Enterprises need to recognize that digital transformation isn’t just about structural and cultural change – it will also create some major security challenges as we see new ways of interconnecting technology emerging.
As enterprises make the transition to digital business, a lack of directly owned infrastructure and services outside of IT departments’ control will need to be addressed by cybersecurity, according to Gartner. The analyst firm predicts that by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.
"Cybersecurity is a critical part of digital business with its broader external ecosystem and new challenges in an open digital world," explains Paul Proctor, vice president and distinguished analyst at Gartner. "Organizations will learn to live with acceptable levels of digital risk as business units innovate to discover what security they need and what they can afford. Digital ethics, analytics and a people-centric focus will be as important as technical controls."
Senior management must lead from the front
Gartner maintains that improving leadership and governance is arguably more important than developing technology tools and skills to shore up security in digital business. The analyst house argues that decision making, prioritization, budget allocation, measurement, reporting, transparency and accountability are central to a successful cybersecurity strategy. These provide parity between the need to protect the business with what is actually required to run it efficiently.
A 2015 report global executive study by MIT Sloan Management Review and Deloitte also highlights the importance of leadership is central to reimagining all areas of digital business, including IT. “Although leaders don’t need to be technology wizards, they must understand what can be accomplished at the intersection of business and technology. They should also be prepared to lead the way in conceptualizing how technology can transform the business”, it states. This also includes security.
Going up a gear
Enterprises, as they transform, will fast realize the acceleration digital business brings. Many traditional IT security methods no longer work in this fast, ultra-connected environment. “The need for securing information remains unchanged but the nature of digital (sharing and accessing data from any device, anywhere) tests every defence,” explains analyst firm KuppingerCole.
To succeed at matching cybersecurity with the speed of business, Gartner maintains that IT security leaders will have to scope out and transform strategies to enable IT departments to become "digital business enablers rather than obstacles to innovation”.
Data in free flow
Up until now it has been relatively easy to lock down data because it has been located in the data center. But the march of digital business has pushed the flow of data out into the cloud, mobile and Software as a Service (SaaS). By 2018, Gartner predicts that by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls. New cybersecurity strategies are now imperative to handle risks in technologies enterprises no longer own and have no control over.
Locking down everything is impossible
With so many systems interconnecting in the digital age, together with the rapid take up of the Internet of Things (IoT), it is impossible to have a complete data lockdown. Instead, enterprises will have to be able to monitor for and detect breaches, hacks and other malevolent attacks and respond quickly. Gartner forecasts that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30 percent in 2016.
According to a recent report by IBM and the Ponemon Institute, the cost of an average data breach for companies surveyed has grown to $4 million, representing a 29 percent increase since 2013. Deploying an incident response team was the single biggest factor linked to reducing the cost of a data breach – saving companies nearly $400,000 on average (or $16 per record). Response activities such as incident forensics, communications, legal expenditures and regulatory mandates make up 59 percent of the cost of a data breach. A proportion of these high costs, according to Ponemon, may be linked to the fact that 70 percent of U.S. security executives report they don’t actually have incident response plans in place.
Protect your transformation
Digital technology is changing all aspects of business and bringing with it unprecedented opportunity for innovation, agility, flexibility and growth. This change requires a new hard look at security. The old does not have the power or the capabilities to protect the new. Enterprises that do not deploy digital cybersecurity practices will not realize the true benefits that digital transformation can bring – and may well get severally burnt in the process.
Discover how Orange can help you with Digital Transformation.
Jan has been writing about technology for over 22 years for magazines and web sites including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.