Skip to main content

Back to Blog

CISO Survival Guide: Balancing Digital Transformation and Security

According to an IDC report, global digital transformation spending reached $1.8 trillion in 2019—up nearly 18% from 2018. What’s more, the firm expects digital transformation investments to total more than $6 trillion over the next for years, with the study’s authors noting, “Digital transformation is quickly becoming the largest driver of new technology investments and projects among businesses.” But how do you balance digital transformation and security?

While it’s evident that digital transformation initiatives will play a pivotal role in business success, they can be challenging for cybersecurity leaders to manage effectively. Any new IT project always introduces an element of risk into the organization, and this is increased by the disruptive nature of digital technology and the pace of change associated with tech-driven innovation. However, it’s essential that CISOs and other security executives find a way to address these concerns without impeding digital transformation efforts and being at odds with the business.

So, what can CISOs do to balance digital transformation and security risks and digital opportunities?

The first step is recognizing that security threats are just one piece of the overall business picture. As Enzoic’s founder and CTO, Mike Wilson, put it in a recent Forbes article, “…as important as security is, there are other fish to fry from a business perspective. If business leaders can’t keep the doors open because customers aren’t happy or products aren’t delivered quickly enough to beat the competition, then cyber risks are irrelevant.” Mike’s piece offers CISOs a few tips for adapting in the age of digital transformation, among them:

  • Shift from security enforcer to security advisor. Mike believes that “To survive and thrive during a digital transformation, security leaders need to act a lot less like police and act a lot more like risk advisors.” Key to this is collaborating closely with leaders from other lines-of-business and educating them on when and where security vulnerabilities may arise.
  • Minimize friction. Delivering a seamless customer and user experience are often goals behind many digital transformation investments. As such, it’s important that, when CISOs are tasked with implementing technical controls and guardrails around digital platforms, they do so in a way that minimizes friction as much as possible.
  • Become more flexible. As Mike puts it, “One way for security leaders to stay flexible as things change rapidly throughout digital transformation could be to take what McKinsey calls a ‘launch-review-adjust’ mode to security strategy. Just as agile development teams operate on sprint cycles, security can take a similar approach to modeling their threats and updating strategies.”

You can read more of Mike’s thoughts on how CISOs can effectively enable and secure digital transformation efforts in Forbes here or download the whitepaper here.

And if you’re looking for a way to minimize customer friction while simultaneously ensuring account security, learn more about how Enzoic may be able to help.