MBA – CISSP - CISM
Head of Digital Innovation Development
Atos Global Digital Security Consulting
Senior Expert, Atos Expert Community
As the Digital Age transforms services, security consultants need to look beyond implicitly protecting these activities and their outcomes through enterprise risk management, compliance, and technology. They must explicitly consider the outcomes as they bring their insights to security consulting. In this article, we will explore the emerging role of the digital security consultant through examples of outcome-based digital strategies, identify challenges that consultants face as the digital environment transforms, and present a high-level perspective for considering security’s relationship to digital service outcomes.
A glance at digital strategies from the governments of three major global economic entities — the United States, the European Union, and the Republic of Korea — reveals that each of their strategies is based on the outcomes for the digital service beneficiary (i.e. the customer, patient, citizen, pension recipient, etc.).
Stated another way, these governments understand that the success of a digital strategy is not measured by the implementation of technology, but rather by success delivery of benefits toindividuals. The infographic below shows indicative statements excerpted directly from the digital strategies of each respective government:
If these digital strategies from major economic powers* focus on beneficial outcomes for consumers of their services, it follows that a digital security consulting approach should also do so.
In their specialized roles, consultants should base the relationship between service outcomes and the underlying infrastructure requirements (including technology and security) on what is needed to support both the customer needs and the business process itself. In other words, consultants must view this relationship not only in terms of technology protection, but also from a business perspective.
The challenge of providing security consulting is that organizational cybersecurity strategies are often focused on compliance, incidents and technological solutions or complications. These considerations are no doubt critical; a failure to address them can threaten the business. However, in the Digital Age, consultants must pursue outcomes beyond these concerns and deliver advisory services accordingly.
Therefore, consultants must also consider how to ensure the digital service beneficiary fully realizes the intent of the service. The consultant’s recommendations must include not only protective measures (such as ensuring solid enterprise monitoring processes for pharmaceutical vendors), but business-relevant ones as well (such as ensuring that fragile COVID vaccines are stored at the required temperatures).
In the context of security, consultants already include individual privacy protection for the service beneficiary. However, Digital Age consultants must provide value beyond just privacy. If consultants do not ensure that the intended benefits are delivered, there may be harm to the individual despite their privacy being protected. Privacy has limited value to the individual if there is a net negative impact on their health, financial security or quality of life because security was not explicitly considered in the digital service.
The Digital Age security consultant must embrace the fact that — depending on the client — they may be in the business of vaccine delivery, pension fund management or decarbonization (as well as other areas not typically considered part of security). This can be difficult to remember as the consultant builds a better vulnerability management process, implements ISO/IEC security standards, or leads an incident response workshop.
While it’s true that in the big picture, each of these activities implicitly supports the service, a Digital Age security consultant must bring value by explicitly relating the security activities to the digital service outcomes. An example that illustrates these relationships is shown below:
Digital service beneficiaries have already experienced and observed the consequences of those services being compromised. There have been multiple instances of COVID websites crashing**, preventing high priority groups from being vaccinated. In the past decade, a leading automobile manufacturer deliberately manipulated emissions monitoring mechanisms to circumvent emissions controls, and the financial services industry still struggles with cyber-based financial securities manipulation.
Atos is rising to the challenge of consulting in the Digital Age. As a global organization, we consider the outcomes of our services and their impact on business, society and the environment. We promote these outcomes as a key company value.
In practice, it means ensuring that Atos employees embrace these values through awareness, orientation and interactive training. Atos internal development programs for emerging talent (such as those for rising management or technology experts) incorporate sustainability and global responsibility into innovation, strategy and leadership curricula. In delivery, Atos is structured to provide services through industry-specific practices (healthcare, manufacturing, financial services, etc.) to ensure our solutions fulfill the expectations of our clients and their stakeholders.
Atos Digital Security Consulting aligns its practices directly with the core values of the organization. The digital consulting team undertakes continuous learning from our clients and their stakeholders, frequently interfaces with industry leaders, and incorporates the values imparted by Atos professional development programs. These practices enable Atos Digital Security Consulting to provide a unique benefit for clients — helping them become the “heroes” for their stakeholders in the Digital Age.
In the Digital Age, successful security consulting requires that the digital service beneficiary fully realizes the value of the service. The fundamentals of security — designing services in accordance with standards, compliance, and day-to-day security activities like incident response — always must be addressed and cannot be supplanted by the emerging digital landscape.
However, to deliver true value in the Digital Age, security consultants must remain mindful of the chief purpose of any digital service — whether it’s healthcare, the environment, financial assurance, or any benefit to the service consumer.
*Note: Although these digital strategies are from governments, they are applicable to the non-governmental landscape as well. The examples provided here serve to illustrate the intent of reputable, large-scale digitalization efforts.
**Note: These crashes may or may not be due to malicious actors. However, they still demonstrate the consequences of unavailable or unreliable digital services — whether due to poor design or harmful intent.
Head of Digital Innovation Development Digital Security Consulting, Atos
Dan Schaupner has been with Atos since 2017 and brings two decades of experience to his leadership of consulting activities. Previously, Dan was CTO at a Washington DC risk management firm, advising the U.S. government on cloud security (FedRAMP/Trusted Internet Connection). During his career, Dan has advised business and technical leadership in many industries including finance, healthcare, higher-education, manufacturing, and others. Dan is a graduate of the Atos Gold for Technology Leaders program, member of the Atos expert community, and provides mentorship to the Atos FUEL program for emerging professionals. Dan holds an MBA from Virginia Tech, an Engineering Bachelor’s degree from the University of Michigan, and CISSP and CISM certifications
Register to our newsletter and receive a notification when there are new articles.