Other Blogs
There are no items in this list.
Knowledge & Insights > ISACA Now > Categories
What is Driving Growth for AR/VR?

Kris KoloGartner’s recent list of top tech trends for 2019 included immersive experiences, which they described as follows:

“Conversational platforms are changing the way in which people interact with the digital world. Virtual reality (VR), augmented reality (AR) and mixed reality (MR) are changing the way in which people perceive the digital world. This combined shift in perception and interaction models leads to the future immersive user experience."

Below, I explore some of the anticipated themes related to VR/AR that will play a role in the coming year and beyond:

• Global AR & VR product revenues are expected to grow from US $3.8 billion in 2017 to US $56.4 billion in 2022, a 71 percent compound annual growth rate. This includes enterprise and consumer segments (ARtillry Intelligence).

  • In VR, consumer revenue will eclipse enterprise revenue by a 3:1 ratio in 2022. Standalone VR like Oculus Go will accelerate consumer adoption.
  • Head-worn AR will find a home with consumers. However, its specs and stylistic realities inhibit several consumer use cases in the near term. Apple’s potential 2021-2022 introduction of smart glasses will shift AR’s momentum and revenue share toward consumer spending.
  • By 2022, enterprise AR’s revenue dominance over consumer AR will decelerate as smart glasses begin to penetrate consumer markets. Until then, mobile will dominate consumer AR, with most revenue derived from software as opposed to hardware (smartphone sales aren't counted).

• The patterns of investment and development in the different sectors in which VR/AR are applicable – or potentially applicable –  show the increasing applicability of this technology beyond the games and entertainment fields that saw its birth in the 1990s; 38 percent of respondents, for example, believe VR growth in the enterprise sector has been “strong” or “very strong” for example, with an equivalent figure of 43 percent for AR (The XR Industry Survey 2018).

  • Education is the enterprise sector that has been prioritizing VR/AR the most, and is the most competitive, despite the fact that it traditionally has had much less spending power than industry. Of respondents who reported that they are already using XR technologies, 23 percent were in the education sector.
  • Architecture/engineering/construction was a close second at 18 percent. Healthcare is quite low on the list despite the obvious VR/AR potential in diagnosis and therapy, with just 7 percent of those using this technology coming from the healthcare sector.
  • Industry expectations are that AR will blossom in the mainstream before VR does, in part because of the availability of open content development platforms like ARCore and ARKit, which have no VR counterparts.
  • Many industries see benefits in the long term from combining VR and AR. VR’s superior ability to create a fully immersive environment currently gives it the edge in training and educational applications.
  • Sixty-two percent of service organizations say that AR is providing measurable value for service in the following ways: better knowledge transfer among employees, increased employee efficiency onsite, improved first-time fix rates, and fewer truck rolls (IDC / PTC).
Building Cyber Resilience Through a Risk-Based Approach

E. Doug Grindstaff For many organizations to have an effective cyber culture, they must also have a mature cyber culture. A recent cybersecurity culture study conducted by ISACA and CMMI Institute found that only 5 percent of organizations believe no gap exists between their current and desired cybersecurity culture. A full third see a significant gap. That’s why I found it so valuable to sit down with cybersecurity leaders across the public, private and non-profit sectors to have a discussion in the UK last week about cyber maturity, what it means to people and how we can help organizations value being more prepared.

The general consensus at our session, “The Future of Cyber Maturity and Benchmarking,” was that our work must start at the top with the board. We must be speaking in terms the boards will understand and getting boards to value cybersecurity as a business enterprise risk issue that must be managed as such. This hasn’t happened yet to the degree it needs to. The cybersecurity culture study confirms this feedback in that 58 percent of respondents cited a corresponding lack of a clear management plan or KPIs.

Another key word involved in maturity is resilience. No organization is ever completely bulletproof from an attack. The idea is to train and plan thoroughly, ensure that the organization as a whole is as prepared as possible, and if/when an attack happens, is in a position to respond to the attack efficiently and effectively. That’s a resilient organization and the best we can ask for when it comes to cyber crime.

As organizations become more resilient, they must honor the need to effectively manage risk. The risk equation includes workforce readiness, security operations and capability maturity. Your workforce must be thoroughly trained to understand the risk at all levels.

The group was heavily focused on moving away from the old way of managing risk. Risk is not managing compliance or a checklist. It is truly about building resilience through a risk-based approach.

A quality maturity model looks at people, processes and technology, and takes all these elements into consideration. However, the discussion was largely around the workforce readiness and how to motivate people to do what needs to be done. Asking the right questions as technology leaders is a start. Are we doing the right things? Are we doing them well? How can we ensure the board is informed and engaged, and that we are focused on areas of greatest risk?

As technology leaders and assurance professionals, we discussed the need to be ahead of the curve, implementing cybersecurity as a business imperative, rather than waiting for an accident and reacting at that time. An organization must know its risk appetite and its risk posture.

