According to new global research from Dell's Digital Transformation Security Survey, security is often seen as a barrier to digital transformation, therefore brought into the process too late to make a meaningful impact.
Respondents acknowledged that security teams can serve as enablers to help the business adopt digital technologies when included early on in the planning process. Responses were collected from 631 IT decision makers in the UK, the US, Germany, Australia, Belgium, the Netherlands, Luxembourg, Scandinavia and Benelux.
Florian Malecki, international product marketing director at Dell Security told SCmagazineUK.com, “C-level people in an organisation don't always understand the cyber-security risks, however if these types of profiles within the organisation are not aware of the risks associated with emails, with providing internet access, providing access on a tablet, a small phone or a personal laptop, of course they will not ‘get it'.”
“Internal training and internal awareness around the cyber-security factors are important because then that could change the perception of IT security putting a break on innovation. Too often, IT security professionals are saying ‘no' and then you can end up in a shadow IT situation where other departments do the work themselves, which is more dangerous as then IT cannot protect what they're unaware of.”
Nearly all (97 percent) global respondents say that they are investing in digital technologies such as mobile, cloud applications, cloud infrastructures and IoT. In the UK, the figure grew to 98 percent for investment in digital tech.
Only 18 percent say that security has been involved in all of their digital transformation initiatives. Meanwhile, 85 percent feel that security can better enable those initiatives if security teams are included earlier in the project. UK respondents are not as optimistic, as 75 percent feel this way.
Malecki told SC, “IT security professionals must be able to not only pinpoint the security angle of what they're doing but really highlight the business benefits or explain to the business what the benefits of what they're trying to achieve from a security point of view will be.”
“Education is very important so the more that the senior directors, board-level type of people, the CEO or the CFO within the organisation hear more about the security initiatives, the better. It's very important for IT security professionals to promote internally what they do.”
Ninety six percent said that securing digital technologies poses challenges that include lack of resources, risk of a security breach, finding the right balance between security and employee productivity and loss of control. In the UK, 80 percent said the need to increase employee productivity is the driving force behind digital transformation initiative, and 56 percent cited business growth.
Over 90 percent of respondents said the security team can better enable the business if they are provided with more resources. The same figure dropped to 80 percent in the UK.
When asked about specific resources, Malecki commented: “It really depends on the situation of the organisation and whether you could use a service organisation that will help any CISO or CSO to do an audit, make recommendations, identify the gaps, and offer guidance in order to provide support to a smaller organisation. There is a bit of a lack of knowledge when it comes down to IT security professionals. Organisations need to look at what they want to achieve and what they already have today and then reassess.”
Most (89 percent) recognise that digital transformation is happening in their industry, but only 50 percent believe that it's happening in their organisation.
Many (85 percent) say business users tend to avoid engaging with security teams due to concern that their initiatives might be blocked.
To help organisations change the perception of security teams to enablers of digital transformation, Dell offered the following tips and strategies:
- Adopt a mind-set of enablement and rapid time-to-value over customisation. As a new cloud application is brought to the business, work with the business to ensure the application meets business requirements
- Base identity and access decisions on a unified single definition of the truth (role, policy, workflow, authentication, authorisation, etc.).
- Manage and focus identity and access management efforts strategically so security can be a catalyst and not an obstruction, while maintaining the protection intended to deliver.
“Organisations face challenges securing their digital transformations and recognise that their current security measures are exposing the business to risk. Our goal is to provide our customers with solutions that address these needs. When done right, security can enable organisations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and the customer experience. Done right, security also helps CISOs open their own “Department of Yes,” empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward,” said John Milburn, VP and general manager of One Identity Products, Dell Security.