Every CEO is working hard and fast with their business and IT leaders to address a digital ‘must do’ list:
- Identify new sources of revenue growth
- Improve customer experience, acquisition and retention
- Increase staff productivity, operational efficiency and asset utilisation
- Reduce operating costs and capital intensity
- Better manage security and risk
There is no time to waste, as established peers ramp up their transformation tempo daily and disruptive upstarts invent new ways to bring you down.
The success of any transformation journey is highly dependent upon its point of departure, and the state your business and team are in as you push off. CEOs are paid to be in a hurry, to satisfy the insatiable demands of impatient owners’ capital. The reward of achieving a successful digital transformation can be huge, and requires the capability to drive relentless change at a blistering pace.
Digital pioneers are creating huge value
For example, US apparel brand Under Armour has credited its booming performance to it’s almost $1 billion investment in technology capability. Chief executive Kevin Plank says before connected fitness became a central pillar of the business, Under Armour could only see retail transaction information on 10 million consumers across physical stores and ecommerce. Now, with fitness apps and wearable technology, Under Armour has direct access to much richer, more intimate data, with customers logging 8 billion foods and 2 billion activities on its apps in a year.
With a deeper understanding of its customers, from using basic information collected like sleep, fitness, activity, nutrition, weight and how they feel, the company has an unparalleled view of their lives and needs.
Sounds fantastic, except perhaps for some of the folks at Nike. However, in this day and age of ongoing cyber-attacks from multiple angles – internal and external, from both criminal and state-based adversaries – Andy Grove’s famous maxim has never been truer: Only the paranoid survive.
Don’t leave security out of your digital equation
All over the world, we have seen cyber adversaries – hacktivists, criminals, hostile nation states – use a range of digital tactics and tools to degrade nuclear capabilities, halt power generation, hijack connected cars, hack massive customer data bases and disrupt critical government business. In response, governments are imposing a deluge of new requirements on businesses and owners of critical infrastructure to better protect their IT and operational networks.
My advice is: don’t risk the success of your digital journey. Start by building rigorous security discipline into the foundations of your digital transformation approach.
If you’re not yet convinced of the need to adopt a security-first approach, read this contemporary equivalent of Nightmare on Elm Street – the 2016 Australian Cyber Security Centre (‘ACSC’) Threat Report – which catalogues the litany of cyber adversaries, threats, incidents and attacks that public and private sector organisations face every day.
CERT Australia, part of the ACSC and main Government point of contact for cyber security issues affecting Australian businesses, reports that between July 2015 and June 2016 it responded to 14,804 incidents, 418 of which involved systems of national interest and critical infrastructure. As CERT Australia relies heavily on the voluntary self-reporting of cyber security incidents, these alarming numbers likely only tell a small portion of the whole cyber horror story.
In fact, 2016 research commissioned by CGI in the UK revealed that over a third of C-suite executives believe a cyber-security breach will affect their organisation in the next 12 months.
Security can enable your digital success
Despite the cyber threats, the CEO ‘must do’ list cannot be ignored. In fact, most organisations are racing to achieve an agile, autonomous, continuous delivery software lifecycle (‘DevOps’) and explore the promise of the Internet of Things, so they can satisfy their rapidly evolving business objectives and customer needs.
This is easier said than done, with security teams often happy in their historical role as blockers of new technology and cyber skills being in very short supply.
To make the ‘DevOps’ approach viable, rigorous security practices must be embedded in enhanced software development and infrastructure deployment processes, enabling your security function to focus on assuring compliance, handling exceptions and staying current on new threat vectors.
Rather than security being the last item on your list of key digital foundations, it must be the first and foremost principle in mind as you address ALL of them. From cloud-first infrastructure, to mobile access and enablement, data analytics and storage, customer experience design, procurement practices and governance mechanisms, security disciplines must be baked-in from the outset, not bolted on.
This transformation of security – security by design – must go to the heart of operational and technology leadership and management, addressing people, culture, processes and the technology itself.