All of this counsel goes for organizations of any size and at all places within the organization. We discussed the importance of supply chains, micro businesses and small and medium enterprises (SMEs) having special considerations as they build capabilities. SMEs do often have a much smaller staff to work with, but the responsibility to manage the risk remains the same, thus making a focused and strategic approach all the more important.

A mature organization is one that has truly examined its risk and understands it from the top down, with buy-in to protect the organization from each and every employee. I look forward to continuing this important discussion.

Data Security and Access to Voters’ Personal Data by Political Parties: An EU Case Study

Laszlo DelleiEditor’s note: The ISACA Now blog is featuring a series of posts on the topic of election data integrity. ISACA Now previously published a US perspective and UK perspective on the topic. Today, we publish a post from Laszlo Dellei, providing an EU perspective.

Brexit and the 2016 US presidential election showed that microtargeting voters to deliver them certain political messages may gradually alter voters’ decisions. While less publicized, concerns related to election data integrity also exist throughout the EU. The European Parliament has conducted several public hearings on this topic and the Commission is supporting Member States to secure their local and national elections, as well as their citizens’ participation in EU elections.

The Commission recently published a communication on free and fair European elections, which outlines all the efforts made by the institutions to make sure that the upcoming EU elections in 2019 will be held democratically. The EU’s strategy is to combine data protection, cybersecurity, cooperation, transparency, and appropriate sanctions.

For instance, the Commission proposes introducing financial penalties of 5 percent of the annual budget of the European party or political foundation concerned if they infringe the data protection rules in an attempt to influence the outcome of elections to the European Parliament.

Another key aspect of this strategy is the implementation of General Data Protection Regulation (GDPR) equipped to help prevent and address unlawful use of personal data. Therefore, the Commission prepared specific guidance to highlight the data protection obligations of relevance in the electoral context.

In parallel, the Commission published recommendations to enhance the efficient conduct of the 2019 EU elections. Key points are as follows:

  • The EU encourages Member States to establish and support a national elections network to ensure cooperation in connected fields (such as data protection authorities, media regulators, cybersecurity authorities, law enforcement etc.).
  • It is also recommended to encourage and facilitate the transparency of paid online political advertisements and communications.
  • Member States should also take appropriate and proportionate technical and organizational measures to manage the risks posed to the security of network and information systems used for the organization of elections.
  • Member States are encouraged to set up awareness-raising activities aimed at increasing the transparency of elections and building trust in the electoral processes.

Sources of voter data in Hungary
In my country, Hungary, the relevant regulations and practices may reveal certain risks and problems in this respect. Current rules providing protection of voters’ personal data, especially provisions governing integrity and security of such information, will be revised.

During microtargeting, information may be used to deliver political messages to the recipients. In addition to the name and political preferences of the data subject, the processing of physical or email addresses and mobile phone numbers are necessary for the intended targeting. In this regard, Hungarian legislation provides several opportunities for the political parties to access voters’ personal data.

Among the legal sources, information provided to the parties by the election offices is of paramount importance. Candidates and nominating organizations (mostly political parties) may request the names and addresses of voters in the voter register from the relevant electoral office for campaign purposes. The information may be provided by age, gender, or address of the data subjects. Although these data do not contain information on the voters’ political opinion or party affiliation, the data may be used to obtain additional information for the purposes of microtargeting.

Secondly, political parties usually communicate with their supporters via various methods including physical or email addresses, land or mobile phone numbers, etc. The sources of this information may vary. It may be collected from the data subject at a campaign rally or other events organized by the party. Supporters may provide the party with their contact details when – for instance – they sign an initiative for a referendum, or when they support another political action with their signature. During the elections, political parties may also use this data for campaign purposes.

The main risk concerning the processing of personal data of voters by political parties arises from the lack of comprehensive legislation and effective supervision. The current regulation concerning electoral procedure predates the GDPR and the 2016 events (Brexit and the election in the US). Furthermore, there is no specific legislation concerning political campaign activities; only the provisions of the Privacy Act of 2011 had previously been applied. Therefore, the relevant laws do not focus on the possibility of microtargeting and thus the importance of integrity and safety of voters’ personal data.

Conclusions
Given the global events of recent years, the focus on the integrity and security of voters’ personal data will be a priority from a legislative standpoint as well as from the point-of-view of the relevant actors in the EU and around the world. The lack of regulation and effective supervision in this regard may lead to serious consequences that could harm democracy and erode society’s trust in its institutions.

Although the GDPR and the Privacy Act provide for a wider protection for data subjects, and thus for voters, it is necessary to adopt such regulations that define certain technological requirements and other safeguards to prevent misuse and to provide integrity of voters’ data.

