Managing Digital Transformation by IT and Security Teams

By Elena Kvochko, CIO-Group Security Function, Barclays

Elena Kvochko, CIO-Group Security Function, Barclays

Over the last couple of decades, companies have expanded their digital presence by fostering technology innovation. As a result, they are able to deliver a variety of services, and reach more stakeholders with the same amount of effort and at a lower cost. Phones, computers, and other connected devices serve as a platform for delivery of services that weren’t considered before. More importantly, companies gained the ability to better understand their stakeholders’ needs. While this has brought a lot of new opportunities to scale, it has also brought many challenges to companies to protect their assets and stakeholders. There are new and more innovative ways to attack companies; meanwhile, companies are struggling to protect themselves.

In the past, security focused on physical security to protect the company against within close geographical proximity. Today, our neighborhood is no longer a local district, but the entire globe and “Security” has become one of the fastest growing and developing fields. Information Technology (IT) is not only about software that enables a company; but rather, software that enables a company in a safe way. IT requires professionals to stay on top of the evolving threats of the cyberspace in addition to constantly innovate and challenge themselves to keep up with the ever evolving stakeholders’ demands. Companies, require not only more security products to protect themselves; but at the same time more secure products. By building or acquiring secure products, increasing organizational efficiency and coordination, and enabling high performing technology for operations, IT and security teams shall shape secure products, customer experience, and services without compromising either speed to market, or functionality.

“In today’s industry, there is a greater need for secure technology. Therefore, IT and security teams should not only have to focus on software, but rather-secure software”

Technology and Business Drivers for Trust

Trust and security are now at the center of competitive differentiators. The biggest for an organization is failure to uphold agreements and keep valuable assets safe. For this reason, we developed the Group Security Strategy which reshapes the way we thinks about Security.

In Today's Industry, There Is A Greater Need For Secure Technology. Therefore, It And Security Teams Should Not Only Have To Focus On Software, But Rather-Secure Software

We now focus not on notions, such as ‘Information’, ‘cyber’, or ‘physical’ describing security, but on delivering Security. We are on the road to establishing an intelligence-led defense resting on adequate cyber hygiene, physical and cybersecurity controls, and working alongside partner institutions. This has increased organizational efficiency, closed coordination gaps, provided better visibility, and enhanced overall resilience.

By being a 325 old institution, we learned that a strong Group Strategy should be continuously adapting to new challenges and be supported by strong implementation. Large organizations are composed of employees, stakeholders, physical locations, technology infrastructure, third-party providers, etc. However, institutional changes affect an organization by directly impacting two or more and indirectly all of these components. For this reason, in order to effectively implement a strategy in a large organization, the organization should account for often disjointed nature of the technology infrastructure, locations, and diverse employees on business units within the organization, and have a holistic approach to better implement and adapt to changes.

In today's industry, there is a greater need for secure technology. Therefore, IT and security teams should not only have to focus on software, but rather-secure software.

It is time to adopt institutional changes that both fit technology and business units. By embracing operational changes, new technology will be able to innovate across the organization and reduce communication gaps between technical and non-technical employees.

Meeting the Needs of an Enterprise

Teams should have their focus on creating a comprehensive and robust technology strategy that takes into account the company’s specific infrastructure, talent pool, and security risks it faces. The strategy is not about innovating as fast as possible, but rather to always innovate while remaining secure. This strategy should also include effective recovery and business continuity strategies in the case of a data breach or security incident. The strategy should support the overall business objectives. Many companies find it a better investment to fund preventative measures rather than attempt to recover losses.

Security and IT teams shall not be the only teams that are aware of how the technology that enables their business works. Companies can help prevent inefficiencies and cybersecurity incidents by raising awareness in addition to educating employees on the company’s technology strategy. Companies should also organize regular trainings to keep employees knowledgeable, vigilant, and invested in the company’s technology, and provide employees a platform through which to voice their concerns and questions. In the same vein, businesses should not look at cybersecurity as a separate technology entity, but should seek to integrate it into business operations and the company’s risk management framework.

In today’s industry, there is a greater need for secure technology. Therefore, IT and security teams should not only have to focus on software, but rather-secure software.