Cybersecurity can be an enabler of digital transformation, if an agile environment works for you.
Speaking in the keynote session “Security at the Speed of Business: Supporting Digital Transformation with Cybersecurity” at Infosecurity Europe 2018, a panel of experts considered the impact of digital transformation and how to enable secure agility into your organization.
Moderator Maxine Holt, research director at Ovum, asked the panel how delivery at pace can be supported. Lee Barney, head of information security at M&S, said that his company had adopted an agile methodology, and this was appropriate for a company who were going through a change in customer demographic and in-store experiences.
“Where cybersecurity comes in is not on top or an addition, and those who succeed will be those who bake in cybersecurity,” he said.
John Meakin, CISO at GSK, said that the lesson for the security team is to “be confident and work out how the cycle works for you,” and determine what the risk is for you and be confident in doing that. He said that there is no point in trying to work security into agility “if you have got to think about it for a week or an hour, you have got to be there and be confident” in the decisions you make.
Asked by Holt how to encourage employees and partners to change their security behavior so it is at the front of their mind, Graeme Hackland, CIO of Williams Grand Prix Engineering, said that the best way for his company was to “put people at the heart of your security” as they are protecting your reputation and it is your work to protect them.
Looking at how to implement an agile and DevOps environment, Hackland acknowledged that some developers see “adding security by design as slowing down,” while Barney said that agile and DevOps were “one and the same thing, and it is not an ‘or’ but an ‘and’.”
Barney said: “When you understand agility, you understand what to do with it.”
In an audience poll of 150 people, 59% said that cybersecurity was an enabler and a hindrance of digital transformation projects, while 31% said it was an enabler and seven percent said it was a hindrance.
Meakin said that good agile and DevOps is about enabling developers, and trusting them “as they will deliver security.”
“You cannot do digital transformation without security, it is a critical part of it,” Meakin said.