November 9, 2017 By Indy Dhami 4 min read

Many organizations around the world have been talking about, thinking about or undergoing digital transformation. It has been an oft-used buzzword for the past two decades, but what does it really mean?

Digital transformation is a paradigm shift from a traditional approach of strategic business operations to a new culture of agile leadership, innovation and thinking through technology change. That all sounds great, but many organizations still struggle with common IT challenges that preclude them from completing the digital transformation journey.

Common Barriers to Digital Transformation

A recent International Data Corporation (IDC) report titled “Future Business: Unleashing Your Talent” found that cultural resistance to change was the main barrier to digital transformation, with legacy IT systems and retaining critical talent ranking second and third, respectively.

Let’s take a closer look at these obstacles and consider factors that can help security professionals improve their digital transformation programs.

Cultural Resistance

How do organizations deal with the difficult challenge of cultural resistance during digital transformation? The most successful programs start by communicating a clear strategic vision and maintaining an open dialogue. It’s important to recognize the importance of end-state digital capabilities, operating models and processes. Security leaders must communicate the strategy in a way that is easily understood to obtain executive buy-in. According to McKinsey&Company, organizations in which senior leaders communicate about digital transformation are eight times more likely to be successful.

Meticulous planning and prioritization are also critical. Focus efforts on delivering digital capabilities that provide business value and protect the most critical assets. Leading a digital transformation effort is comparable to urban planning because it involves building digital landmarks to anchor the strategy and removing roadblocks to facilitate efficiency with the agility to change direction as required.

This planning goes hand in hand with defining measures for success and tracking the business impact of the digital transformation. The intangible elements of culture change can make this measurement difficult to define and assess, but it is important to establish both quantitative and qualitative goals with key indicators of success. Security professionals should regularly communicate these measurements to all stakeholders, use metrics to evaluate progress and make changes where necessary.

Finally, it’s crucial to continuously seek to improve and become more agile. The challenge does not end when the new capabilities have been delivered through your digital transformation. Instead, the focus shifts to ensuring that employees are constantly challenged, technology does not become obsolete, and processes are regularly reviewed for suitability and updated to improve efficiency. Security leaders need to ensure that the organization is agile at scale and capable of thriving amid continuous change.

Legacy IT Systems

IBM estimated that more than 80 percent of the world’s enterprise data resides on mainframe systems, a technology that is more than 50 years old. So it is easy to see why legacy systems represent another key barrier to transformation. The services they deliver are often considered too risky or complex to change while remaining stable and performing critical actions. However, if they are factored into the transformation strategy, both new and old systems can coexist during a transformation journey.

The first step is to embrace the cloud. Many organizations are eliminating their cumbersome and costly data centers and moving their technologies and applications to cloud providers that deliver software-as-a-service (SaaS), infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS). These migrations helped evolve development platforms, mobile and Internet of Things (IoT) integrations, and digital adoption across all industry sectors.

Next, security leaders should apply business intelligence and analytics to make informed decisions on how to deal with legacy IT issues. Many organizations conduct two-tier or parallel transformations in which new systems are delivered while legacy IT is slowly decommissioned.

When the organization’s digital capabilities reach a certain level of maturity, it becomes crucial to use golden sources of data. This means gathering big data and amalgamating outputs into decision-making processes. The IoT, artificial intelligence (AI) and machine learning are starting to help global businesses become “digital industrial.” This powerful data can help security professionals make meaningful, measured decisions to fulfill strategic goals.

Retaining Critical Talent

As specific capabilities have become more vital, the supply of critical skills has not kept up with the rate of change. Some organizations are finding themselves in the difficult position of fighting for the best talent in the industry, ensuring a strong cultural fit and retaining key individuals.

One of the best ways to retain this critical talent is to identify strengths and gaps in cyber skills. Assess the current and targeted capabilities of individuals in both technical and soft skills. This can help pinpoint potential cultural issues as well as technical ones. Retaining key talent is critical, but not all the skills will be found in-house. It may be beneficial to seek help and guidance from expert contractors and industry thought leaders.

Security leaders should also promote cross-functional coordination and foster collaboration. Building strong digital capabilities requires skillful coordination and communication across business units, divisions and functions. For example, developing a new information security operations capability requires new technologies, a skilled workforce, business processes and governance. Successful coordination involves human resources, IT, procurement, finance and leadership teams to understand the strategic vision and support cultural change.

Providing meaningful learning and development for employees can go a long way toward creating a culture of security. Delivery methods such as training, shadowing, coaching and mentoring can also shape behavioral change messaging. These learning options should be integrated into formal training and development pathways, including soft skills and commercial awareness development, to embed the right mindset and emotional intelligence required to cultivate a positive working environment.

Arkadi Kuhlmann, founder and CEO of ING Direct USA, applied a successful new approach to retail banking by recruiting thousands of new employees without directly sourcing them from competitors. “If you want to renew and re-energize an industry, don’t hire people from that industry,” Kuhlmann told Harvard Business Review. “You’ve got to untrain them and then retrain them. I’d rather hire a jazz musician, a dancer or a captain in the Israeli army. They can learn about banking. It’s much harder for bankers to unlearn their bad habits.”

A Growing Divide

There is a now growing divide between digital transformation top performers and laggards. According to BCG, this gap will become even more visible between now and 2020.

Investing in technology alone may not equate to long-term success if the organization’s people do not change their mindset and behaviors. While improving the culture may be the most difficult challenge in any enterprise, a strong and clear message from top leadership is critical to a successful digital transformation.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today