The Security Imperative of Digital Transformation - Part 1

To start with, let me put some context to this discussion. I will endeavor to do that by defining some terminologies that relate to digital transformation. For brevity, I will define digital, digitization, digitalisation and digital transformation.

Digital: Signals or data (generally, information) expressed as a series of the digits 0 and 1. Once information is expressed in 0s and 1s, they can then be stored, retrieved and manipulated by computer systems.

Digitisation: The process of converting information from a physical format or any other format into a digital one. Converting information into digital form allows computer systems to be able to act on them.

Digitalisation/Digital Transformation: The process of leveraging on digitisation to improve business processes holistically.

We are definitely not new to digitisation. We have all adopted digitisation to some extent. Enterprises have digitised many of their supporting business processes and activities. A common example will be communication. Largely, gone are the days of physical memos and mails. E-memos and emails have been fully adopted by almost everyone.?

I still see some government institutions in some developing countries holding on to physical memos and all that – but they surely are on their way out. Even when signatures are required on some documents, e-signature solutions are fast graining ground and are very tenable legally in most countries and in almost all use cases requiring signatures.

But digital transformation goes way more than adopting digital solutions to improve peripheral business processes like communication and other such activities. “Transform” connotes a total overhaul. We can refer to the stage of digitisation we just left behind as just skin-deep. Transformation, on the other hand, requires that our digitisation effort goes deep into the core of the organization's business processes regardless of the industry and what their core functions are. It involves a digitisation effort that cuts across all the entire value chain of the organization – the gamut of business processes and other activities that contribute to achieving the mission of the organization.

It could be argued that there is no business process, no matter the current dependency on manual labor and/or human supervision, that cannot be fully digitised or benefit from some form of digitalisation. Let me illustrate by a simple use case.?

Imagine an industrial entity that has flange management as one of its safety critical activities in support of the company’s mission. To ensure no loss of control, flanges are required to be tightened to a certain measure. The current practice is manual. Personnel are deployed to the field to manage flanges as required. Documentation is manual.?

You could easily see the challenges with this manual process – lack of real time visibility into flange operations; little or no individual accountability; flaws due to human errors and reliance on paper work for flange operations etc. It is no wonder that bolted flange connections integrity contributes significantly to the Loss of Primary containment in many plant operations!

The above use case easily lend itself to digitisation. Imagine the possibility of digitising the flange management system with the following elements – an equipment that converts pressure into readable digital values, uploading measured values real-time into a cloud database, syncing values from the cloud to hand-held devices used in flange operations in real time.

Then imagine the possibilities when, not only the flange management process referred to above is digitised, all other core business processes are digitised. Processes can interconnect and share data. Better decisions can be made with real-time data across the value chain. Human errors during the transfer of data from one production process to the other can be largely eliminated. Efficiency will improve. Effectiveness will increase. Bottom line will be positively impacted.

If you think further you will see clearly that even ancillary processes, like HR, Procurement and Finance, can benefit from the above scenario. How many FTE do we need to perform a particular task or activity? Digitised processes can definitely provide that information. Resources can be adequately deployed as needed. Where should we be spending training budget? What spares do we need to keep? What parts would we rather manage with JIT? All these business questions can be easily, accurately and timely answered when interconnecting business processes are digitalised.

As we have come to know, nothing good comes easy. What makes digitalisation desirable also makes it a prime target for attackers. We do not need to go to far to illustrate that. Remember how email has made communication easier? Well, emails are also easily compromised, both confidentiality and integrity, than physical mail.?

As digitalisation opens up possibilities to integrate processes and make them more effective and efficient, it also significantly increases the attack surface of organisation.

Watch out for part 2 of this article where I will delve fully into the cybersecurity implications of a digitally transformed organisation and what organisations should be doing to reap the benefits of digital transformation while avoiding the pitfalls.