Author’s note: Laszlo Dellei is an experienced, certified and internationally recognized InfoSec, Cybersecurity, Security, Privacy and ITSM professional, with a multidisciplinary background. Laszlo received his B.S. degree in Information Technology from the Dennis Gabor College and the MBA in Information Management specialized in Security from the Metropolitan University. Furthermore, Laszlo proudly holds, among others, the following internationally recognized credentials: C|CISO, CISA, CGEIT, CRISC, ITIL and ISO27001. Laszlo is dealing with the referred disciplines for almost 15 years. As the CEO of Kerubiel Kft, besides management tasks, he also is responsible for high‐priority operations in the following domains: Physical Security, Environmental Security, Cyber and Information Security. Laszlo also is a registered and active security expert of the European Commission. Furthermore, he is a member of the Hungarian Chamber of Judicial Experts, Gold Member of ISACA, member of the EC‐ Council, and member of John von Neumann Computer Society.

Transparent Use of Personal Data Critical to Election Integrity in UK

Mike HughesEditor’s note: The ISACA Now blog is featuring a series of posts on the topic of election data integrity. ISACA Now previously published a US perspective on the topic. Today, we publish a post from Mike Hughes, providing a UK perspective.

In some ways, the UK has less to worry about when it comes to protecting the integrity of election data and outcomes than some of its international counterparts. The UK election process is well-established and proven over may years (well centuries), and therefore UK elections are generally conducted in a very basic manner. Before an election, voters receive a poll card indicating the location where they should go to vote. On polling day, voters enter the location, provide their name and address, and are presenting with a voting slip. They take this slip, enter the voting booth, pick up a pencil and put a cross in the box next to their candidate of choice. Voters then deposit this paper slip in an opaque box to be counted once polls are closed in the evening.

Pretty simple (and old-fashioned). Yet, despite the UK’s relatively straightforward election procedures, the Political Studies Association reported in 2016 that the UK rated poorly in election integrity relative to several other established democracies in Western Europe and beyond. More recently, there are strong suspicions that social media has been used to spread false information to manipulate political opinion and, therefore, election results. Consider that one of the biggest examples is the Cambridge Analytica data misuse scandal that has roiled both sides of the Atlantic, and it is fair to say that the matter of election integrity has only become more of a top-of-mind concern in the UK since that 2016 report, especially during the campaigning phase.

Rightfully so, steps are being taken to provide the public greater peace of mind that campaigns and elections are being conducted fairly. In 2017, the Information Commissioner launched a formal inquiry into political parties’ use of data analytics to target voters amid concerns that Britons’ privacy was being jeopardized by new campaign tactics. The inquiry has since broadened and become the largest investigation of its type by any Data Protection Authority, involving social media online platforms, data brokers, analytics firms, academic institutions, political parties and campaign groups. A key strand of the investigation centers on the link between Cambridge Analytica, its parent company, SCL Elections Limited, and Aggregate IQ, and involves allegations that data, obtained from Facebook, may have been misused by both sides in the UK referendum on membership of the EU, as well as to target voters during the 2016 United States presidential election process.

The investigation remains ongoing, but the Information Commissioner needed to meet her commitment to provide Parliament’s Digital Culture Media and Sport Select Committee with an update on the investigation for the purposes of informing their work on the “Fake News” inquiry before the summer recess. A separate report, “Democracy Disrupted? Personal Information and Political Influence”, has been published, covering the policy recommendations from the investigation. This includes an emphasis on the need for political campaigns to use personal data lawfully and transparently.

Social media powers also should draw upon their considerable resources to become part of the solution. Facebook, Google and Twitter have indicated they will ensure that campaigns that pay to place political adverts with them will have to include labels showing who has paid for them. They also say that they plan to publish their own online databases of the political adverts that they have been paid to run. These will include information such as the targeting, actual reach and amount spent on those adverts. These social media giants are aiming to publish their databases in time for the November 2018 mid-term elections in the US, and Facebook has said it aims to publish similar data ahead of the local elections in England and Northern Ireland in May 2019.

All of these considerations are unfolding in an era when the General Data Protection Regulation has trained a bright spotlight on how enterprises are leveraging personal data. As a society, we have come to understand that while the big data era presents many unprecedented opportunities for individuals and organizations, the related privacy, security and ethical implications must be kept at the forefront of our policies and procedures.

As I stated at the start of this article, the UK’s election system is a well-proven, paper-based process that has changed very little over many, many years. One thing is certain: sometime in the not-too-distant future, our paper-based system will disappear and be replaced by a digital system. There will then be a need for a highly trusted digital solution that provides a high level of confidence that the system cannot be tampered with or manipulated. These systems aren’t there yet, but technologies such as blockchain may be the start of the answer. Technology-driven capabilities will continue to evolve, but our commitment to integrity at the polls must remain steadfast.

Concerted Effort Needed to Assure Data Integrity in Electoral Process

Rob ClydeEditor’s note: A recent ISACA survey found that 85 percent of technology professionals worldwide (and 86 percent in the US) are concerned about the ability of the public sector to conduct secure, reliable and accurate elections. ISACA board chair Rob Clyde explores the topic of election data integrity in more detail below.

