes a Challenge
Often security is not prioritized as much as it really should be. Anyone organization that is going through a proper digital transformation will go from having the ‘organization operating technology’ to ‘technology operating the organization’, and when you aim for such an intimate link between technology and your business success, I believe that all efforts associated with securing your business should be expected.
Securing the Digital Transformation
One area that businesses will have to increase their focus on is the end user as this remains the weakest link in cyber security. Therefore, in addition to the technology, there is the need to create cyber security awareness while also ensuring the right controls are in place to protect users from becoming the gateway to attack. In short, the security of all IT projects should be based on the fundamental pillars- technology, processes and people.
Organizations should also understand that there are no shortcuts, and that the costs will be high they try to cut corners. Cloud services are often seen as one of the fuelling factors of digital transformation and indeed it can be one of the major ingredients. However, cloud does not take away the responsibility of securing systems. The cloud may be secure in itself, but you still have the responsibility of securing the applications and business processes you put in the cloud.
I actually think that if things are done right, the digital transformation process will be more secure, efficient and possibly also cheaper than before.
Nicolai Solling, CTO at Help AG