Practically every enterprise today is focused on its digitisation strategy. However, most people prefer not to look at digitisation’s sister – that is, IT security. This is a fatal error, which can cost life and limb. Only those who look into the eyes of the least beautiful side of digital connection, can turn her into the irresistible Wonder Woman of digital transformation.
What place does digital transformation take in your priority list? Is it right at the top, as with most top managers in Swiss companies? But even when digitisation as itself does not have a high priority, there are hardly any decisions made in an enterprise, in which it does not play some role or other. And if you avail yourself of the opportunities of modern information and communications technology, you should never forget that:
Ralf Schneider, CIO of the insurance group Allianz, has lately given this provocative name to security. He wanted to make it clear to the public of a meeting, that on the one side digitisation open countless business opportunities; on the other, when security is neglected it becomes an existential risk. And according to the experienced IT manager, unfortunately all too many do this: they prefer to look away from any possible dangers, but then they act surprised when risks suddenly appear on their way like a gaping abyss.
But Schneider uses the concept of “sister” to underline yet something else: that is, that digitisation and security are inseparably tied to one another. Without IT security, you cannot have any Industry 4.0, no Internet of Things (IoT), no as-a-Service business models, no seamless partner integration, no working clients, no sharing economy and no worldwide teamwork. Each step in the direction of the digital transformation automatically triggers security questions, which must be answered: whether you like it or not.
It is not just the IT people who should ask themselves these questions. This is top management stuff, since security has to do with the functionality of business-critical processes, with risk management, and with the core compliance duties of the company’s leading management. Data on clients, systems, processes, products and innovation must be protected against unauthorised access and loss. And the latest ransomware attacks, such as WannaCry and Petya, make it very clear that from risk to the abyss the distance is indeed very short.
However, this does not mean that management must dabble themselves in technical and architectural details of IT security. The task of management is to make sure that qualified, specialised personnel adopt the required measures, and that they are provided with the resources they need for the scope. Moreover, company leaders must also define which assets are critical and need special protection. They must define the maximum tolerable downtimes for each process, and which data may not under any circumstance end up in the wrong hands.
These challenges are far from trivial; instead, they require the development of a comprehensive security concept, capable of adapting to ever new situations. In contrast to security in the traditional analogue world, which over the decades has become fully structured, digital security finds itself – in parallel with the digital transformation of the enterprise – in a state of continual transformation. Therefore, the IT security of today must also be multi-layered and flexible. Instead of one single wall, as thick and high as possible, the defence device must be made staggered, so that it can quickly acknowledge dangers, and thus isolate and eradicate them.
There is one further, even more decisive domain of security, on which management has a relevant influence: not only does security require the most modern technologies, it also needs a corresponding corporate culture. Management must be the first to live this culture, and give it the right emphasis. Together with creative innovation spirit, a successful digitisation culture in the enterprise requires a healthy grade of security awareness. This task of management is ever more important, since in spite of all digitisation people remain the highest risk factor.
After all, it’s like in the tales of yore. The sister is only ugly because she is treated as a Cinderella. Give her the attention she deserves, and Cinderella will turn into a princess. In the same way, management can ensure that the “ugly” IT security becomes the irresistible Wonder Woman of the enterprise, who not only fends off all attackers, but lays the foundation for the digital transformation of the enterprise, and creates a lasting confidence in clients.