You know something has gone mainstream when you see it featured in a television commercial. I noticed it with cybersecurity and then with cloud computing, and the other night, I saw a tech company advertisement discussing the digital transformation. To me, this shows that smaller organizations are turning their attention to broadening their digital landscape. The broader question is whether these organizations are making cybersecurity a part of their digital transformation.
There isn’t really a choice. Security has to fit into any digital transformation process, Todd Waskelis, AVP of AT&T Security, told me during a conversation at SpiceWorld 2018.
“The digital transformation will change the way security organizations think and operate inside businesses,” Waskelis said. “That’s because technology used by businesses is changing and changing fast.”
Rethink Security in the Digital Transformation
Waskelis sees security working with business units more as a partner as organizations make the digital transformation. In the past, the security arm worked more as a “network cop,” policing activity across the network and protecting the perimeter from intrusion. With the influx of mobile, cloud computing, IoT, and other technologies, security protections has no choice but to shift from the traditional systems to one that addresses more endpoints and fewer perimeters, as well as become more centered on protecting data directly.
We don’t always know what or where the vulnerabilities may be in these new devices and technologies, either. IT staff need to be at the cutting edge of technology and are often eager to try the latest and greatest tech, and sometimes they are able to sell their bosses on the need for this new tech in the office space. However, technology is regularly developed and pushed to market before all the bugs are fixed, and this can open an organization to cybersecurity threats.
One way to approach building a digital transformation is to rethink security. And that begins with not using the term “security,” said Waskelis.
“Security tends to sound very binary: Is it secure or not? It’s either on or off,” he explained. “Instead of talking about security, let’s talk about risk management.”
So, in terms of adding new technologies, rather than asking how to secure the device, determine what the risks are if you move data from the network to the new tech. If you address concerns of risk management as a business value, you can end up building a stronger security operation overall.
Seeing the Positive
There is a tendency to see security as a negative issue, but perhaps we’d be more successful with promoting security within the digital transformation if we turned it into a positive story. The same is true even if you view cybersecurity in risk management terms. For example, you can say, “We spent X amount of dollars today to protect a particular asset and here’s its risk exposure, but if you move that same asset to another technology, you can save money on controls and improve its overall protection.”
Where is the Risk in Digital Transformation?
If we’re going to think about cybersecurity for the digital transformation in terms of risk, I asked Waskelis where the biggest risk is in adding new technologies. Perhaps not surprisingly, he said it is the human factor. As long as people are going to be using these technologies and accessing the network and the data, there will be risk—and you will always have users.
The other top risk is the movement of critical assets and data to entities that are no longer under our control, compounded by the risk of not knowing what controls need to be in place. With many of the technologies within the digital transformation, the data owner is not necessarily the data custodian, and that means we’re transferring risk management to someone else. These other providers should provide some levels of security, but that might not meet the levels your organization requires. It is your responsibility to fill those gaps—something that some in leadership may not realize.
The digital transformation requires buy-in from the top down throughout the organization. So does the security—or risk management—of the digital transformation. Once you understand how risk management can be used as business value, your overall security posture will improve and make the digital transformation a safe and successful operation.