Sergey Nivens - Fotolia
Businesses need to recognise that the process of digital transformation will affect all of their major areas, creating new security problems as once separate systems are connected in new ways, said Martin Kuppinger, principal analyst at KuppingerCole.
“Just about everything companies do in terms of digital transformation means that all these new information security risks are effectively business risks,” he told Computer Weekly. “Sensors in the production line, for example, are now being connected to business processes for the first time.”
Kuppinger said companies need to recognise that business transformation and information security are connected, and this means “we have to do information security differently”.
“When organisations look at digital transformation, they need to restructure so that information security is responsible for the security of everything, including the internet of things (IoT), the organisation’s operational technology (OT) and the business,” said Kuppinger.
“The execution of information security needs to move to where organisations use IT, meaning IT departments will have to become more decentralised and services-based, while information security is independently responsible for security governance across everything,” he said.
Managing digital identities
As everything becomes connected, organisations need to understand which people, systems and devices are working together, said Kuppinger.
“Identity and access management is increasingly about … managing identities of everyone and everything in a connected world, and supporting organisations in their governance, risk and compliance [GRC] initiatives,” he said.
Organisations also need to understand that the traditional, siloed IT body will be capable of “handling all the requirements and the changes as a result of digital transformation”, he said.
Essentially, this means organisations will have to rethink their IT, which will probably move more into the centre of the business, with the IT department becoming more of an underlying service provider.
Kuppinger will discuss these issues in more detail in his presentation on leading the information security transformation at the European Identity & Cloud Conference 2016, Munich, 10-13 May.
Read more about digital transformation
- Digital transformation is not easy and requires not just the right technology, but also the right investment, people and engagement.
- The digital business transformation is steadily making its way to manufacturing, but an expert panel advises that strong leadership is needed to reach full potential.
- We’re headed towards systems of systems, meaning we will need a secure and trusted ecosystem from the sensor to the user, says security firm Exceet.