Sergey Nivens - Fotolia

Businesses must address digital transformation security risks, says analyst

The security elements of business IT, the internet of things and operational technology are now all deeply interconnected, claims Martin Kuppinger

Businesses need to recognise that the process of digital transformation will affect all of their major areas, creating new security problems as once separate systems are connected in new ways, said Martin Kuppinger, principal analyst at KuppingerCole.

“Just about everything companies do in terms of digital transformation means that all these new information security risks are effectively business risks,” he told Computer Weekly. “Sensors in the production line, for example, are now being connected to business processes for the first time.”

Kuppinger said companies need to recognise that business transformation and information security are connected, and this means “we have to do information security differently”.

 “When organisations look at digital transformation, they need to restructure so that information security is responsible for the security of everything, including the internet of things (IoT), the organisation’s operational technology (OT) and the business,” said Kuppinger.

“The execution of information security needs to move to where organisations use IT, meaning IT departments will have to become more decentralised and services-based, while information security is independently responsible for security governance across everything,” he said.

Managing digital identities

As everything becomes connected, organisations need to understand which people, systems and devices are working together, said Kuppinger.

“Identity and access management is increasingly about … managing identities of everyone and everything in a connected world, and supporting organisations in their governance, risk and compliance [GRC] initiatives,” he said.

Organisations also need to understand that the traditional, siloed IT body will be capable of “handling all the requirements and the changes as a result of digital transformation”, he said.

Essentially, this means organisations will have to rethink their IT, which will probably move more into the centre of the business, with the IT department becoming more of an underlying service provider.

Kuppinger will discuss these issues in more detail in his presentation on leading the information security transformation at the European Identity & Cloud Conference 2016, Munich, 10-13 May.

Read more about digital transformation

Read more on IT for small and medium-sized enterprises (SME)