Security Experts:

An Outside-In Look at Digital Transformation

Digital Transformation is a Massive Undertaking and Must be Entered into With Equal Thought to Security and Business Strategy

It’s summer time and vacations are top of mind. If you want to relax, then a trip to the beach may be on your agenda. Or you may enjoy spending your time learning something new, so an instructor-led educational trip might sound good. If you want to exercise, then a hiking expedition could be just the thing. Or perhaps you want to help others and a mission trip makes sense. The point is, to get the most value from your precious vacation time, you start with the desired outcome and work back from there – investigating options, making reservations, and packing accordingly. 

The same holds true for your business as you begin your digital transformation journey – start by looking at the outcomes you want to achieve. 

Tele-medicine is making it easier and more effective for many in rural areas and the elderly to get prompt, quality care and access to specialty services without the time, expense and sometimes physical pain of travel. This entirely new way of looking at healthcare delivery is creating a healthier and happier population. The connected car promises to make automobile transportation a safer, more enjoyable experience for everyone. In effect, your car becomes a smart device on wheels with services such as location-based hotel and restaurant recommendations; the ability to order and pay for your pizza as you pick it up on the way home from the office; facilitating ride sharing and car sharing; and even tracking your speed and alerting you to unsafe conditions. 

In these examples it’s easy to see that security is an enabler of digital transformation. Success depends on secure transmission of sensitive data and protecting the systems that store and use that data. Unfortunately, many organizations are not achieving the full benefits of digital transformation because they lack a comprehensive security program. A recent survey of more than 1,000 senior executives across industries and regions found that over 70% attribute security risks for slowing down their digital transformation efforts, and 39% have stopped projects altogether due to cybersecurity concerns.

Digital transformation is a massive undertaking and must be entered into with equal thought to security and business strategy. So what should organizations consider as they reimagine their business models to achieve a desired outcome? Here are five questions to ask that will guide you toward a strong cybersecurity foundation that will position you for success. 

1. Are we ready for secure digital transformation? The journey begins by identifying an advocate across the C-suite who can gain alignment between IT and the business, and help to champion the people, processes, and technologies that will make digital initiatives more secure. With a proactive approach to cybersecurity you can stay ahead of the curve – assigning dedicated cybersecurity resources, allocating funding for cybersecurity initiatives, and actively incorporating cybersecurity tools and best practices into your operations – with the aim of enabling innovation and growth.

2. Do we have the security essentials covered? Assess your current security posture to determine whether you have an appropriate starting point, or the “security capability essentials” that you can build on to reach your transformational outcomes. Ideally you should have a security program that is enterprise-wide in scope with an appropriate risk management platform and security governance mechanisms in place. The basic security technologies should include perimeter protection, identification and authentication, anti-virus and malware detection, network segmentation, intrusion detection/prevention, remote access, and event monitoring and response.

3. Now that we know the essentials are in place and effective, what advanced capabilities do we need? Technologies like micro-segmentation, advanced malware protection, advanced threat intelligence and analytics, and encryption can help you move forward with confidence with projects that extend beyond traditional boundaries. Working together these tools can provide the right level of control based on criticality of systems and data and who needs access to what, from where, and through what type of device. 

4. How are we tying security to business outcomes? This requires a mind shift from viewing security as a “cost center“ to a “strategic enabler“ where security investments are prioritized based on the potential business gain. As business leaders develop digital initiatives, they proactively collaborate with IT to ensure that security is designed-in from the earliest stages. When security capabilities are embedded into core business processes, ownership of security risks is appropriately allocated across IT and business leaders. 

5. Do we have capabilities in place so that we can continually optimize security? Digital transformation isn’t a “one-time deal.” Smart security investments will allow you to be responsive to business climate changes, new or faster competitors, shifts in regulations, and global economic factors. You also must be able to respond to advanced and evolving threats. Adaptive security architectures allow for that without adding complexity and over-burdening resources. And to build a strong case for additional investment to enhance protections, board-level security metrics must tie directly to business outcomes. Security effectiveness is measured by understanding the value of what you are protecting, and optimized using simulations to continuously test the efficacy of your security operations. 

Organizations must capitalize on digital transformation, not just because they need to keep up with competitors, or because it’s in the headlines, but because when done right it will allow your company to capture more value while making a real and positive difference in people’s lives.

view counter
Ashley Arbuckle, Cisco’s VP of Security Services, is responsible for the oversight and global delivery of the Cisco portfolio of Advisory, Implementation, and Managed Services, bringing a pragmatic approach to helping Cisco’s clients solve their most complex security challenges. Arbuckle started his career in security consulting at PwC working with Fortune 500 customers. After PwC he joined PepsiCo where he led enterprise security and the strategic planning process for PepsiCo’s IT budget of over $2 billion. He has a BBA in MIS and Accounting from the Rawls College of Business at Texas Tech University, is a CPA, and holds a CISSP and CISM.