Security teams consulted too late on digital transformation

A new survey finds 76 percent of IT professionals with responsibility for security feel their security teams are brought in too late to have a meaningful impact on digital transformation projects.

IT decision-makers who have responsibility for security believe security teams are brought in too late to have a meaningful effect on digital transformation initiatives, according to a new study.

Dimensional Research, commissioned by by Dell, recently surveyed 631 IT decision-makers with responsibility for security from companies with 1,000 or more employees in the U.S., U.K., Germany, Australia, Scandinavia and the Benelux region. Ninety-seven percent of respondents report their organizations were investing in digital technologies to transform their business: 72 percent of the respondents said their organizations had active projects in mobile, 68 percent in cloud and 37 percent involving the Internet of Things (IoT) — all areas commonly associated with digital transformation.

All the respondents listed security as one of their major responsibilities, but 76 percent felt their security teams were either brought into transformation projects too late to have an impact or were bypassed entirely. Eighty-five percent said business users avoid engaging their security teams for fear their initiatives will be delayed or blocked, while 63 percent said there is no basis in those fears.

[ Related: How to succeed at digital transformation ]

"Security has this legacy of being the department of 'no,'" says Bill Evans, senior director of Product Marketing for Dell's identity and access management business. "Everybody believes security is important until 8:05 a.m., at which point it impacts their ability to do their job."

That's a big problem, according to 96 percent of IT pros who said securing digital technologies poses challenges:

  • 69 percent say they need to secure additional technologies without additional resources.
  • 59 percent say mobile, IoT, cloud and self-service initiatives post an increased risk of security breach.
  • 52 percent say it's hard to find the right balance between security and employee productivity.
  • 38 percent say those initiatives give the organization less control over data and systems access.
  • 30 percent say it's difficult to find expertise to support new technologies.
  • 19 percent say their security tools have not kept up with changing needs.
  • 17 percent say they have a siloed security toolset, which makes them more vulnerable.

Fully 85 percent of respondents say the security function can actually serve as an enabler for digital transformation initiatives if they could overcome business users' perception of security as a roadblock and gain a seat at the table.

[ Related: IT talent biggest roadblock to digital transformation ]

"The security department can become the department of 'yes' and enhance security," Evans says. "It can enable the business and secure it at the same time."

Federated identity services are a case in point, he says. An organization could deploy federated identity services that allow it to extend single sign-on to users when a new software-as-a-service (SaaS) application is added to the portfolio.

"This survey produced some eye-opening results and reinforces what we've been hearing directly from our customers," John Milburn, vice president and general manager of Dell's One Identity Products, said in a statement today. "Organizations face challenges securing their digital transformations and recognize that their current security measures are exposing the business to risk. Our goal is to provide our customers with solutions that address those needs. When done right, security can enable organizations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and customer experience. Done right, security also helps CISOs open their own 'Department of Yes,' empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward."

Join the CSO newsletter!

Error: Please check your email address.

More about BillDell

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place