Certain aspects of digital transformation have been constants during the pandemic. For example, people and process trump technology. Forced experimentation moved projects ahead that had been stuck in the “maybe someday” file.
That said, organizations are still learning. They’re starting to consider how their digital transformation efforts might land post-pandemic. And they’re doubling down on cybersecurity as their digital assets become an increasingly important and threatened part of their businesses. How are CIOs and other leaders doing this? We heard instructive insights at two MIT Sloan CIO Symposium panel discussions in recent weeks.
[ Are your digital transformation metrics up to date? Read also: 10 digital transformation metrics to measure success in 2021. ]
Digital transformation's next chapters: It's about focus
Certainly some priorities have shifted. Adriana Karaboutis, Group Chief Information and Digital Officer of energy company National Grid, argued that the pandemic caused a shift in mindset. “We had to accelerate digital because it was a massive call to action. It wasn’t about budgets, it was about keeping the world going. It’s going to cause us to crystalize. All those disparate efforts are going to have to come together. [We’re going to] double down on focus and crystallization.”
Harmeen Mehta, Chief Digital and Innovation Officer of telecommunications firm BT Plc, concurred. “We clutter our thinking and priorities. When we set one or two goals miracles happen. We need to get very outcome focused.”
Of course, focus implies not doing certain things – perhaps ever again. For Karaboutis, this includes debates about upgrading conference room facilities. “I don’t think we’ll ever have that discussion again.”
For David Neitz, Chief Information Officer, CDM Smith, a global engineering and construction firm, it’s about creating a “do not do” list and “challenging what you’re doing every day.”
[ Get exercises and approaches that make disparate teams stronger. Read the digital transformation ebook: Transformation Takes Practice. ]
Tech's evolving role
The emphasis on people and process shouldn’t be taken to mean that technology doesn’t have a seat at the table as well.
For example, Neitz recounted how his company “quickly developed some immersive technologies so they could continue to move projects forward. Experts could walk through our designs remotely and holographically mark up areas of concern.” He’s also taking a broader perspective of sensors and looking at ways to use those sensors to drive additional value.
Karboutis emphasized the promise of making data-driven decisions. Even fairly simple things can help. For example, she noted that they look at weather information and forecasts so that “on blue sky days they can do predictive maintenance.”
“IoT and edge compute is the cornerstone,” she said. But she also cautioned that “now your attack surfaces are so much more. Be aware all those things are an opportunity for attack.”
[ Need to talk edge with colleagues, customers, or partners? Get a shareable primer: How to explain edge computing in plain English. ]
6 cybersecurity priorities during today's digital transformations
During a cybersecurity panel discussion moderated by Keri Pearlson, Executive Director, Cybersecurity at MIT Sloan (CAMS), she made key recommendations, based on her research. Executive management should:
- Prioritize cybersecurity and participate in visible events
- Build cybersecurity in from the start
- Build opportunities for designers and security team members to interact more often
- Reward good cyber designs through evaluation and recognition
- Provide developers with more cyber knowledge so that they feel comfortable making secure design decisions from the beginning
- Find ways to help designers better understand customer security needs.
“Changing values, attitudes, and beliefs is key to driving secure behaviors,” she argued – as is building “for a cybersecurity mindset from the initial requirements stage.”
Roota Almeida, Chief Information Security Officer (CISO), Delta Dental of NJ and CT, agreed that supply chain vulnerabilities are a major cybersecurity threat today and that “every organization should have a robust third party management process.” And it has to be continuous. “It can not be a point in time,” she said.
“Organizations should even be able to do source code reviews of their suppliers,” according to Gabe Dimeglio, Vice President, Global Security Services, Rimini Street, a third-party software support company. He noted that open source software is a “huge benefit” in this regard.
Open source software is also an important source of innovation in his view. “Most of your enterprise software has a ton of open source libraries. Leverage the open source community where you have this huge pool of talented developers. This gives you an advantage because, make no mistake, your enemies are doing the exact same thing.”
Dimeglio’s take on the use of open source software echoes results in Red Hat’s 2021 State of Enterprise Open Source Report: It found that the top benefits of using enterprise open source are higher quality software, access to the latest innovations, better security, and the ability to safely leverage open source technologies. With respect to security specifically, 84 percent of IT leaders surveyed indicated that enterprise open source “is a key part of my organization’s security strategy.”
Move fast but don't break things
Put these two panels together and you see two sides of digital transformation. On the one hand, digital transformation projects have helped organizations to rapidly implement new strategies and processes during the past year. A recurring take throughout this year’s MIT Sloan CIO Symposium has been IT leaders are surprised at how much they’ve been able to accomplish so quickly.
At the same time, these projects need to operate securely in a digital world filled with threats. They have to account for fallible humans: Pearlson said that 90 percent of breaches start with some sort of human error such as orphaned accounts, shared passwords, or phishing emails. But she went on to say that “recent supply chain attacks are paradigm-shifting events” that won’t be solved by “doing more of what we are already doing.”
Karaboutis summed up the CIO balancing act when she talked about how she was excited by the possibilities represented by edge computing and IoT – and nonetheless, proceeding cautiously.
[ Culture change is the hardest part of digital transformation. Get the digital transformation eBook: Teaching an elephant to dance. ]