May 22, 2019
By Zeljka Zorz, Help Net Security
Digital transformation (DX) is becoming the largest driver of new technology investments and projects among businesses and IDC forecasts that global spending on DX will reach $1.18 trillion in 2019.
But DX efforts come with many challenges that need to be effectively addressed so as not to hamper the success of companies’ digital transformation program and strategies.
Those who have yet to start the process, the initial mission must be to make the boardroom understand why the company will be better off undergoing DX than not.
“The first and most important thing is to have a good threat/risk assessment for where you are today, and then determining what risks you can successfully mitigate or manage. From there, an evaluation of potential technologies for integration acts only as a delta factor for that existing assessment,” says Chris Steele, VP and Head of Technology at global IT consulting firm Apexon.
He advises on engaging an outside expert to perform detailed technical due diligence of capabilities, weaknesses, and threats, because an outside party is likely to have fewer blind spots to the in-house operational regularities and a wider set of experiences in potential risks.
“Some risks can be accepted; the expert assessor will be able to provide a rough cost of remediation or transferal, along with examples of projected incidence cost, allowing for a relatively straightforward discussion of cost/benefit analysis,” he notes.
Once top-down support has been achieved, the CIO needs to formulate a realistic and streamlined digital transformation plan and decide on how success will be measured.
“Many digital transformations fail to truly impact the business in a meaningful way because the business is chasing the wrong definition of success. A combination of financial metrics (such as increased revenue or lower TCO) should be combined with non-financial metrics that reflect the desired capabilities (for instance, customer friction),” Steele opines.
Next, the necessary capabilities or offerings must be broken into a series of initiatives that are grouped into horizons. Each of these groupings has its own contributions to the desired outcomes and critical success factors previously identified, and has accountable measurements tied to each point of the horizon.
This allows for a better discussion of the main tasks that need to be accomplished, along with early pointers towards problems, he says. For instance, an ultimate goal of increasing the percentage of digitally driven revenue may have intermediate goals toward building traffic, increasing transaction amounts and values, and improving social engagement – all at different phases in the lifecycle.
Tackling cyber risk that comes with digital transformation is a must.
“One major challenge has to do with data management and ownership. The more partner products that are utilized in buy-versus-build decisions, the more potential ‘leaks’ in the boat, so to speak,” Steele notes.
“Further complicating matters can be the ability to reconcile data in meaningful ways when each partner system has its own set of records and partial data sets. Careful testing of inter-system communication, along with robust certification of data-at-rest systems and partner infrastructure, can be critical.”
New technologies introduced in the enterprise must be well understood and managed before roll-out, as they all have unique threat models.
CISOs can help designing and supporting of new technology platforms that will be used, but the CIO and the CISO have to be completely aligned on the agenda and policies in terms of accessibility, resilience and scalability, and threat/risk modeling, Steele counsels.
A culture of security must be fostered. “Careful design of interactions and training, and on policies allows for successful, sustained innovation in appropriate environments,” he says.
“This often end up creating workplaces that are not only more secure, but more efficient. DevOps and DevSecOps, for instance, can together create processes and environments that support rapid experimentation and change, in a way that is both agile and secure.”
And, finally, customers must be made ready for the upcoming changes. Early and frequent customer education about them will prevent end users being surprised by new interfaces or experiences and allow them to recognize and reject attacks.
Want to learn more about Apexon? Consult with an expert here.