sdecoret - stock.adobe.com

Digital transformation an opportunity for security

Digital transformation is an opportunity not only for the business to up its game, but also for security teams to engage with and win over the business, CISO tells Infosecurity Europe

Digital transformation is about how technology is used to enable the business, and the role of security is to support that by assessing and mitigating the risk, according to Ewa Pilat, global chief information security officer (CISO) at Jaguar Land Rover.

“This is an opportunity for security to avoid repeating the mistakes of the past,” she told attendees of Infosecurity Europe 2019 in London.

“Infosec professionals need to ensure that in supporting digital transformation, they enable security in a simple way rather than through complex policies that we have seen in the past,” she said.

Security teams should also ensure that they focus on innovation to motivate the business to cooperate, that they speed up their processes to avoid the business resorting to shadow IT, and that they work across the business rather than in a security silo to promote greater buy-in from the business.

One of the best ways of avoiding the creation of shadow IT, she said, is to understand the root causes so that internal IT and security teams are able to meet the needs of the business, thereby eliminating the need for any shadow IT.

“Another effective strategy is to go to the board with the facts about what services shadow IT is using and showing them the degree of duplication and how much that is costing,” she said.

“Infosec professionals need to ensure that in supporting digital transformation, they enable security in a simple way”
Ewa Pilat, Jaguar Land Rover

Supporting digital transformation, said Pilat, is also an opportunity for security to educate the business about the consequences or potential impact on the business of failing to implement security properly in every aspect of the digital transformation process.

“Once the business has a better understanding of why security is important, they will begin to feel more responsible for company security and have a greater interest in becoming involved in all security-related issues,” she said.

In this way, Pilat said security organisations could work more closely with the business to embed security in every new IT-related project from the start. “But it is essential to ensure the active support of top management, because without that, this will be difficult to achieve,” she warned.

Above all, Pilat said information security professionals should ensure that they continually demonstrate how security is adding value to the business.

Read more about digital transformation and security

Read more on Hackers and cybercrime prevention