Security in the Age of Digital Disruption

Recently, I was speaking at an executive-level business conference about the disruptive power and opportunity that digital provides enterprise.

During the course of the “Q&A” period, quite a few questions and comments were directed around the subject of cyber-security being a significant challenge when implementing or maintaining a digital strategy or technology.

I came away from the session with an understanding that many enterprises still view security and innovation as opposing forces that need to be chosen between.

On one hand, enterprises aim to stay competitive, taking strategic and bold measures to ensure that they won’t be displaced in the digital era. On the other, visceral fears of security breaches of their existing infrastructure exist, not to mention the risk of introducing change to the digital platform. The result of these conflicting perspectives is that many companies and firms have begun to stall or over-theorize their digital execution, uncertain of a digital roadmap to plan for.

From my perspective, I work at a firm that assesses security risk, and moreover ensures that solutions that leave our doors enable safe digital business models. So, I have to admit that I was somewhat taken back by this understanding. But the more I thought about it, the more I began to understand how it makes sense.

In my personal life, I’ve recently gotten back into rock climbing. I’d been away from the activity for several years so that I could focus on my family. On my first rappel down a rock face, the first since becoming both husband and father, I have to admit that it occurred to me that despite all of the safety equipment, this activity that I was so enjoying again so much, requires that I accept at least a little bit of risk as I careen down jagged rock ledges into the unknown.

But, as I thought about it some more, I realized that the safety equipment isn’t something that reduces my risk, it’s indeed what makes the activity possible. Like the kind of digital security solutions I mentioned above, my safety equipment has custom-designed solutions that make climbing and rappelling, otherwise more than a little reckless (particularly as a husband and father), really quite safe. Afterall, I wouldn’t use just any kind of harness, let alone rope, in this situation.

So, I thought about this analogy as it relates to my understanding of fear some firms have careening into the age of digital disruption. In so doing, I realized the key question business leaders shouldn’t be asking, but rather the one-and-only they should!

The wrong question to ask is, “How can my company balance both security and innovation?” Instead, I challenge the question be, “What security policies and / or processes will enable my organization to succeed?” This may seem like a subtle difference, but in my mind, it’s a significant one.

If we look at areas of concern within security for Digital Transformation, there are multiple, all critical levels that our team of technology and experience strategists consider when they come into a project. A sample of these include:

Data Handling Practices: In this day in age, I believe we all have to accept that data is key to virtually everything we are do within the digital enablement of people, process, policy and platforms. The security of data handling practices has much to do with how we can store, retrieve and use data in real-time, things we need to make effective experience benefits — to customer and employee alike. The choice of what to collect and how to store and retrieve must be defined and implemented across all systems within the digital ecosystem in order to have compliant design.

A sample of questions your team needs to confirm are, or have, happened:

  • Do you know exactly how much data you have, where it is used, and how it is being used?
  • Have you defined data loss prevention policies?
  • Do you know where all your databases are on the network?

Access Control: A lot of work and effort has been put into enterprise infrastructure to ensure there is a protection for internal networks. But — with the advent of open networks, virtual networks, and Cloud, many of these protections have diminished. Ensuring security compliance of your overall network and infrastructure will probably go the farthest to thwart attacks that may have been documented within other enterprises — or even your own.

A sample of questions your team needs to confirm are, or have, happened:

  • Has your business, or another in your industry, recently suffered a security breach?
  • Do you have frequent and large numbers of guests on your environment?
  • Do you have network intrusion detection and prevention systems in place?

System Acquisition and Maintenance: In the advent of the Internet of Things (IoT) where millions of devices are now able to communicate, transfer and talk to each other; with systems built in Artificial Intelligence (AI) processes, it is more important to also have a specific and overall system acquisition and maintenance security built into the design of how each piece of technology will be used across your organization.

A sample of questions your team needs to confirm are, or have, happened:

  • Do you have a comprehensive disaster recovery plan?
  • What is your business continuity strategy?
  • What are the minimum standards when implementing or migrating new systems?

Again, these are just a bare sample of the questions that your IT and experience teams need to ensure they are complying to.

Our team has developed a comprehensive method to assess your organization’s level of risk in the compliance of security practices. We’d be delighted to share what are the key aspects of having trust that your organization needs to meet the required standards (and are compliant with legal obligations).

You will want to run through these questions, if for nothing else than to take comfort in knowing that that you’re being supported by the right solutions, that your business is safe, and will remain competitive — and secure — in the age of digital disruption.

Author’s Note: This article was made possible by the contributions of Eric Yu, VP of Digital Experience, and Darko Antic, Technical Director.

About the Author: Lawrence Tepperman is the Founder and Managing Director of K2 Digital, a leading Digital Transformation services and solutions firm. He brings more than 20 years of experience building companies through marketing, software solutions, and management consulting. He founded K2 Digital in 2012 in order to help companies realize the tremendous benefits of digital transformation before they are disrupted.