Steve Lennon

Don’t leave security out of your digital equation

Cyber criminals all over the world are using increasingly sophisticated methods to hack massive customer databases, halt power generation, hijack connected cars and disrupt government and industry. As cyber attacks increase from multiple angles, government regulations also are increasing to require organizations to better secure their IT and operational networks.

At the same time, executives across industries are intensifying their ambitious digital transformation agendas as shared in the CGI Global 1000, seeking to drive new sources of revenue, improve the customer experience, increase operational efficiency, reduce operating costs and better manage security.

While the competitive urgency to digitalize can tempt organizations to move quickly with their digital transformation plans, it’s important to carefully consider the issue of security before moving forward. In this day and age of ongoing cyber attacks, Andy Grove’s famous maxim has never been truer, “Only the paranoid survive.”

My advice to any organization embarking on a digital transformation journey is not leave security out of the digital equation. Start by building a rigorous security discipline into the foundation of your digital transformation approach.

The case for a security-first approach

If you’re not yet convinced of the need to adopt a security-first approach, take a look at the 2016 Australian Cyber Security Centre (ACSC) Threat Report. The report details the litany of cyber adversaries, threats, incidents and attacks that public and private sector organizations face every day.

CERT Australia, part of the ACSC and the government’s main point of contact for cybersecurity issues impacting Australian businesses, reports that, between July 2015 and June 2016, it responded to more than 14,000 cybersecurity incidents, 400+ of which involved systems of national interest and critical infrastructure. Because CERT Australia relies heavily on the voluntary reporting of incidents, these alarming numbers likely reflect only a small percentage of the overall threat.

In fact, 2016 research commissioned by CGI in the UK revealed that over a third of C-suite executives believe a cyber security breach will affect their organization in the next 12 months.

Security can enable your digital success

Despite the increasing number and variety of cyber threats, the urgency to digitalize can’t be ignored. Many organizations are racing to achieve an agile, autonomous, continuous delivery software life cycle (DevOps) and explore the promise of the Internet of Things so that they can rapidly achieve their digital objectives.

To make the DevOps approach viable, rigorous security practices must be embedded in software development and infrastructure deployment processes, enabling your security function to focus on ensuring compliance, handling exceptions and staying current on new threats. This is easier said than done, with security teams often happy in their historical role as “blockers of new technology” and cyber skills being in very short supply.

Rather than considering security last, it should be the first and foremost principle in mind as you address your digital priorities. Security needs to be baked in from the outset, not bolted on. It should be embedded into every aspect of a digitalization plan, including cloud-first infrastructure, mobile access and enablement, data analytics and storage, customer experience design, procurement practices and governance mechanisms.

This transformation of security—security by design—must go to the heart of operational and technology leadership and management, addressing people, culture, processes and the technology itself.

By adopting a security-first approach to digital transformation, organizations can significantly minimize their risks in building new digital, customer-centric business models and launching new digital services and products, gaining the full value of digitalization.

Integrating security into our clients’ digital transformation programs is a critical part of CGI’s work in driving digitalization. Our end-to-end digital transformation offerings include advanced cybersecurity solutions, expertise and support delivered through 10 globally distributed Security Operations Centers. If you’d like to learn more, feel free to contact me.

Blog moderation guidelines and term of use