Digital security: from a burden to value creation
In 2018, $1.3 trillion was invested into digital transformation, clearly indicating the priority placed on this important activity. It impacts customer experience, supply chains, workforce management and of course, overall company performance. Digital transformation also impacts the outcomes of business and technology, affecting data, processes and organizational structures.
Digital transformation innovations promise, and in many cases have delivered, improved experiences and business value. A major US home goods retailer was able to orchestrate supply chains to fulfill customer preferences and needs in real-time. A global toy manufacturer’s record revenue was directly attributable to their data-driven marketing strategy. The COVID-19 pandemic forced the adoption of many new ways of interacting, delivering and consuming services — such as remote work, telehealth, online entertainment and media streaming, and equipment maintenance.
Persistent threat ecosystem
Digital transformation and its touted benefits are overshadowed by persistent digital threats. The 2020 SolarWinds attack was one of the first prominent attacks to be labeled as a supply chain attack. Ransomware plagues enterprises, with one causing a massive pipeline outage in the Eastern US in May 2021. COVID-19 revealed vulnerabilities involved in working and delivering services remotely. Even as digital transformation solves new business challenges, enterprises must be aware that without deliberate consideration, digital transformation cannot address these threat vectors.
Digital security must do better than built-in
Of course, the reactive conclusion is that cybersecurity must be integral to digital transformation. In fact, many cybersecurity professionals have touted the build-in versus bolt-on approach as a mantra. However, it is also important to know that to realize truly valuable security, its implementation must go beyond simply being built-in. This means that digital security professionals — architects, consultants, CISOs and engineers — must consider how security impacts business performance, and not just the effectiveness of their security processes and tools.
Realizing new value from digital security
The value that digital security creates can come in many forms. It can mean cost savings generated by a well-operated digital security program. Robust security analytics can also identify, in financial terms, the value of avoiding incidents (and the associated losses and clean-up costs). However, there are ways for security to create value for digital transformation beyond savings, several of which are presented below:
Identity and access management (IAM)
There is value in identity, beyond access control for digital security. Strong authentication methods can increase the reliability — and value — of data. Enhanced identity proofing, multi-factor authentication and cryptography can improve data quality, ensure correct personalization, and provide the data essential for artificial intelligence (AI).
Well-configured encryption protects data at rest and in motion, and supports trust and utility among value chain partners. While there are many methods for managing security in partnerships (such as trusted execution environments, contractual management and third-party audits), encryption provides a mathematically resilient method for ensuring trust at the speed of processing and transmission. Mergers and acquisitions, electronic health record processing and intelligence sharing are business cases that can benefit from the speed and security that encryption can afford, even before the era of fully homomorphic encryption!
Data governance tools are designed to discover, classify and collect “lost” data (i.e., data long forgotten in file storage, clouds and digital mailboxes), providing value through reducing exposure. However, data governance can also help organizations discover hidden value in their misplaced data, much in the same way one might find missing treasure in their attic.
These are a few examples showing some of the major enabling technologies of digital security that are worth exploring in their own right. However, the reader is encouraged to explore all domains for opportunities to identify intersections between digital security and value creation.
Atos has extensive capabilities in the security technologies described above. Our experience and capabilities inform our viewpoints and approaches to these problems. Additionally, Atos experts in business, technology, process development and change management routinely bring up these topics during client delivery and in internal forums like the Atos Expert Community and Scientific Community.
A digital security value analysis is a worthy investment
As companies pursue digital transformation, they must understand that digital security creates value, protects the enterprise and manages security costs. Accordingly, a digital security value analysis should be part of the business architecture process. At a minimum, it will ensure that security is built-in to your digital transformation. However, it may also bring to light innovative new ways to enhance the value of your business.
About the author
Head of Cloud and Innovation, Global Digital Security Consulting, Atos
Dan Schaupner has been with Atos since 2017 and brings two decades of experience to his leadership of consulting activities. Previously, Dan was CTO at a Washington DC risk management firm, advising the U.S. government on cloud security (FedRAMP/Trusted Internet Connection). During his career, Dan has advised business and technical leadership in many industries including finance, healthcare, higher-education, manufacturing, and others. Dan is a graduate of the Atos Gold for Technology Leaders program, member of the Atos expert community, and provides mentorship to the Atos FUEL program for emerging professionals. Dan holds an MBA from Virginia Tech, an Engineering Bachelor’s degree from the University of Michigan, and CISSP and CISM certifications.
Interested in next publications?
Register to our newsletter and receive a notification when there are new articles.