The motivations of cybercriminals are as diverse as their forms of attacks. Many cybercriminals are after money, naturally, but plenty of other incentives exist, including the allure of exerting power and influence. Unfortunately, one of the most impactful ways to do so involves tampering with the integrity of elections, a rising concern in the United States and around the world.

While election security is not a new topic, it took on increased prominence in the US in the aftermath of the 2016 presidential election and has prominently surfaced again in the build-up to November’s midterm elections. Although allegations of nation-state interference in the US election process has commanded much of the media attention, protecting the overall data integrity of elections is a much more encompassing issue than any attempt by a nation-state to influence a particular election cycle or campaign. Working to enhance the reliability of the information systems and technology that assures data integrity in the electoral process will be an ongoing challenge requiring bipartisan attention and support from leaders at all levels of the government.

Encouragingly, this challenge is clearly on the radar of US elected officials, with a bill to establish the National Commission on the Cybersecurity of United States Election Systems and the Secure Elections Act among the efforts to drive toward solutions. A recently formed Task Force on Election Security, composed of members of the Homeland Security Committee and House Administration Committee, allowed for members from both committees to interact with election stakeholders, as well as cybersecurity and election infrastructure experts, to analyze the effectiveness of the US election system. The task force produced a final report and future recommendations, with the goal of maintaining free, fair and secure elections.

While the attention on this topic in Washington, D.C., is an important starting point, there must be extensive collaboration between federal agencies and the state officials who are charged with direct oversight of elections. Many state officials face the massive undertaking of securing elections with small IT staffs and few cybersecurity professionals on their teams. Given the high stakes involved and the growing complexities of the threat landscape, election systems require more dedicated resources to ensure the appropriate people, processes and technology are in place to stave off threats to election data integrity, whether intentional or otherwise. The federal government must provide the funding so that states are able to update vulnerable voting machines and modernize their IT infrastructures. Federal funding allowing for the training of election officials and poll workers about cyber risks would be another worthwhile investment. Further, since elections are generally run at the state level, states and federal agencies need to increase coordination to allow for real-time notifications of security breaches and threats. This could also present an opportunity for the government to tap into the capabilities of the private sector to strengthen election security.

Additionally, as the task force recommended, states should conduct post-election audits in order to ensure the election was not compromised, as well as identify and limit future risks. The implementation of post-election audits is an immediate step the government can take to limit future vulnerabilities while also strengthening public trust in the process – an important consideration that should not be overlooked.

One intriguing longer-term solution for election data integrity is the deployment of blockchain technology. Blockchain is now being embraced by many different sectors and agencies, and was recently used in West Virginia for absentee voting leading up to the midterms. Blockchain has the ability to secure a permanent record that is timestamped and signed, and can therefore not be altered in any way. Developing this cyberattack-resilient database could prove to be a critical step toward mitigating any potential manipulation or voting fraud.

While audit, governance, risk and information/cyber security professionals are charged with many important responsibilities, helping to solidify the data integrity of elections is among the most vital. In the US and around the world, fair and trustworthy elections are an indispensable component of free societies. Losing trust in the outcomes of elections would lead to a level of discord that would have a profoundly destabilizing impact. The events of the past few years have reinforced that protecting the integrity of the electoral system in this new era will require a significant investment in attention and resources. So be it. The alternative, taking our election security for granted, no longer is a viable path.

Deployment of Emerging Technology in FinTech

Mahmoud AbouelhassanFighting poverty and achieving a high economic growth rate are two key priorities for developing countries.

Achieving both of these goals is reliant on financial inclusion. Developing a national digital transformation strategy that focuses on transforming the traditional economy to a digitized economy is the best way to accelerate the run rate in achieving this end goal. 

The journey to financial inclusion is reliant on fintechs; disruptors in the financial sector, driving innovative transformation and changing the way financial services are delivered, the medium of transactions and the approach to business analysis.

Unlike traditional financial services firms, fintechs are not tied by legacy systems which can delay progress: they can move faster toward new and innovative services by adopting new technologies and redefining standards and expectations within the industry. Fintechs can quickly deploy emerging technologies like blockchain, artificial intelligence and machine learning – technologies that will fundamentally change the world of financial services. PWC UK notes that already “Some large financial institutions are also relying on blockchain for internal transactions between territories, effectively reducing the internal cost of moving money.”

Rapid development in consumer technologies also means customers’ expectations have grown and they now expect a level of personalization and customization which can only be addressed through automation and keeping up with the pace of emerging technologies. Further, these technologies can be used to streamline customer service through the use of chatbots and automated tools. Electronic payments, biometric-enabled authentication and blockchain for digital transactions will all improve security and reduce fraud while increasing customer satisfaction – making them core to new financial services solutions.

