Every organization is approaching the risk, security and compliance needs of the new digital business landscape in some manner today. Most often, these challenges are met through various silos within the organization. Functions like IT, security, fraud management, legal/compliance, audit, business continuity and risk management implement their own processes to identify, assess and monitor their respective risks and apply controls as necessary.
In many respects, challenges in digital business operations are like age-old (relatively) technology risks – giving proper levels of access, securing systems, monitoring for malicious activity, etc. We can certainly look to lessons learned through the last two decades of techniques to address emerging risks related to digital transformation. Forrester's "zero trust" and Gartner's CARTA approaches are grounded in these fundamentals and continue to stir conversations about how to approach today's digital world. It is evident that digital transformation requires a new strategy.
Risk-based approaches to prioritize based on business context are fundamental to align efforts and balance the upside and downside of digital opportunities. When du, a telecommunications services provider based in Dubai, United Arab Emirates (UAE), took on the challenge to become a leader in the global telecom industry, the opportunity did not come without risk. As their transformation unfolded, they needed to tackle their emerging regulatory, security and risk issues with an integrated approach. This type of major business objective highlights the need to apply risk-based strategies that take into consideration both the likelihood of negative events and the impact of those events. It also stresses that there is an upside to risk taking – as long as the organization is aware of the risks involved, can adjust and be proactive in managing the risk.
Digital transformation also emphasizes the existing adages of risk and security still hold true. However, the complexity of digital operations is straining traditional approaches. A transformative shift must take place. As the risk of cyber-attack is the number one concern survey after survey, it is no surprise the need to dramatically accelerate threat detection and prevent unauthorized access to its systems drove Recruit Technologies, a subsidiary of Japanese staffing firm Recruit Group, to double down on their security operations. Mitigating the risk of a malicious assault on emerging infrastructure requires a combination of techniques. To address this challenge, a unified approach must take a wider view of the risk your business faces and cut through silos and unneeded complexity.
Finally, none of this takes place overnight. Your strategy must be executed one win at a time combining processes and skills with the emerging technological advances in risk and security management. Many digital initiatives deal with sensitive data and broad user bases. When it comes to protecting data while providing broad access, Greenville Health System knew they had some significant challenges as they implemented an enhanced electronic health record system (EHRS) across its enterprise. They took steps to achieve their business objectives by leveraging leading technology approaches and experience.
du, Recruit Technologies and Greenville Health System have some fundamental things in common. They are all faced with a changing competitive landscape where technology is opening doors of opportunity. While this provides some exciting avenues for growth, addressing risk in these expanding digital operations is a complex challenge. By targeting key areas of concern, they can implement a broad strategy that addresses areas of risk in their digital operations while considering adjacent risks. Digital risk management requires you to chart your course and execute towards a risk-based, mature strategy aligned with your digital operations.
Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to ACT on risk, not worry about it. We need to start and end with the basics.
And we can certainly learn from others.
Register for our executive webinar series on digital risk management to find out why risk management is so critical and how companies are addressing digital risk.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity.
Author: Steve Schlarman
Category: RSA Point of View, Blog Post
Keywords: Digital Transformation, Digital Risk, Digital Risk Management, Cybersecurity, Integrated Risk Management