As the old saying goes: even if you’re on the right track, you’ll get run over if you just sit there. Innovation entails risk. To do something genuinely innovative, genuinely transformative, you have to be willing to step outside your comfort zone.
A lot of Australian organisations are being held back, not by lack of access to technology and tools for digital transformation, but by a lack of confidence in their capability to manage the risk involved.
The benefits of digital transformation, and in particular adoption of Cloud technology, are clear. Giving employees access to data wherever and whenever they need it has obvious benefits for productivity. More productivity means better customer experience, and better customer experience drives higher profits.
Equally obvious are the risks. Taking your data off-premises, putting it on someone else’s Cloud, means sacrificing at least some control over its fate, and that fear is holding back innovation.
While most Australian organisations feel confident in their ability to secure their data on their own servers, barely half have the same confidence in their ability to maintain security in a Cloud-based environment. According to a whitepaper from Rackspace Technology entitled “Innovation Over Cybersecurity: the Contradiction Within Australian Business,” the problem essentially comes down to confidence in the capabilities of staff.
Organisations want to know that they have control over their data. Perhaps even more importantly they want visibility over their data to minimise the risk of security breaches. They want to know that, as they move to make their data more visible and more accessible to employees and possibly to AI and analytics, they are able to manage its vulnerability. Particularly when it comes to hybrid or multi-Cloud environments, fragmentation of data becomes an issue and visibility becomes more difficult.
The skills to design and maintain such environments are highly prized, very expensive, and unlikely for most organisations to find in-house. And if they do have them (which is more likely in large organisations rather than SMEs), it’s hard to keep them in a highly competitive marketplace. This has been a persistent problem for years and is not going to change soon. AustCyber estimated in 2018 that a skills shortage in the cybersecurity sector in this country equates to a persistent shortage of 2300 workers. One solution is to find trusted partners, but that doesn’t solve the whole problem with cybersecurity.
The human factor also comes into play, with phishing attacks and ransomware becoming more significant threats than brute-force hacking. As data becomes more and more available to employees, the employees themselves become the risk vector. Regular staff training and education is the only solution there — security has to be treated as a “whole of business” problem, not just for the IT department.
And therein lies the problem. According to research in the whitepaper, barely more than half of surveyed organisations are confident they have access to the tools to fend off security threats, and exactly half felt they had access to staff with the appropriate capabilities. Asked whether they had confidence in the visibility of their data or the inter-connectedness of their data environments, the numbers slip clearly into the minority.
That’s a very big deal. That lack of confidence equates to risk-aversion. An unwillingness to take on risk is a barrier to innovation and can — indeed does — impact on an organisation’s entire transformation strategy.
When an organisation has confidence in its ability to manage risk, it becomes easier to get buy-in from executive leadership. It enables more radical thinking and allows the organisation to pursue more innovative strategies. Innovation is key to success.
Lack of confidence in security capabilities, therefore, is a competitive disadvantage.
Security skills have to be part of the conversation early on when companies develop digital transformation plans. Understanding the business’s goals as well as the risks they entail enables an honest appraisal of the skills that are available in-house, or that will be required from outside. Then decide whether to recruit staff or to team up with trusted partners.
This article is published by Which-50’s Digital Intelligence Unit (DIU) on behalf of Rackspace Technology. DIU Members pay to share their expertise and insights with Which-50’s audience of senior executives.