Business resilience - embedding cyber into digital transformation
In using the term ‘Cyber’ we mean Information Security, Cyber Security and all aspects of that field, from risk management to cryptography.
We have discussed the business need for digital transformation in other articles, and touched on terms such as velocity, focus and flexibility, but what has Cyber to do with digital transformation?
Embedding Cyber into digital transformation is the start of a journey towards business resilience. Every initiative needs to start with the same question: is the system we use to interact with the customer secure?
A Cyber function will give correct advice, guidance and allow the correct design for security and resilience to come into the light.
Cyber Architects and Cyber Risk Managers should be consulted as part of any new technology initiative, or when replatforming technical debt. Cyber architectural direction such as to buy into a SaaS service or an evergreen technology stack that is either self-patching or has the ability to be very quickly fixed and rolled out will give the engineers the right steer, and the confidence they need to progress.
The Cyber function will also look at the corporate data, its classification, the data access models, the way data is transferred - the whole data lifecycle. Cyber always approach problems in a very different way from representatives in Enterprise Architecture and Technology – the correct design will come from all three functions
But what if you don't have the luxury of building new solutions to deliver business value, and you have to factor in technical debt?
Technical debt is essentially having to revisit work already done to make it right, because, for various valid reasons at the time corners were cut and money not spent - and perhaps there wasn’t a Cyber function in your organisation back then. The systems operate ok, but the risk of them not working is high and they are often an open door to cyber criminals
Replatforming legacy systems onto secure cloud infrastructure is an even bigger reason to include Cyber in the team, and they should be involved in these digital transformation projects at an early stage.
This can be a challenge. The Exec's role is to take well-judged business risk while cybersecurity teams are trained to mitigate risk, which means that the influence of Cyber is less than it should be, and it is often not considered as a proactive enabler of digital transformation.
That has to change. Involving the Cyber team early on will save time and money, and, of course you will have designed your system to be secure from the very start.
Your system will be cleaner, meaner and faster. Processing time will be more efficient, data more secure. All the better to deliver reliable value to the end-customer. Fewer errors and a smaller attack surface for the cyber criminals who want to hold your company ransom.
Everything you need, done correctly the first time. All because you had the foresight to include Cyber in the early meetings. Good work, business leader.