You pretty much can’t be in business today and not have some digital footprint. Companies of all sizes and across all industries are taking it to the next level, though, with digital transformation. The challenge, however, is how to maintain effective cybersecurity while embracing digital transformation.
What Is Digital Transformation?
I should start by establishing what digital transformation even is. To be honest, digital transformation sounds like some sort of esoteric Zen journey, or maybe some way to describe turning a human being into a cyborg by integrating computers and bionic components.
So, what are we talking about when we talk about “digital transformation”? According to Wikipedia, digital transformation is “the use of new, fast and frequently changing digital technology to solve problems often utilizing cloud computing, reducing reliance on user owned hardware but increasing reliance on subscription-based cloud services.”
To put it in clearer terms, it’s a fancy way of saying that you are adopting things like cloud computing, cloud services, and DevOps culture. In most cases, the businesses in question were already using technology and were already “digital”—but now they are migrating servers, applications, and data to the cloud, using Software-as-a-Service (SaaS) offerings like Microsoft Office 365, or Salesforce, and generally taking the computers and tools they traditionally installed and managed locally themselves and “transforming” to more efficient and cost-effective equivalents in the cloud.
We do love our terminology in the tech and cybersecurity world.
Security in the Age of Digital Transformation
The trick is to get to the other side of digital transformation without sacrificing productivity or security. The first day of Qualys Security Conference 19 ended with a panel discussion titled “Security in the Age of Digital Transformation” to discuss this very topic.
Winding down a day full of insightful keynotes and presentations, Sumedh Thakar, President and Chief Product Officer for Qualys, led the discussion among a panel of cybersecurity executives, including Chad Schieken, Executive Director of Cyber Exposure Management for Comcast, Senthil Selvaraj, SVP of Independent Technology Risk for PNC Bank, Thomas Graham, CISO of CynergisTek, Hemanta Swain, VP and CISO of TiVo, and Wendy Pfeiffer, CIO of Nutanix and the newest member of the Qualys Board of Directors.
The panel talked about the challenges they have faced in their own organizations and how they have addressed them. One of the primary challenges is as old as technology: the fact that security always seems to be an afterthought that is tacked on at the end. Graham noted, “Traditional business processes haven’t looked at security until the tail end—until it’s something they just had to do from a compliance perspective, which is to check a box.”
The discussion focused on shifting the perception and culture of cybersecurity from a roadblock or hindrance to something that can enhance and streamline business processes—and, ultimately, become a competitive differentiator that sets the company apart from its rivals.
There was also a lot of talk about DevOps culture. DevOps has changed the conversation about how companies approach technology because it breaks down walls between developers, IT infrastructure, and cybersecurity. As companies go through that transition, though, there are still different teams vying for resources and budget and that can sometimes lead to conflict.
Sumedh asked Wendy to talk about how she balances those needs and requests as a CIO. She answered the question with an analogy: “You have engineers—whether they’re in IT or DevOps or elsewhere—who are building the car. They’re building a race car, and they’re putting all the features in that that race car needs to win. Then you have other folks—IT people, etc.—who are the drivers. And, they are—first of all, they know how the car operates, they know everything about that—but they also have these skills to operate. And, they’re on the same team. They’re both trying to get across that finish line first.”
Wendy used that to segue into pointing out that when it comes to discussing how to allocate resources or which team gets more budget, it’s important to remember that, ultimately, we all want the same thing. She noted that it’s fair to have the discussion about finding the right balance, but that it’s important for everyone—the engineers, the IT team, and management—to keep in mind that the focus is on what is best for the company or the project and that it is not really a function of teams competing with each other.
It was a 45-minute panel discussion, so there was a lot more said than I am going to attempt to share in a blog post. Suffice it to say, it was an enlightening session that provided valuable insight. Small companies and large companies face many of the same issues. Some industries—like Financial or Healthcare—have unique regulatory requirements to navigate as well. In the end, though, digital transformation is imperative for companies that want to remain competitive, and it’s crucial for organizations to stay focused on cybersecurity and maintain an effective balance between security and digital transformation.