Artificial intelligence and machine learning in particular have the ability to improve fraud detection and reduce the need for human oversight by up to 50%. Financial Fraud Action UK (FFA UK) stated this year that fraud costs the UK £2 million every day (according to 2016 figures), and experts expect to see costs reaching $32 billion yearly on online credit card fraud alone by 2020. Artificial intelligence can play a key part in detecting this, automating the process and reducing occurrences by following different approaches like oversampling, undersampling, and combined class methods.

Governments and banks are already seeing the benefits of these emerging technologies. There are two particular examples where their deployment is lowering the cost of financial transactions. In April 2018, the National Bank of Egypt announced that it has joined a large initiative focusing on the research and application of blockchain, with R3. More than 200 banks and international companies have joined this initiative.

By 2021, Dubai will be using blockchain technology for more than 50% of financial transactions, expecting to save 11 billion AED by doing so. When announcing its blockchain strategy, Dubai predicted a 300 million dollar blockchain market across the financial sector, healthcare, transportation, urban planning, smart energy, digital commerce, and tourism.

Emerging technologies readiness
The Emerging Technologies Readiness Survey, published in Egypt during August 2018 by my team, collected the responses of 91 executives from different sectors across technology, banking and fintech. The results show that almost 74% are already using emerging technologies, with almost 29% using big data, 18% machine learning, 17% artificial Intelligence, and almost 8% are using blockchain.

Figure 1: Emerging Technologies Readiness Survey

The main driver behind adopting emerging technologies was business improvements, with 62% of respondents using emerging technologies citing this.

Figure 2: Emerging Technologies Readiness Survey

Half of respondents said their companies measured the ROI after using these technologies, but a surprising 32% do not measure the ROI and almost 18% were unsure whether their company does or does not.

Figure 3: Emerging Technologies Readiness Survey

Almost 70% of respondents whose companies were yet to adopt emerging technologies in their business stated that they have plans to deploy one or more within the next five years.

Figure 4: Emerging Technologies Readiness Survey

When asked which emerging technologies they were most interested in deploying, almost 34% of respondents said they would consider blockchain, nearly 35% said artificial intelligence, 41% said big data, and nearly 30% said machine learning.

Figure 5: Emerging Technologies Readiness Survey

Embracing emerging technologies for financial inclusion in developing countries
It is clear that emerging technologies will be essential to accelerate the goals of developing countries in achieving high economic growth rates and in driving financial inclusion and a thriving digital economy. Yet, traditional Financial Services firms can’t adopt themselves easily to these emerging technologies because of their legacy systems They can, however, partner with fintechs to get the benefit of emerging technologies deployment and achieve great mutual success.

Fintechs, traditional financial services firms, technology companies and governments need to develop and build digital transformation strategies together – strategies that include a plan of secure emerging technologies deployment and that have a clear vision of how they will maximize the benefits and minimize the risks of these technologies.

Security readiness for emerging technologies
Using emerging technologies is not only beneficial in terms of innovative new financial services, but also improves the security of information systems.

At the same time, emerging technologies such as machine learning and artificial intelligence will increasingly be used for cyber-attacks and many are not yet equipped to withstand these attacks. Two-thirds of respondents to the survey see potential risks from emerging technologies, with almost 59% saying their companies also realize these potential risks. A somewhat smaller 44% said their companies have a risk mitigation plan for emerging technologies.

Figure 6: Emerging Technologies Readiness Survey

Figure 7: Emerging Technologies Readiness Survey

Figure 8: Emerging Technologies Readiness Survey

Despite the concerns around risks, most respondents could see a great opportunity for using emerging technologies to improve the level of information security at their companies, with almost 81% saying they will use emerging technologies for that purpose.

Figure 9: Emerging Technologies Readiness Survey

Editor’s note: Mahmoud Abouelhassan will provide further insights on this topic on 30 October at ISACA’s CSX Europe 2018 conference in London.

Peter Weill: Avoid the ‘Big Bang’ in Digital Transformation

Peter WeillEditor’s note: Peter Weill, senior research scientist and chair of the Center for Information Systems Research (CISR) at the MIT Sloan School of Management, is an award-winning author who focuses on the role, value and governance of digitization in enterprises. Weill, who co-authored What’s Your Digital Business Model? with Stephanie L. Woerner, recently discussed enterprise digital transformation themes with ISACA Now after addressing chapter leaders at ISACA’s Global Leadership Summit in Chicago. The following is a transcript of the interview, edited for length and clarity:

ISACA Now: What are the most important building blocks for organizations in terms of creating a winning digital strategy?
Having a compelling vision to excite customers is the most important factor. There are a whole lot of digital and cultural change capabilities that you need, but you can’t do it without the vision, and then there are a series of building blocks, like Lego blocks, that are your data, your customer experience components, new ways of working, your people innovating, that make it work.

