Infosecurity Europe 2018 was a recent frenzy of activity at Olympia in London. Each year, the event gets bigger, with increasing numbers of exhibitors across both halls at the venue. In the separate Conference Centre, where keynote presentations and debates were held, Ovum was lucky enough to chair the opening day panel debate, “Security at the Speed of Business: Supporting Digital Transformation with Cybersecurity”. Panelists from GlaxoSmithKline (GSK), Marks & Spencer, and Williams Grand Prix Engineering contributed to this lively discussion and provided a number of recommendations for organizations.
Customer-centricity is the essential security focus
Organizations across all sectors continue to embrace technology, whether for competitive advantage or to better serve the public. Digital transformation projects are typically fast-paced, and organizations’ security functions must keep up to defend the enterprise while supporting innovation.
Audience members were asked for their opinion about whether cybersecurity is an enabler of digital transformation projects or a hindrance. As might be expected, given the mainly security-focused audience, about two-thirds of respondents suggested that cybersecurity is both an enabler and a hindrance.
The range of responses from panelists had a common threat of a customer-centric view of the organization. To remain persistently relevant to customers, organizations must innovate to meet and exceed demands. At the same time, to remain trusted by customers, organizations must protect customer data and maintain the reputation of the enterprise.
Recommendations from the panel included:
As a security function, we must be on board with enterprise expectations when it comes to the pace of digital transformation projects and "get on with it"
The business must appreciate the need for "security first" and incorporate security requirements into the project from the outset.
An agile methodology with embedded security practices can support delivery at pace.
Presence and confidence, and knowing organizational expectations, can enable faster decision-making on security issues in digital transformation projects.
An organization-wide approach to security is important to enable security to be "baked" into the culture of the business.
The maturity of organizational security culture was also the subject of discussion. The panelists said that moving beyond education and awareness training is key to improving security behaviors and culture across the enterprise. This resonates with Ovum’s view that positive security behaviors must be reinforced with an ongoing security awareness program, rather than delivered as a one-off training exercise (often for compliance purposes).
Ultimately, security is an essential component of digital transformation projects. The combination of innovation to support customers and a security-positive culture (within the organization and extending to its partners and suppliers) can drive security at the speed of business.
"Digital transformation must address security", IT0003-000088 (March 2018)
Business-Driven Security for Enterprise Protection and Compliance, INT003-000115 (April 2018)
Maxine Holt, Research Director, Infrastructure Solutions