The Essential Conflict
The rush to digital transformation promotes innovation and success—but it also increases the chance of a data breach along with a number of other cybersecurity risks. And according to a survey by Ponemon Institute, almost three-quarters (72%) of people involved in managing their organization’s digital transformation activities agree or strongly agree with that statement. This is a staggering number and one that should concern any organization planning (or in the midst of planning) digital transformation strategies.
Opting out of digital transformation efforts or avoiding transformative technologies—such as cloud, AI, IoT and others—because of cybersecurity concerns is a non-starter. Organizations who take this cautious route may risk losing market share and falling behind competitors, perhaps irreversibly. But companies are clearly struggling with building in security as a foundational component of digital transformation. A study by UK-based domain registrar Nominet looked at where in the digital transformation process security is being considered. They found that only one-third (34%) of organizations are incorporating security into the planning phase. More than half are leaving it to the pre-implementation and implementation stages, while 9% are tackling security after that fact—and 2% aren’t considering security at all. Another survey, this one by EY, found that 67% of organizations feel cybersecurity concerns prevent them from adopting new technology to grow their business faster.
Piecing Together the Security Puzzle
Why are so many companies deferring digital transformation efforts because of security qualms? And what makes embedding security throughout digital transformation so difficult? There are a number of different factors that could be coming into play.
Technological challenges: The primary reason digital transformation increases cybersecurity risk is this—as data and systems are combined and used in new ways, a much larger attack vector is revealed. An ever-growing and evolving attack vector makes it more difficult to build in countermeasures. Even if the originating system is fully secured, or enough as is possible, every new connection that creates a business opportunity also creates additional risk. And in many cases, such as with the “things” in the IoT, data-producing and data‑consuming endpoints were not designed with the level of hardened security necessary to connect to corporate networks.
Supply chain challenges: Digital transformation can shift development and delivery supply chains, from third-party microservices to cloud providers to business partners. This digital transformation ecosystem supports agile innovation, but the controls implemented (or not) by these entities affect your security and risk posture. To make matters even more complex, each of your direct ecosystem partners and vendors has their own supply chain. Risk from these fourth, fifth, etc. parties—organizations and systems you don’t even have a direct relationship with—can theoretically (and potentially) cascade back to you.
Alignment challenges: The EY survey found that 82% of technology leaders believe having a cyber-secure brand is important for a competitive advantage, but a significantly smaller proportion of business leaders (68%) actually hold that view. The Ponemon Institute study similarly found that only 33% of respondents believe their management is aware of the relationship between security and brand, while only 29% believe management understands how consumers and customer trust is affected by not securing digital assets. This disconnect could help explain why two-thirds of companies embarking on digital transformation efforts aren’t incorporating security from the get-go.
Operational challenges: The Ponemon Institute looked at what prevents companies from achieving a secure digital transformation process, and the top three reasons all point to operational issues. The biggest barrier, cited by 56% of respondents, was complexity of business processes. Insufficient visibility of people and business processes came in second (50%), followed by lack of skilled or expert personnel (47%). Successful digital transformation requires significant organizational transformation, and if that’s not baked in, roadblocks pop up.
Solving the Security Challenges
Of course, there is no one thing you can do or buy that will address all these challenges, but neither are they insurmountable problems. Best-in-class digital transformation leaders, in addition to embracing a culture of secure innovation, embed security priorities, processes and controls throughout the entire software development lifecycle (SDLC) with a variety of approaches and tools. They re-align teams and integrate processes—using DevSecOps and a microservices architecture as well as automating expensive and labor-intensive testing processes—to facilitate continuous and secure delivery of innovations.
They build in visibility throughout their organization, including the entire ecosystem, so they can manage software and infrastructure risk proactively and in real time—tactically as part of day-to-day operations, as well as strategically at the executive level. And they provide for continuous proof of compliance to stay on the right side of regulatory requirements and consumer expectations.
Cybersecurity and Digital Transformation Are Inextricably Linked
There’s no doubt that digital transformation is an imperative for organizations of all sizes and in all industries. And cybersecurity in general remains an ongoing and evolving problem. There’s abundant research demonstrating the intersection between these two critical issues is what creates challenges and risks, big enough to stand in the way of successful digital transformation efforts. Organizations who adopt a security-first mindset and then re-shape their teams, processes and tools accordingly, are well-positioned to innovate their way to success.