Building a culture of security and governance into digital transformation initiatives

June 21, 2023

A culture of security needs to be built into everything the business does
Building Cyber Security in from the ground up

Digital transformation is more than just a buzzword. It is not about replicating a current product or service in a digital form, but about using innovative new technologies to transform that product or service into something considerably better.

So says Andrew Njoroge, Managing Director of CYBER1 Solutions East and West Africa, adding that while the main elements of any digital transformation need to include rethinking business models, changing the foundational technology stack, innovating in terms of customer experience, its also incredibly important to consider governance, security, and culture.

Implementing governance structures

This is because digital transformation isn’t a one-off exercise, or something that happens on its own in the corner, it is a fundamental part of business operations that needs to happen on a daily and continual basis, he explains. It needs to be managed, secured, and must evolve alongside the organisation and become part of its current and future culture.

“Unfortunately, when we discuss digital transformation with technology leaders in businesses, we are finding a lack of board engagement,” Njoroge continues. “They might have been told to develop an app, or push out a campaign on a particular platform, but there is very little thought to the governance, security, and culture shifts needed around these initiatives.”

Because digital impacts firms globally, across traditional siloes, it needs better co-ordination when making decisions and carrying out actions, compared to the way business has been done traditionally, he says. “Any choices that are made need to engage the company as a whole, in all regions and across all business units, which is why companies need policies, procedures, and guidelines that govern digital initiatives within an organisation.”

Managing digital effectively

According to him, having these in place will ensure that digital initiatives are managed and controlled effectively, and also that they align with the entity’s strategic objectives. Digital transformation governance is also important because it provides a framework for evaluating the impact of these initiatives on the various stakeholders, such as customers, staff members, and partners.

“Without effective governance, companies cannot mitigate risks, make informed decisions, or achieve their desired outcomes. Similarly, when business leaders focus on the technologies and strategy without making sure that the corporate culture also undergoes a transformation, digital transformation is doomed to fail.”

Security should never be an afterthought

The next question, he asks, is where does Cyber Security fit in? Unfortunately, Cyber Security is also often considered too late in the process. “We are looking at an entirely new digital space. In the past, the approach was to have guards at the door, checking who is coming in, metal detectors to ensure nothing suspicious is coming in with them, and suchlike. There were also firewalls that acted as sentinels, only letting the good traffic in, and keeping the bad elements out.”

What happens now, when everything is taken outside of that perfectly protected perimeter? “Today, it’s about cloud. We are working on platforms that are not owned by the business and sending company data to social media and other apps and have third-parties that are integrating into your environment. The question becomes, how can businesses secure all of this?”

First and foremost, he says they need a different kind of mindset. Secondly, they need users to be highly aware on a different level, and thirdly, their entire approach to Cyber Security needs to be redefined. “Security should never be an afterthought, it should be built in from the ground up. Companies need to have visibility into their environments, and need to protect identities to secure their people and their data.”

A lack of visibility

He says it’s ironic that our innate human nature is to protect before we take the next step. “When a baby is born, the first thing we do is we wrap them up to protect them from catching cold. With businesses, security is too often tacked on as an afterthought. Too often, businesses operate in an insecure environment, they have no clue what their threats and risk are, they have all this valuable data, and only then, do they question how to protect it all.”

This approach is also doomed to fail, he says. “At CYBER1 Solutions, we are shifting the conversation way more to the left. We are talking to business leaders about people, and their culture, and making them question if their employees are aware of the threats they face, what their general awareness of cyber security is like, and whether or not their processes support Cyber Security as an enabler of the business. Very last, we ask them whether they have the appropriate technologies in place.”

The disappearing perimeter

A culture of security also needs to be built in from the ground up into everything the business does – its products, its applications, and its whole environment. “The perimeter has gone or in the best case scenario, blurred,” he continues.

For  Cyber Security to be effective, he says organisations must have a comprehensive understanding of their needs, they must know what they have, and they must be aware of the internal and external threats they face. “By encouraging a culture of Cyber Security, and having proper governance in place, businesses can build the foundation for successful digital transformation.”

In ending Njoroge says: “At CYBER1 Solutions, we enable organisations in every industry to prevent attacks by giving them the visibility they need into vulnerabilities so that they can rapidly detect compromises, respond to breaches, and stop attacks before they become a problem.”

Share Article

Related External Articles