Managing Director of the Information Security Forum Steve Durbin outlines three key strategies to adopt when approaching digital transformation
Technology promises much, but it doesn’t always deliver. It is alarmingly common for exciting plans of digital transformation to end up as expensive failures. In the clamour to adopt the latest technologies and gain a competitive edge, many organisations forget about security. Companies frequently fail to put enough effort into securing the right skill-sets or training staff. There’s also a worrying tendency to rush things out without thoroughly testing them.
For all the wonderful things that technology may offer us, humans are still the beating heart of every organisation. If people don’t understand the technology at their fingertips, then they will struggle to wield it effectively or securely. To set your systems up for success, here are three common failings you should take measures to avoid.
Don’t make security an afterthought
Security is rarely part of the early discussion about digital transformation, which tends to focus on benefits rather than pitfalls, and is often overlooked. If you fail to build security in from the start, then you run the risk of introducing vulnerabilities and widening your potential attack surface.
It can also prove difficult and expensive to secure retroactively. It’s good practice to consider security from the outset, whether it is a digital transformation project, a new product, or a newly developed service.
Consider how people will interact with any new application you bring in-house. Speak to all the key stakeholders and build a holistic view of concerns and possible vulnerabilities. Identify the potential risks that simple human error, negligence, or even malicious intent may bring.
By carrying out an in-depth risk assessment, talking to employees of all levels, and including security professionals from the start, you can balance the need for security with usability and convenience. Get this balance wrong and it may result in an insecure system, or a system that is very secure but so difficult to navigate that people subvert it.
Lack of research and preparation
Every new technology has a learning curve. To configure it properly and use it effectively you need the right knowledge within your organisation. That will likely necessitate a mix of new hires and training. When your employees don’t understand the technology they are using or why you have carved out certain policies, there is a real risk they will accidentally (or even purposely) misuse it. Whether through ignorance, frustration, or a desire to perform well, the result for your business is the same. That is why it is so vital to ensure that the technology you adopt is fit for purpose and properly explained.
Pull back the curtain, enlist your employees, and encourage them to speak up and identify potential problems. Explain the motivation for adopting new technology and the expectation of what it might deliver for your organisation. Successful digital transformation depends on people buying-in and understanding both the aims and limitations of new technology.
Testing is rushed or skipped
Rolling out any shiny new project is exciting and there is a natural urge to do it rapidly so you can start reaping the benefits as soon as possible. When this excitement crosses the line, it discourages proper testing. If you pressure people to hurry and make too many assumptions about how systems will be used without the data to back them up, disaster will soon follow.
Having identified expectations and potential risks, it is crucial to test different scenarios and see how employees interact in the real world. Internal assessment must be combined with a review of external threats. Practical exercises are an effective way to learn and will serve as catalysts for discussion and thought about how well a new system works, how secure it is, and how it might be improved. Create a feedback loop as early as possible, so that your new system and the processes around it can evolve and meet the needs of the business.
Security: The foundation for success
An effective approach to security can serve as a solid foundation for successful digital transformation. Having clear procedures set in stone is an effective way to reduce the threat of security incidents, but you need to balance rules with reasoning. Work towards equipping employees with the critical thinking tools they need to ensure security standards are maintained and the benefits will be recognised in other areas of your business. The adoption of technology should be questioned and justified in terms of tangible benefits. Share the businesses goals, so that employees understand the ultimate aims. Provide regular training and recruit knowledgeable employees who can mentor others and help you build a wider understanding of how to fully exploit the potential benefits of your chosen technology.
There is no substitute for thorough testing. The faster you can identify a problem, the better your chances of mitigation, and the cheaper and easier it will be to deal with. Back up assumptions about what any new technology will deliver with cold hard data. Ensure test environments are as close as possible to the real thing and make sure to test with the people who will ultimately use the system.
A resilient strategy will always be evolving and taking new data on board. Be inclusive, foster understanding, test thoroughly and you’ll achieve a greater chance for success with digital transformation.