ISACA Now: You emphasize the importance of the customer voice being a driving force in making decisions. What guidance might you have for organizations to ensure that is the case in their decision-making process?
The customer voice is all about how you listen to the customer and then amplify their voice in every decision, in every activity you make. And so, data analytics, real-time connections, mobile connections, sentiment analysis, social media – these are all ways you can amplify the customer’s voice, but then you have to change the culture in an organization to hear it and use it, and that is probably the hardest part.

ISACA Now: Why is understanding life events of customers so valuable and important?
Most companies have made a successful living selling products, but in a world of ubiquitous search, you can search for the lowest product at a certain quality level in seconds. Now customers want to have a broader set of needs met, and one extremely good way of doing that is life events. Some companies use customer journeys – but they are more about how the sequence of meeting life events is enacted. Take a B2B customer – are they entering a new market? Are they doing a merger? Is there a change of CEO? Those all have needs, and there are products and services that need to be connected together to achieve the life event.

ISACA Now: What are some of the common missteps organizations make when it comes to pursuing digital transformation?
The most common misstep is once you have a great vision, to try to do a big bang. In our digital world, with all the new digital tools, we use test and learn. So, you use some lessons from Silicon Valley of MVP (minimum viable product). You try lots of things, you see what works, and once they work, you scale and integrate. That’s a very different way of operating, so that’s one of the biggest problems we see. Another is that companies feel they can do these things all themselves. Digital is a partnering world. So, how do you get better at partnering, sharing information appropriately, and using that collaboration to provide better services?

ISACA Now: Can you elaborate on the concept of a higher-value digital business model? What does that entail?
The average profitability of a supplier model is significantly less than the average profitability of an ecosystem driver model, but a much higher percentage of companies are supplier-dominant models than ecosystems. So, an ecosystem is a much higher value model, but it’s harder to achieve and there is significant consolidation amongst the players.

ISACA Now: From your interactions with boards and executive leadership, what stands out as the toughest types of decisions leaders have to make when it comes to digital transformation?
The most difficult question I hear from senior executives is ‘Do we have the right talent?,’ particularly at the senior leadership team, and we often see quite a high turnover in companies that successfully transform. But also, how do we engage the brains and energy of all the people in the company? It’s not just the senior leaders that have to transform the company; everybody has to. And so how do you engage the whole hearts and minds of everybody, and through that, change the culture from a hierarchical, linear project culture to an agile team, test-and-learn, minimum viable product culture?

ISACA Now: With a forward-looking lens, which new technologies or emerging digital themes do you see as having the biggest impact on reshaping the business landscape?
I’m a big proponent of the future of IoT because I think it will create great customer value, but with it comes all kinds of risks, and the whole cyber question around IoT, I think, is unanswered. AI will help with cyber, and I think one of the great potentials is the use of AI to do cyber analysis. I’m less concerned about the technologies themselves because they’ll change over time, but how do we provide better customer service at lower cost, and how do we avoid a world of the information rich and the information poor? One of the troubling trends we’ve already seen is a disproportionate spread of wealth in many countries, and I would love to see digital technologies create a better future for the next generation so that everybody has access to opportunities and education, and I think ISACA has a role to play in that.

Digital Transformation Brings More Opportunities to Financial Sector

Kris SeeburnEmerging technologies and the pace of innovation are reshaping the banking/financial industry and operating models, while influencing the shape and dynamics of the broader financial services ecosystem.

Banks have adopted new technologies to varying degrees. Most banks use elements of cloud computing, a key technology that reduces the costs of rolling out and scaling the online and mobile banking capabilities that digital era consumers expect. Many institutions also are gradually implementing elements of big data and analytics as well as robotic process automation (RPA) to strengthen controls and reduce costs. Other technologies, such as distributed ledger technology and the Internet of Things (IoT), are only in the early stages of commercialization by banks.

Respondents to ISACA’s 2018 Digital Transformation Barometer identify financial/banking as the industry showing the most leadership in adopting emerging technologies. Banks are undergoing a fundamental transformation resulting from a range of technological innovations. Six technologies are currently most prominent in financial innovation: cloud computing, big data and analytics, artificial intelligence (AI)/machine learning, RPA, distributed ledger technology and the IoT. These technologies are at different stages of maturity, and some have the potential to significantly change the industry in the coming years.

Technology Trends & Game Changers

The questions that pops up is: How rapidly is the pace of change accelerating for financial services industry firms, and how are leaders planning to navigate their firms into the future?

To answer these questions, it’s important to first consider that there are some regional and national differences in competitive market structure, regulatory environments, and the global scale of the industry that influence outcomes. Even though the larger G7 economies (Canada, France, Germany, Italy, Japan, the United States and the United Kingdom) are still dominant, in terms of size (assets) and number of transactions, other countries, especially from the large emerging markets, are catching up steadily as well. The growing, emerging economies have been able to more easily implement modern core technology platforms because of the relative absence of legacy investment and integration with 40-year-old systems often found in firms in the G7.

