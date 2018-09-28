Digital transformation unlocks numerous potentials and opportunities. (IE)

Transformation today has engulfed both time and space, and it is impacting everyone – individuals, customers, businesses, economies, and nations. With numerous data analytics options freely available for people to utilise, data is processed to create information that in turn serves as a pool of knowledge. While a series of transformations may lead to significant change, the security of company information and privacy of individual data is traversing a journey where the stakeholders don’t know where to start from. It has become increasingly complex to determine if the people, processes or technical investments are good enough to meet the demands of this disruptive era. The threat landscape has also transformed to integrate these three aspects and it is no longer restricted only to the technicalogical path. In fact, the ‘people’ aspect has become more vulnerable through technology applications – social media, mobile devices and the evolving nature of the digital world.

Emerging avenues of threat

The introduction of advanced technologies brings new frontiers to enhance customer experience and optimise the operating costs. However, there could be issues in the complex implementations which can pose a big threat to the entire value chain. These issues usually result from the lack of consideration of risk and security at the design stage. It is believed that a security testing (which is largely limited to technology infrastructure) before ’going live’ is a good assurance on security. The surrounding business processes integrating with the technology environment are not assessed for security and privacy.

Sometimes, due to limited understanding of the technology itself – the digital enablers are configured inadequately from security aspects. This becomes all the more critical when the attackers are more adept and equipped with the publicly available information of these digital

enablers. The increase in digitalisation has given birth to many startups that are manufacturing as well as developing advanced digital enablers. In the race of meeting the high demand of industry, the entire focus is on the business features and not much attention is given to building security controls, and in some cases, if the base platform is on open-source, the likelihood of having a security issue is high. The time spent on calibration of digital enablers such as Robotic Process Automation (RPA) is, at times, not adequate to ensure robust implementation.

While that was more on the technology side of story, it is equally important to secure day-to-day operational processes. The exploitation of business processes may lead to a privacy breach or regulatory non-compliance. The focus of the business process security is privacy and regulatory domains. The processes have human intervention, leading to dependency on the security quotient or awareness levels of the respective employees. Simultaneously, we are also witnessing technology taking over the manual processes and data becoming the most critical aspect of the enterprise.

The ‘inside out’ approach

The flow of an organization’s data through emerging technologies and digital enablers has led to the blurring of the enterprise perimeter. Hence, security is slowly but surely becoming the cornerstone of Digital Transformation. Security strategies have continually evolved over the last decade and organizations have started to focus on enhancing their security practices to adequately monetize this wave of Digital Transformation. Security, at both technology and organizational culture levels, must be addressed to achieve the promised potential. One question that naturally arises is: ‘what is more important from a business standpoint – awareness of the transforming aspects or the measures for security against the ‘unwanted’?

Therefore, it is important to keep a close watch on the data lifecycle and its nuances because the threat landscape is expanding and unforeseen threats could be following your business like shadow. A ‘data driven’ approach to security is more appropriate considering that the boundaries are disappearing with the advent of newer technologies. The authorisation should be aligned to the device and the network from where data is being accessed. When it comes to dealing with digital technologies, even the scope of ‘security’ should be extended to include other risk areas such as operations, third-party, resilience, forensics, etc. Another vital aspect is to have risk management

factored right from ideation to implementation to operations, and not restricting to technical security assessment just before ‘going live’.

Last and the most important aspect is to foster an advanced risk attitude among the people in the ecosystem – employees, contractors and customers from the aspects of both design as well as application of newer technologies. The approach should be such that when digital comes to mind, digital risk should be a key consideration.

Digital transformation unlocks numerous potentials and opportunities. However, there are vulnerabilities and risk factors for the reckoning. Enterprises that wish to be agile and successful need to have ‘risk’ as an integral part of their digital strategies.

The author is Partner at Deloitte India