Companies looking to gain the benefits of digital transformation are finding themselves in a catch-22 situation: Organisations are aware of the fact that they have to digitally transform before they begin to suffer from financial and competitive threats, but the transformation itself is opening them up to a host of new security risks and threats.
Research by digital consultancy SoftServe found that security is the largest factor standing in the way of enterprise digital transformation efforts, with more than half of the companies surveyed saying that security was the number one challenge they face when implementing digital enablement technologies. Compounding this is the skills shortage in IT generally, and security specifically. According to Osterman Research, 57% of businesses have major issues finding and recruiting talented cyber security staff.
“Digital transformation and security must go hand and hand. It’s important to account for vulnerabilities when creating your transformation strategy, especially considering that most transformation initiatives include reworking IT infrastructure,” says Ignus De Villiers, Divisional Manager Cybersecurity at StorTech.
“There has to be a change in outlook. The focus of digital transformation in most organisations has been on speed, automation, optimisation, and innovation. Companies must also focus on cyber security and all aspects thereof, including governance, risk, compliance, people, process and technology. Instead of viewing cyber security as a different component, companies should view it as a fundamental requirement of digital transformation.”
He adds that the range of different digital technologies associated with digital transformation bring with them a range of security risks that IT teams can’t afford to view in isolation. For example, a multi-cloud environment offers its own unique security challenges. These include managing access for remote users, managing different environments, vendors and platforms, and establishing and enforcing consistent security policies across all of these. Similarly, more dynamic and fluid networks require more security than traditional networks.
“Digital transformation imperatives include innovation, connectivity, speed, agility, improved service, enhanced customer experience, and so on. However, cyber security is barely mentioned when a company starts on their digital transformation journey. All too often, organisations do not involve their security team at the beginning of the process. In fact, they are called in too late,” says De Villiers.
“When planning their digital transformation, companies must consider where security vulnerabilities will arise. They must look at how data will be affected during the digital transformation process over and above their standard data protection measures. Security awareness is just as important. Human error remains the leading cause of breaches, and this is an even bigger vulnerability when employees are still learning to use the new technology effectively.”
As companies look to digital transformation to innovate and improve their business, they must look at security as an integral component of the process, De Villiers says. “Technology such as mobile and IoT has made security that much more complicated. With more businesses embarking on digital transformation efforts, they need to pause and reflect on their security strategies. If these are not integrated into their digital transformation strategies, they are leaving themselves open to as many risks as the potential benefits the transformation offers,” he concludes.