New technologies are allowing banks to re-examine their business and operating models, and determine which functions and capabilities should be retained internally vs. obtained externally. Banks are able to benefit from technological advances made by other organizations in several key areas (such as customer reporting, risk analytics as a service, blockchain) by entering into strategic partnerships with these entities.

Technological innovations also are enabling banks to virtualize more of their banking operations and shift non-critical functions (for example, managed treasury and cash services, white label call centers) to business partners — allowing firms to increase their focus on core services and improve efficiency, while maintaining robust oversight and controls.

We also need to understand that there is a growing customer expectation of what “great” service looks like that often is shaped by “single best user experiences.” The optionality, transparency and affordability of products and services offered by prominent digital era companies have set a new baseline for banking customers’ expectations of convenience, simplicity and customer engagement.

Further, machine learning and advanced analytics are enhancing risk monitoring, controls and risk mitigation across the banking industry. Banks are able to leverage expanded internal and market data and advanced analytics to better understand key customer and financial transaction related-risk factors.

The shift toward digital platforms allows banks to interact more closely with customers, and quickly design and deliver relevant services. Digitizing end-to-end business processes further enables banks to achieve scale and become more efficient, resilient and transparent. As a result, banks are better able to quickly respond to changing customer needs, market dynamics and regulatory expectations.

Maintaining an appropriate balance in regulating and supervising banks as they innovate is not a new challenge. Key examples of impactful, organic incorporation of technological innovations into banking include, among others, the advent of call centers and the shift from paper to electronic/digital books and records. Banks determine the precise design and use of each technological innovation based on customer needs, opportunities to enhance customer value, compliance with regulatory requirements and supervisory expectations, their business models, risk tolerances and other market factors. Banks rely on their first (business), second (risk management) and third (internal audit) lines of defense to maintain compliance. The banking industry’s long and successful track record of safely implementing technological innovations speaks to the effectiveness of its regulatory engagement model.

Policymakers and regulators continue to actively monitor developments within the banking sector, including those that are technology-related, so that emerging, potential risks are appropriately addressed.

To date, banks have safely implemented many beneficial technologies without adverse repercussions to institutions or the broader financial system. Nevertheless, implementing technological innovations, particularly emerging technologies, will always have some element of risk, given the heuristic nature of innovation and new activities and services.

Going forward, digital transformation has the potential to continue to significantly transform the financial services industry and benefit society. It can replace individual banks’ legacy systems, enhance processes, improve efficiencies and strengthen controls. Digital transformation also can provide opportunities for the creation of new products and services that benefit customers. Ultimately, technological innovations hold great promise for the identification of new customers and the provision of financial services to the unbanked or underbanked community in a safe and sound manner.

AI Factors Heavily into Future of Digital Transformation

Rob ClydeThe second installment of ISACA’s Digital Transformation Barometer research underscores the ascent of artificial intelligence as a technology with growing potential – and how urgently enterprises must rise to the occasion of addressing the related risk and security implications.

In the 2018 Digital Transformation Barometer, global respondents rank AI/machine learning/cognitive technology as the second-most transformative technology for organizations, finishing just behind big data. While big data also was the top choice in the 2017 version of this annual research, the gap between big data and AI shrunk from 18 points to 3, reflecting a growing realization that AI technology is on the verge of profoundly reshaping many aspects of society.

Already, AI and machine learning hold significant sway in our daily lives, ranging from the way our flights are piloted to matters of simple convenience, such as how photographs are tagged on Facebook. Larger impact is on the way. AI and machine learning are being explored to set medical breakthroughs in motion, improve farmers’ crop yields and help law enforcement identify missing people, among a wide range of promising applications on the horizon. As new uses continue to be developed and refined, there will be increased need for enterprises to safely and securely deploy AI. On this front, there is much work to be done.

Only 40 percent of Digital Transformation Barometer respondents express confidence that their organizations can accurately assess the security of systems that are based on AI and machine learning, a statistic that is concerning enough today but will grow considerably more problematic in the near future if enterprises don’t make the needed investments in well-trained staffs capable of putting the needed safeguards in place. As AI evolves – consider the likely proliferation of self-driving vehicles, or AI systems designed to reduce urban traffic – it will become imperative that enterprises can provide assurance that the AI will not take action that puts people in harm’s way.

Contending with malicious uses of AI will be one of the central challenges for our professional community, as a concerning report from a range of global researchers accentuated. The Digital Transformation Barometer research shows that potential instances of social engineering, data poisoning and political propaganda are among the malicious AI attacks that need to be accounted for in the short-term, but even more concerning possibilities loom, such as the activation of autonomous weapons, driving home the urgency of bolstering AI security capabilities. In many cases, the solution to keeping AI in check will be tapping into AI technology that enables security innovations.

