RSA blog: Making the Next Digital Transition Will Require Extensive Security Planning

We are all in a forced march towards a more accelerated digital transition because of the virus. McKinsey is one of many consulting firms who have proposed a 90-day guide towards moving into this brave new era. And while I don’t want to pick on them specifically, their plan –like others of its ilk — is somewhat flawed. It will take more than Zoom and Slack meetings and a corporate subscription to G Docs or O365 to remake our organizations.

“Every remote worker is now a separate risk to the company,” Canadian cybersecurity consultant Andrew Brewer shared with CIM Magazine.. “Each home environment is different, and with so many of them and [the health crisis] happening so suddenly it’s like a perfect storm for companies.”

To make this move successful, we all will have a lot more work to do in planning for this transition. Here are a few ways to begin to frame your thinking:

First have a security-by-design approach to become more digital and to support remote working long-term. We have to stop giving lip service to InfoSec. Instead, we should be thinking about security first and foremost. This isn’t something to wait until the end of a project when the security team will be tasked with another “cleanup on Aisle 6” operation and asked to add  security in after the environment is built. This means involving the entire C-suite at the beginning of the process to lay a solid foundation for a new network infrastructure, a new communications plan and the right kinds of gear for your remote workers.

Second have a better understanding of the sea changes that will need to happen in DevSecOps to support 100% WFH. In a different report, McKinsey says that rapid IT changes “may have created new risks and exposures.” Planning for these risks and modernizing the tech stack may take more than a 90-day project timeline.

Finally, there is the parallel effort to understand the omnichannel approach that will be introduced with a digital-centric business model. The move towards 100% WFH will introduce even more digital channels, which means more opportunity for fraud. Over the years, I have spoken to Daniel Cohen, the Head of Anti-Fraud Products and Strategy for RSA. In his opinion, the way to combat this is to start investing in omnichannel fraud prevention. A more digital operation also means that your cybersecurity attack surface area will increase, so it will take “information security, risk management and fraud prevention teams to work together, says Cohen.

As an example, I offer my purchase of some pants from the Gap. I got them online, but they were too small, so I returned them. I still haven’t received a credit for my return, because the returns are sitting in a big pile in some warehouse, waiting for an employee to sort through them to ensure that I did indeed return the appropriate merch. And this is from a company that has a robust online business. As long as the multiple channels intersect with some human-provided function, you will still have non-digital intersections and collaborations that will need careful planning and attention.

There are many risks and challenges associated with digital transformation in response to the current health crisis. I think they can be conquered, but all will require significant planning to ensure that we manage the associated risk appropriately.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.