Through our extensive research via our Feats of Strength publication and our Internal Research Department, K logix has successfully collected trends from over 150 distinguished security leaders in a variety of verticals in the security space. When it comes to the rapidly expanding conversation around digital transformation, here's what CISOs are saying:
Businesses are transforming at a faster pace than ever before and security leaders are recognizing the need for their programs to keep pace.
In the December 2019 Issue of Feats of Strength we interviewed Visionworks CISO Sean Walls. On page 7, he explains, “Our goal is to make the customer experience as smooth and seamless as possible and to maximize customer satisfaction. And my role in this process is to leverage technology to enable the vision, and to ensure we control risk and meet compliance obligations in the process.”
In that same profile, Walls explains that Visionworks is currently undergoing a full-scale digital transformation, something he has an opportunity to be a part of. Walls says they are adopting certain emerging technologies, business analytics tools, as well as migrating some systems to the cloud. This transformation will enable them to be more efficient, competitive, resilient, and nimbler, but also provide visibility into the market, their customers, their performance, and how they can improve their service offerings.
Though the definition of digital transformation varies, it frequently means digitization, moving to the cloud, and investments in innovative technologies.
The June 2018 Feats of Strength issue focused on the top trends and challenges that CISOs face, with digital transformation being a main priority for most security leaders. On page 14, former LinkedIn CISO Cory Scott explains that they've "always been digital. So, what’s interesting now is, what does the next type of digital transformation mean for a company like LinkedIn? I think it’s adoption of additional advanced technologies such as machine learning or AI, determining how those can have an impact on the security of the products that we build and how we can leverage that technology to actually make our products more secure.”
Additionally, in the December 2019 Issue of Feats of Strength on page 14, Mark Ferguson, the former CISO of Honeywell says, “Today businesses are transforming in many ways including digitization and moving to the cloud, something that enables the business to grow, yet security departments aren’t always equipped to keep up.”
While security leaders are aware of and actively tackling digital transformation, many have expressed the challenges and innovations around keeping pace with their rapidly expanding businesses.
Security should be involved in the initial planning of digital transformation in order to reduce risk and ensure minimal impact to the business.
In the June 2018 Feats of Strength issue, former Orbital ATK CISO Mike Raeder explained on page 14 that “It’s a race to keep up with digital transformation and everyone wants to take advantage of benefits from digitizing the enterprise. We, as security technologists, have to work alongside IT peers, like the CIOs and CTOs within our organization, to make sure we are part of the strategic planning at the upfront. Security should be working side by side with enterprise functions from the beginning and not coming after the deployment of digital implementations.”
In regards to involving security early on in the decision-making processes, Visionworks CISO Sean Walls explains in our December 2019 Issue on page 7, “If you own enterprise architecture like I do, then it’s easy because you just change the process so that you inject yourself right at the beginning of every project. This allows enterprise architecture to review all projects to ensure standards are followed, security and compliance requirements are met, and the project aligns with business objectives. If you don’t own enterprise architecture, then I would recommend meeting with the enterprise architecture team to make sure that they have a security architect on staff. If they don’t, offer to let them use your services, if bandwidth permits. Often, enterprise architecture will look at a project and focus on infrastructure, data, and applications, since most think that’s the core of enterprise architecture, but they’re missing a really important aspect, which is security.”
Third party risk management is becoming an increasingly important security function as we dive deeper into transformation.
Meg Anderson, CISO at Principal Financial, stated on page 15 of our June 2018 issue that "ever since the Target breach, regulators have been scrutinizing third party risk management practices. And especially with digital transformation, we’re going to use more and more partners. The expansion of API’s has also made this very critical to get right. We need to know more about who we trust with our data and the data of our customers and employees."
As stated by Rich Licato, CISO at ARC, on page 15 of the same June 2018 issue, "It’s an additional risk exposure because now their security posture is your security posture. Depending on the criticality of the vendor, it’s really what you need to figure out. You must take a risk-based approach in terms of vendor assessments."
It's becoming more apparent to security leaders that it's crucial to have an assessment capability in order to maintain the integrity of your security program and further your transformation efforts.
K logix leverages our deep network of CISO leaders, and broad experience working with customers in all verticals, to deliver relevant, analysis-backed consulting services to our customers. K logix can help your security program have a meaningful impact on digital transformation efforts through strategic business-focused consulting services. Drop us a line for more information on how we can work together to strengthen your program.
Want more? Read our June 2017 and December 2019 issues of Feats of Strength focused on transformation.
Listen to our podcast episode on digital transformation and how to keep up with the rapid pace of technology featuring Kevin DeLange, VP & CISO at IGT.
Subscribe
Stay up to date with cyber security trends and more