Whether thinking about AI or other emerging technologies, practitioners should look for opportunities to expand their knowledge base and explore ways for their enterprises to leverage new technology to connect with customers in new and potentially more impactful ways. More than 4 in 5 respondents (83%) indicate their organizations have no plans to accept cryptocurrency in the future, while the majority of respondents (53%) consider public cloud to be high risk, reflecting mindsets more tethered to the status quo than embracing opportunities to fuel innovation. Not every new technology is the right fit for every organization, but enterprise leaders owe it to their stakeholders to ensure they are actively exploring promising technologies and determining how technology can be securely leveraged to drive the innovation needed to compete in today’s digital economy.

Change is difficult for organizations, which traditionally are structured with stability, rather than innovation, in mind. However, as technology plays an increasingly prominent role in our daily lives, customers increasingly are expecting dynamic, swift-to-market, technology-driven solutions. To be able to deliver, organizations must prioritize investing in the security capabilities needed to enable effective and responsible digital transformation.

Shining a Light on the Biggest Healthcare IT Challenges

Larry AltonHealthcare has experienced significant modernization and is now closely intertwined with IT. But as the industry changes and marketplace demands evolve, new challenges emerge. Understanding how to address these challenges is paramount to the future success of healthcare organizations and their stakeholders.

Five healthcare IT challenges the industry is facing
What used to be a small intersection is now a fully developed relationship. It’s nearly impossible to understand the current or future state of healthcare without looking at IT and the role it is playing.

Even with all of the good things that are happening, there are some challenges, hurdles, and points of friction that must be dealt with and overcome. Let’s highlight a few of the more significant ones you should know about.

1. Data security
Data breaches are, unfortunately, a part of modern life. As more and more data is created and stored online, hackers will continue to go for valuable information. Because of the privacy associated with patient data, healthcare providers are often primary targets.

The challenge moving forward is for organizations to be more protective of their data, without adding unnecessary layers of bureaucracy. Better access control and simplified reporting will play a key role.

2. Network integration issues
On the business side of healthcare, there are plenty of mergers and acquisitions. Unfortunately, they often lead to network integration issues. The biggest challenge involves blind spots.

“Blind spots are areas where IT does not have complete visibility into what is happening on the network or how applications are behaving,” explains Keith Bromley of Ixia. “Mergers between IT systems for any organization, especially healthcare systems, take time. The problem is that patients and doctors do not have time to wait. Electronic medical records (EMR) must be available at all times, for all patients.”

Figuring out a way to smooth over these transitional points and prevent blind spots from occurring will be a key focus in the months and years ahead.

3. Remote patient care
The latest research suggests that 71 percent of all healthcare providers use telehealth or telemedicine tools to connect with patients. Considering that just half of healthcare providers were using telemedicine solutions and services in 2014, this represents a rather steep increase in adoption. The expectation is that close to 100 percent of providers will be using solutions like these by as early as 2021.

But there are still some distinct challenges. One such challenge is the issue of helping patients get the care they need after leaving the direct care of the healthcare provider.

“As a physician, I know that medicine is important to people’s health, but the vast majority of what determines a person’s health is not medicine, it’s the ability to take care of themselves, live well, manage disease, and give care to others outside the doctor’s office,” says Stacy Lindau, MD, who has worked closely with Rush University Medical Center to incorporate the NowPow platform to help them connect with patients after they leave.

The more sophisticated platforms like these become, the more well-rounded patient care will become.

4. HIPAA compliance
Whereas cybersecurity and strict BYOD policies are important for businesses in every industry, issues like these are even more challenging in healthcare. HIPAA laws are very strict on issues like unlawful disclosure of private patient information, and any unintentional mishaps can result in huge fines and significant reputational damage.

Having a plan in place for dealing with ransomware is crucial for healthcare organizations of all sizes. While encryption and backup storage are important, they may not be enough. Organizations that consult with cybersecurity experts specializing in HIPAA laws will see the biggest benefits.

5. Consumerization of medicine
“A big area of interest for healthcare institutions is the consumerization trend in which information is being collected and made available to mobile and web-based devices. For instance, hospitals are now embracing bring your own device (BYOD) for healthcare professionals and support the use of patient accessible Wi-Fi,” Bromley explains.

As consumerization increases, it’ll be important for healthcare organizations to choose the right technologies and use them in the appropriate ways. A failure to invest in the best solutions for the application will bog organizations down and create additional friction that hurts the patient experience (not to mention the practitioner’s experience).

Putting it all together
Healthcare innovation happens at a startling pace. From pharmaceuticals to health procedures, changes are occurring around the clock. From an administrative perspective, however, few areas are more important than successfully managing and governing the technology that enables the innovation. As IT progresses, so will the healthcare industry.

For IT professionals, understanding this relationship will help you get a firmer grasp why certain developments are taking place and what direction the industry is headed in the future.

1 - 10 Next