Why frameworks are more necessary than ever for secure enterprise transformations

Organizations are moving fast in retooling their business strategies and integrating the technologies that are needed to execute them. This is true for a multitude of reasons. A global shift toward telework, accelerated sharply by the COVID-19 pandemic, is rapidly expanding enterprises’ technology footprints. More and more of our artificial intelligence ecosystem is unfolding in the cloud. And, of course, data is at the heart of these and many other advancements.

Data governance has long been important, but it will take on supreme importance in the years to come based on these and other factors. In the era of ongoing digital transformation, governance of enterprise IT is imperative to streamline processes and operations, assess and address risks proactively, align IT with business strategies and goals, comply with expanded regulatory requirements and maximize ROI on technology investments. Governance frameworks are needed in order to incorporate all essential parameters into transformation projects, with security considerations becoming increasingly important among them.

Technology-driven transformation projects bring tremendous opportunity, but they can be difficult to pull off, especially since many companies are not equipped to move as quickly as they would like from the standpoints of privacy, risk and security. According to CIO.com’s 2020 State of the CIO survey, 46% of organizations don’t have either a chief security officer (CSO), chief information security officer (CISO) or top security executive, and if they do, the people in those roles are often stretched perilously thin given the demands of the job. Even the organizations that are fortunate enough to have a strong CISO in place often struggle to find qualified practitioners to fill open roles, leaving enterprise security teams unable to keep up with the ever-widening threat landscape.

Adding to these entrenched challenges faced throughout the security industry are the newer impacts of COVID-19, with which we are still attempting to come to terms. Organizations, the vendors they work with and customers are under enormous strain from the economic fallout related to the pandemic. This could result in changed baselines and expectations when it comes to security. For example, how will the budget cuts many enterprises are facing affect their security teams? Will vendors still have the resources they did previously to devote toward security? Will third parties still do the same level of due diligence to the sub-vendors upon which they rely? These changes often take place abruptly and, if not properly monitored by robust governance, can have a profound impact on enterprises’ security postures.

It is against this backdrop that governance frameworks are so valuable for organizations that are undergoing transformation.

The value of governance

Information and technology have become the crown jewels for today’s enterprises, but the ways in which those assets are being stored and utilized are fluid, as are the regulatory statutes with which enterprises are required to comply. But implementing strong governance of technology — regardless of where that technology lives — is still achievable when drawing upon a solid governance framework.

Effective frameworks ensure that enterprises are providing stakeholder value and aligning with key industry standards through sound information flows and well-designed processes that are customizable to the dynamics of a specific organization. Respected industry frameworks such as COBIT, ITIL and others enable enterprises to drive innovation and business transformation. COBIT is a holistic framework that can guide transformation projects. It includes focus areas such as cybersecurity, risk, cloud computing, privacy, DevOps and applications for small and medium-sized enterprises.

Avoiding unintended consequences

Regardless of which framework — or combination of frameworks — an enterprise uses, the key is disciplined implementation, which typically should start by pinpointing the drivers for change, identifying the problems and opportunities that exist, and then defining a roadmap to implement the governance program.

The business world is evolving so rapidly today that it often seems chaotic. The need to move swiftly to take advantage of a competitive opportunity often results in organizations taking governance shortcuts that can lead to major failings when it comes to security and privacy. What happens when a business process changes? It is important to understand new risks that could be introduced, but without a framework to provide clear guidance, those types of critical considerations can easily be missed, resulting in serious long-term damage to the business.

Today’s security landscape presents too much risk for over-stretched security teams to hope that piecemeal execution will be sufficient to protect their organizations. Whether enterprises are prioritizing a specific technology project or undergoing a more full-scale implementation, governance frameworks can provide enterprises the peace of mind that their transformation projects will create the business value they were designed to achieve, without unintended consequences.