Skip to main content
Industry Perspectives

Making the Next Digital Transition Will Require Extensive Security Planning

  • by David Strom

We are all in a forced march towards a more accelerated digital transition because of the global health crisis. McKinsey is one of many consulting firms proposing a 90-day guide towards moving into this brave new era. While the intentions are good, this proposal is somewhat flawed. It will take more than Zoom, Slack and a corporate subscription to a cloud-based collaboration platform to transform a business for this next normal.

"Every remote worker is now a separate risk to the company," Canadian cybersecurity consultant Andrew Brewer shared with CIM Magazine. "Each home environment is different, and with so many of them, and [the health crisis] happening so suddenly, it’s like a perfect storm for companies."

To make this move successful, we all have a lot more work to do in planning for this transition. Here are a few ways to begin to frame your thinking:

First, have a security-by-design approach to become more digital and to support remote working long-term. Stop giving lip service to information security. Instead, think about security first and foremost. This isn’t something to postpone until the end of a project and then task the security team with another "cleanup on Aisle 6" operation and add security in after the environment is built. This means involving the entire C-suite at the beginning of the process to lay a solid foundation for a new network infrastructure, a new communications plan and the right kind of gear for your remote workers.

Second, have a better understanding of the sea changes that will need to happen in DevSecOps to support remote work. Things to consider:

  • Will your existing security apparatus handle cloud development and deployment?
  • Will you need to implement a "zero trust" mentality for your architecture across apps, servers and endpoints?
  • Will you need to handle risk-based authentication inside your apps for code changes as well as for users?

In a different report, McKinsey says that rapid IT changes "may have created new risks and exposures." Planning for these risks and modernizing the tech stack may take more than a 90-day project timeline.

Finally, there is the parallel effort to understand the omnichannel approach that will be introduced with a digital-centric business model. The move towards 100% work from home will introduce even more digital channels. This means more opportunity for fraud. In my past conversations with Daniel Cohen, the Head of Anti-Fraud Products and Strategy, RSA, he shared that the way to combat this is to start investing in omnichannel fraud prevention. A more digital operation means that your cybersecurity attack surface will increase, so it will take information security, risk management and fraud prevention teams to work together, says Cohen.

As an example, let’s review the process of online shopping. I purchase a pair of pants online, but they’re too small, so I return them. I still haven’t received a credit for my return, because the returns are sitting in a big pile in some warehouse, waiting for an employee to sort through them to ensure that I did indeed return the appropriate merchandise. This is from a company that has a robust online business. The point being: so long as the multiple channels intersect with some human-provided function, you will still have non-digital intersections and collaborations that will need careful planning and attention.

There are many risks and security challenges associated with digital transformation in response to the on-going health crisis. I think they can be conquered, but will require significant planning to ensure that we manage the associated risks appropriately.

This post was sponsored by RSA, but the opinions do not necessarily represent RSA’s positions or strategies.