IT decision-makers who have responsibility for security believe security teams are brought in too late to have a meaningful effect on digital transformation initiatives, according to a new study.
Dimensional Research, commissioned by by Dell, recently surveyed 631 IT decision-makers with responsibility for security from companies with 1,000 or more employees in the U.S., U.K., Germany, Australia, Scandinavia and the Benelux region. Ninety-seven percent of respondents report their organizations were investing in digital technologies to transform their business: 72 percent of the respondents said their organizations had active projects in mobile, 68 percent in cloud and 37 percent involving the Internet of Things (IoT) — all areas commonly associated with digital transformation.
All the respondents listed security as one of their major responsibilities, but 76 percent felt their security teams were either brought into transformation projects too late to have an impact or were bypassed entirely. Eighty-five percent said business users avoid engaging their security teams for fear their initiatives will be delayed or blocked, while 63 percent said there is no basis in those fears.
[ Related: How to succeed at digital transformation ]
"Security has this legacy of being the department of 'no,'" says Bill Evans, senior director of Product Marketing for Dell's identity and access management business. "Everybody believes security is important until 8:05 a.m., at which point it impacts their ability to do their job."
That's a big problem, according to 96 percent of IT pros who said securing digital technologies poses challenges:
- 69 percent say they need to secure additional technologies without additional resources.
- 59 percent say mobile, IoT, cloud and self-service initiatives post an increased risk of security breach.
- 52 percent say it's hard to find the right balance between security and employee productivity.
- 38 percent say those initiatives give the organization less control over data and systems access.
- 30 percent say it's difficult to find expertise to support new technologies.
- 19 percent say their security tools have not kept up with changing needs.
- 17 percent say they have a siloed security toolset, which makes them more vulnerable.
Fully 85 percent of respondents say the security function can actually serve as an enabler for digital transformation initiatives if they could overcome business users' perception of security as a roadblock and gain a seat at the table.
"The security department can become the department of 'yes' and enhance security," Evans says. "It can enable the business and secure it at the same time."
Federated identity services are a case in point, he says. An organization could deploy federated identity services that allow it to extend single sign-on to users when a new software-as-a-service (SaaS) application is added to the portfolio.
"This survey produced some eye-opening results and reinforces what we've been hearing directly from our customers," John Milburn, vice president and general manager of Dell's One Identity Products, said in a statement today. "Organizations face challenges securing their digital transformations and recognize that their current security measures are exposing the business to risk. Our goal is to provide our customers with solutions that address those needs. When done right, security can enable organizations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and customer experience. Done right, security also helps CISOs open their own 'Department of Yes,' empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward."