To give you a sneak preview of what to expect, we asked Oliver some questions about his presentation.
I've spent the last years working very closely in the digital transformation of many large organizations, and a topic that keeps on coming up is that the security function is seen as a necessary evil at best, and a total hindrance at worst. The question is, what does security actually provide to the business? And does the business understand the value that security tools, security processes and security methodologies can bring? What we will look at in this session is how to align what security can bring to the table, but also to understand what the understanding of the other players in the game is, so that the security as a function and the security as a unit within the organizations can move forward and show how they can provide a benefit to the business and therefore move from just being a necessary cost factor to actually providing business benefit.
Both security and digital transformation want the same thing at the end of the day. They want to make sure that the business is successful and that it can develop better than the competition. The ways of doing this are different, though, and especially the approach towards risk is different between security, who tend to try to minimize risk and digital transformation, who willingly take risks in order to move ahead of the competition. Bringing those two views together and understanding the necessity of being risk aware. And to decide in a specific case whether it is better to be on the side of caution or whether it is the time to be bold, to move forward is something that only works if there is an open dialog of understanding between those functions. And that is what companies need to achieve going forward if they want to be successful.
Security is very often seen as that cost factor, as that necessary evil. If we want to show the benefit that security can bring, it needs to be brought in terms of what the company actually produces, what the organization produces in the way of products or services. Only by aligning that, can the amount of effort and the amount of money that we need to put into security to achieve that risk appetite that the company is willing to take, really acceptable, not just to the security organization, but to the company overall, and thereby accepting security as part of the solution and not as part of the problem.
Security, in many cases, has been seen as this absolute - what one of my colleagues calls the “Ministry of No”. You're either secure or you are insecure. It is always this question of you're either with us or you are against us. The way we need to move forward, is to accept that between those two extremes, there is a middle ground. It's not an either - or. It's actually an also - and. And if we can move in that area together with the people who within our organizations who are driving that digital transformation, who are driving product innovation and identifying where that common ground is, and to stride down that road together, then we can be successful. And that, to me, is the biggest challenge that we are facing today towards making security a business benefit rather than just a business burden.