ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Getting Digital Transformation Right: The Fundamental Three

Getting Digital Transformation Right: The Fundamental Three

Phil Zongo, Head of Cybersecurity, Author and Public Speaker; and Natasha Barnes, CISA, IT Risk and Compliance Consulting Manager
| Posted at 8:59 PM by ISACA News | Category: Risk Management | Permalink | Email this Post | Comments (2)

Phillimon Zongo Natasha BarnesEmerging technologies – such as machine learning, artificial intelligence (AI), blockchain, Internet of Things (IoT), augmented reality, and 3-D printing – are swiftly disrupting several industries. To paraphrase Klaus Schwab, co-founder of the World Economic Forum, these mind-boggling innovations are redefining humanity, pushing the thresholds of lifespan, health, cognition, and capabilities in ways previously considered to be preserves of science fiction.

The possibilities presented by digital transformation are indeed captivating. The uses are as varied as the organizations putting them to use. Sensors attached to jet engines are transmitting signals mid-flight, enabling airlines to promptly detect sub-optimal performance and conduct pre-emptive maintenance, boosting safety and minimizing downtime. Physicians are replicating flesh and bones using 3-D technology to simulate high-risk surgical operations, lifting patients’ confidence and shortening their anaesthesia durations. Meanwhile blockchain – an open source, distributed ledger of everything – is being used to develop self-executing contracts, eliminating record labels and enabling artists to interact directly with consumers, maximizing their ingenuity rewards.

The benefits of digital transformation are unquestionable, but enterprises must manage these programs carefully. Here are three key recommendations:

Drive cultural change
Digital transformation transcends IT – it’s an enterprise-wide matter that requires unwavering commitment from the C-suite to front-line staff. To succeed, enterprises must place cultural change, not technology, at the core of their strategies. This requires eliminating unnecessary barriers to innovation, agility and change that exist within organizations, including breaking down functional silos and revising bureaucratic governance structures. As Jeffrey R. Immelt, CEO of General Electric, said, “You can’t have a transformation without revamping the culture and the established ways of doing things.”

Leadership from the top is essential to establish vision, institute appropriate governance structures and drive cultural change during any major change, and digital transformation is no exception. Executive messages must be clear and consistent, persuading employees that creating a nimbler enterprise that can swiftly respond to market needs is an existential matter; status quo is untenable. This fosters an environment of trust and spurs employee engagement, prerequisites for success.

On the contrary, inconsistent messages fuel doubts, forcing employees to work in silos and resent change. This risk looms large when transformation is perceived as a threat to people’s jobs. Consistent with this view, the majority of respondents to the ISACA’s Digital Transformation Barometer rated AI and public cloud as top candidates to face organizational resistance. While initial reservations about public cloud are waning, migration efforts and radical process changes can pose such organizational challenges.

Embed security
In the race to keep up with competitors, enterprises often have a disproportionate emphasis on the pace of transformation. Often, security and infrastructure considerations are afterthoughts, but such missteps can have lasting business repercussions.

Emerging technologies are exerting enormous pressure on traditional security models. For instance, billions of IoT devices with glaring vulnerabilities are integrating with critical infrastructure, creating numerous backdoors for malefactors to exploit. Cloud is enabling employees to bypass IT governance processes and export volumes of sensitive data to unsanctioned environments, aggravating the enduring shadow IT problem. At the same time, location-based applications collect troves of personal data, raising safety and privacy concerns. Each emerging technology presents new security issues, many of which have not been sufficiently evaluated nor understood.

To thrive, businesses need to make security an inescapable facet of digital transformation programs, considering implications early during business case evaluations. Enterprises also must have a nuanced understanding of each technology, carefully balancing pace of adoption, security and convenience.  Traditional one-size-fits-all models don’t cut it anymore. Securing an implanted cardiac pacemaker that can resuscitate a faltering heart, for example, requires more rigor when compared to securing a wearable device that tracks steps.

As this revolution unfolds, several jurisdictions are also tightening privacy laws. For instance, the EU’s General Data Protection Regulation (GDPR) will impose fines up to $20M EUR or up to 4% of the annual worldwide turnover, whichever is greater. Businesses must have a strong grasp of applicable privacy laws to ensure compliance and retain customers’ trust.

Consider the impact of legacy applications
As digitization gains pace, several enterprises are finding themselves saddled by jumbles of complex, aged and proprietary applications, referred to as “legacy spaghetti.” Several of these decades-old digital workhorses have developed a reputation for reliability and still underpin vital operations. But they can also be daunting obstacles to digital transformation. Specifically, they are not designed to handle the flexibility, speed and performance demanded by today’s digital enterprise. Furthermore, they don’t have well-defined interfaces, sufficient documentation and available subject matter experts.

To manage this risk, business leaders should ask the following questions:

  • Which legacy applications can be cost-effectively modernized as part of the transformation program?
  • Which applications must remain untouched to mitigate risks to the stability of core operations?
  • Which skillsets are required to seamlessly integrate novel applications with existing infrastructure and support mission-critical applications that cannot be feasibly decommissioned?

An effective digital transformation strategy, therefore, carefully balances the need to rejuvenate customer experiences with the steadiness of core processes. None of these can be dealt with in isolation.

Looking ahead
This wave of digital transformation calls for enterprises to deeply rethink their strategies. Those that stick their heads in the sand may soon be irrelevant to their customers. 

About the authors
Phil Zongo is a head of cyber security for an Australian investment management firm. He is the 2016-17 winner of the ISACA’s Michael Cangemi Best Book/Article Award, a global award that recognizes individuals for major contributions to publications in the field of IS audit, control and/or security. Phil has more than 13 years of technology risk consulting experience, advising executives on how to manage critical risk in complex technology transformation programs across multiple industries.

Natasha Barnes, CISA, is a manager with a global consulting firm, based in the Washington D.C. metro area. She has provided IT risk and compliance consulting services within both public and private sectors for more than seven years. Natasha helps her clients to optimize their control environments and address evolving cyber security challenges. Natasha is also a member of ISACA and a career coach with Careerly, where she mentors aspiring cyber security professionals by providing students with practical guidance to make informed career decisions.

Comments

Re: Getting Digital Transformation Right: The Fundamental Three

Interesting and insightful write up.
Ololade Olabode Ifeoluwa at 11/15/2017 5:39 PM

Thank you for your feeback

Thank you Ololade for your kind and valuable feedback, greatly appreciated
Phillimon169 at 11/15/2017 9:03 PM
You must be logged in and a member to post a comment to this blog.
Email