Businesses and organisations are undergoing a digital transformation at a blinding speed. However, the idea of digital transformation differs vastly from one organisation to another, and security professionals must understand that idea properly in order to offer better support, said Ewa Pilat, global CISO at Jaguar Land Rover.
Speaking at an Infosecurity Europe 2019 panel in London, she said digital transformation should never be assessed on the basis of the technology used, but how we use it to initiate processes that make our lives easier. She highlighted the various uses of smartphones via apps as an example.
According to Pilat, the isolated scope of the security function has long ceased to exist. It is now all-pervasive and effective collaboration of all factors involved is crucial for its success. She summed up her ideas of effective implementation of digital security in six points:
Recognise scale and complexity: The security strategy will vary according to organisational needs. One size never fits all.
Ensure top management support: Active support from the top management is a primary and crucial step in implementing security measures effectively. An excellent plan on paper will fall flat without the management’s backing.
Embed security in the creation of ideas: Security should be a part of all business functions and projects from the idea, despite the associated budgetary concerns.
Educate business leaders on security implications: The management and the supervisory board should understand the urgency of security measures and, more importantly, their responsibilities in case of a breach.
Demonstrate the value added to the business: The security department has to show their contribution in financial terms and prove the competitive advantage they give to the business.
Stem shadow security: Learn from the creation of shadow IT systems and its harmful effects on the business. Use simplicity, innovation, speed and collaboration to avoid the creation of shadow security systems.