Be honest about digital transformation; it’s a risky business - BT Security CEO

The risks are big, but the opportunities are even bigger; that’s why only the bravest are making the most of the digital economy to date.

Digital transformation has been used so often, by so many people, the phrase itself has almost lost all meaning. And this is perhaps one of the problems organizations are facing today; the overuse of the phrase has meant people do not have a clear enough understanding of what it encompasses. It has become generic, transparent and glorified, but the underlying meaning has been lost.

This problem could also be seen at the CloudSec 2017 conference in the opening address. It was a happy, cuddly, ‘we all in this together’ type of presentation. It rehashed rhetoric which has been used countless times over the last couple of years, said nothing new and made security appear as a redundant topic. It was very confidently presented, but the substance had the same depth as a worm’s grave.

But then BT hit the stage and said something sensible, which might not have hit home for a lot of people.

“Digital transformation is something which presents more risk,” said BT Security CEO, Mark Hughes. “But, the opportunities are bigger, and it is a force for good.”

It seems obvious to state, but sometimes it is important to state the obvious. Digital transformation is a new idea, it present new challenges and therefore new threats to the organization.

Perhaps those reading this article should ask two questions. Number one, am I attempting to change the way my business operates to take advantage of the digital economy? Is my security team made of the same personnel and processes as it was five years ago? If the answer to both of these questions is yes, there could be quite a problem.

“What have we got to get better at?” said Hughes. “Understanding the threats and translating that into risk. In the past, we have been reliant on perimeters but that has changed forever. We have to take our thinking more upstream and become better at addressing the risk associated with cloud computing.”

In bygone years, the organization has a had perimeter to protect the network. It was fixed, it was dependable, it was secure. But part of the digital transformation trends is moving your business to you customer, your employees and your partners. It means opening up the perimeter and intentionally stretching resources. For every point you touch a customer in the digital world, you essentially create a weakened point in the perimeter.

In this light, digital transformation is for the brave. You are essentially opening yourself up to attack in search of greater bounties. For Hughes, this is not a bad thing, but involves a different approach in how security is addressed. Strategies need to be more forward thinking and accepting there will be compromises at some point.

Perhaps this is the reason some have not got digital transformation yet. They aren’t willing to change the fundamentals of security, therefore are not able to undertake different threats. Considering threats isn’t necessarily a dangerous task, assuming the risk has been managed appropriately. This is a very different way of thinking, from the fixed perimeter strategies of the past.

As Richard Morrell from Gartner put it in another session “security people aren’t very good at education”, which needs to change very quickly. Thinking needs to change, acceptance of risk needs to change, as well as responsibility and ownership.

So the glories of digital transformation might be as bright as some have promised, but you’ll have to accept it’s a risky game to play.