November 9, 2017 By Indy Dhami 4 min read

Many organizations around the world have been talking about, thinking about or undergoing digital transformation. It has been an oft-used buzzword for the past two decades, but what does it really mean?

Digital transformation is a paradigm shift from a traditional approach of strategic business operations to a new culture of agile leadership, innovation and thinking through technology change. That all sounds great, but many organizations still struggle with common IT challenges that preclude them from completing the digital transformation journey.

Common Barriers to Digital Transformation

A recent International Data Corporation (IDC) report titled “Future Business: Unleashing Your Talent” found that cultural resistance to change was the main barrier to digital transformation, with legacy IT systems and retaining critical talent ranking second and third, respectively.

Let’s take a closer look at these obstacles and consider factors that can help security professionals improve their digital transformation programs.

Cultural Resistance

How do organizations deal with the difficult challenge of cultural resistance during digital transformation? The most successful programs start by communicating a clear strategic vision and maintaining an open dialogue. It’s important to recognize the importance of end-state digital capabilities, operating models and processes. Security leaders must communicate the strategy in a way that is easily understood to obtain executive buy-in. According to McKinsey&Company, organizations in which senior leaders communicate about digital transformation are eight times more likely to be successful.

Meticulous planning and prioritization are also critical. Focus efforts on delivering digital capabilities that provide business value and protect the most critical assets. Leading a digital transformation effort is comparable to urban planning because it involves building digital landmarks to anchor the strategy and removing roadblocks to facilitate efficiency with the agility to change direction as required.

This planning goes hand in hand with defining measures for success and tracking the business impact of the digital transformation. The intangible elements of culture change can make this measurement difficult to define and assess, but it is important to establish both quantitative and qualitative goals with key indicators of success. Security professionals should regularly communicate these measurements to all stakeholders, use metrics to evaluate progress and make changes where necessary.

Finally, it’s crucial to continuously seek to improve and become more agile. The challenge does not end when the new capabilities have been delivered through your digital transformation. Instead, the focus shifts to ensuring that employees are constantly challenged, technology does not become obsolete, and processes are regularly reviewed for suitability and updated to improve efficiency. Security leaders need to ensure that the organization is agile at scale and capable of thriving amid continuous change.

Legacy IT Systems

IBM estimated that more than 80 percent of the world’s enterprise data resides on mainframe systems, a technology that is more than 50 years old. So it is easy to see why legacy systems represent another key barrier to transformation. The services they deliver are often considered too risky or complex to change while remaining stable and performing critical actions. However, if they are factored into the transformation strategy, both new and old systems can coexist during a transformation journey.

The first step is to embrace the cloud. Many organizations are eliminating their cumbersome and costly data centers and moving their technologies and applications to cloud providers that deliver software-as-a-service (SaaS), infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS). These migrations helped evolve development platforms, mobile and Internet of Things (IoT) integrations, and digital adoption across all industry sectors.

Next, security leaders should apply business intelligence and analytics to make informed decisions on how to deal with legacy IT issues. Many organizations conduct two-tier or parallel transformations in which new systems are delivered while legacy IT is slowly decommissioned.

When the organization’s digital capabilities reach a certain level of maturity, it becomes crucial to use golden sources of data. This means gathering big data and amalgamating outputs into decision-making processes. The IoT, artificial intelligence (AI) and machine learning are starting to help global businesses become “digital industrial.” This powerful data can help security professionals make meaningful, measured decisions to fulfill strategic goals.

Retaining Critical Talent

As specific capabilities have become more vital, the supply of critical skills has not kept up with the rate of change. Some organizations are finding themselves in the difficult position of fighting for the best talent in the industry, ensuring a strong cultural fit and retaining key individuals.

One of the best ways to retain this critical talent is to identify strengths and gaps in cyber skills. Assess the current and targeted capabilities of individuals in both technical and soft skills. This can help pinpoint potential cultural issues as well as technical ones. Retaining key talent is critical, but not all the skills will be found in-house. It may be beneficial to seek help and guidance from expert contractors and industry thought leaders.

Security leaders should also promote cross-functional coordination and foster collaboration. Building strong digital capabilities requires skillful coordination and communication across business units, divisions and functions. For example, developing a new information security operations capability requires new technologies, a skilled workforce, business processes and governance. Successful coordination involves human resources, IT, procurement, finance and leadership teams to understand the strategic vision and support cultural change.

Providing meaningful learning and development for employees can go a long way toward creating a culture of security. Delivery methods such as training, shadowing, coaching and mentoring can also shape behavioral change messaging. These learning options should be integrated into formal training and development pathways, including soft skills and commercial awareness development, to embed the right mindset and emotional intelligence required to cultivate a positive working environment.

Arkadi Kuhlmann, founder and CEO of ING Direct USA, applied a successful new approach to retail banking by recruiting thousands of new employees without directly sourcing them from competitors. “If you want to renew and re-energize an industry, don’t hire people from that industry,” Kuhlmann told Harvard Business Review. “You’ve got to untrain them and then retrain them. I’d rather hire a jazz musician, a dancer or a captain in the Israeli army. They can learn about banking. It’s much harder for bankers to unlearn their bad habits.”

A Growing Divide

There is a now growing divide between digital transformation top performers and laggards. According to BCG, this gap will become even more visible between now and 2020.

Investing in technology alone may not equate to long-term success if the organization’s people do not change their mindset and behaviors. While improving the culture may be the most difficult challenge in any enterprise, a strong and clear message from top leadership is critical to a successful digital transformation.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today