A strategic approach to security will make or break your organization’s digital transformation Initiatives
Written by: Jim Barkdoll, CEO
Technology vendors have been talking about digital transformation for years, and organizations who prioritize the digital transformation of their business see it as a competitive advantage. Today, our team announced the results of a survey indicating that a strategic approach to data protection and data security efforts are critical to the success of digital transformation efforts.
The conversation about security’s role in digital transformation efforts plays out daily in organizations worldwide. After all, though digital transformation may be the biggest overall corporate priority, security executives must balance these efforts with other initiatives including ensuring compliance in an age of ever-increasing global data regulations, and meeting customer demands for data transparency and privacy. The survey results tell us that more often than not, strategic security executives are successful in their quest to meet all of these goals, so let’s look at why that is.
The attributes of a strategic security program
As our report details, security executives who take a strategic or proactive approach to their program have a few things in common. Three attributes stand out:
- Leading-edge security solutions: More than sixty percent of strategic security professionals have an up-to-date security infrastructure, are early adopters of new technologies, and pursue best-of-breed security solutions on an ongoing basis. These professionals know the value industry-leading solutions provide, as organizations with outdated solutions or holes in their security infrastructure are more vulnerable to data breaches, hacks and other devastating events.
- Strong buy-in from executive leadership: Three quarters of strategic security professionals in the survey have strong buy-in from executive leadership on the role of security as a critical driver in digital transformation initiatives. Only half of the professionals taking a traditional approach to security could say the same. This feedback is in line with what we heard from security executives in the United Kingdom (UK) during our Data Protection Leadership Forum earlier this year. When executive leadership believes in and supports critical security initiatives, those initiatives are successful and drive other successes (like, say, digital transformation efforts).
- Adopting a culture of security: More than two thirds of those adopting a strategic approach to data security and protection indicated that management topics including access rights, security reviews and human resource policies are an important part of their overall leadership and decision-making. In short – their organizations have adopted a culture of security.
This topic is top-of-mind for many large organizations, as no one security solution or policy is fail proof. As stakeholders across an organization become responsible for various parts of a digital transformation program, data protection and security become an issue every employee must be aware of. As Gartner puts it, “the perception that information security is just a technical job handled by technical people buried in IT is not sustainable. As organizations become more digital, we see a proliferation of technology-enabled initiatives. This will lead to an increase in the contact surface between employees and technology systems, which consequently increases the risk exposure.”[i]
Leading security infrastructure, executive support and a corporate security culture provide a strong backbone for any strategic security program. With these elements in place, it’s no surprise strategic security professionals are confident their organization’s digital transformation efforts will be successful.
Data identification and categorization = strategic security
At this point, you’re probably thinking about how you can transition from a more traditional approach to data protection and security to a strategic approach. This is a conversation I have with business worldwide and to a one I tell them the same thing – it starts with data identification and categorization.
If you don’t know where sensitive or critical data resides within your organization, it will be impossible to proactively apply protections to this data. Once you identify where this data resides, you need to properly categorize it to ensure you’re protecting what is most critical to your organization. This becomes crucial as data travels from place to place, from on-premise to cloud, or from cloud to on-premise, etc. during digital transformation initiatives.
There’s no quick path to developing and deploying a strategic security program, just as there’s no ‘silver bullet’ solution to address data protection challenges. But having a handle on where your data resides and how essential or sensitive it is can set you up for success, be it support from executive leadership or adopting a culture of security across your organization.
To learn more about the survey results, please read our report.
i Gartner – “Fight Unsecure Employee Behaviors by Fixing Your Risk Culture,” Srinath Sampath, May 9, 2019