Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think...

31
SESSION ID: #RSAC Puneet Kukreja Thinking Digital Enablement, Think Protection, Think Process Re-engineering 2307 Partner, Cyber Risk Advisory Deloitte Australia @iPuneetKukreja

Transcript of Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think...

Page 1: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

SESSION ID:

#RSAC

Puneet Kukreja

Thinking Digital Enablement, Think Protection, Think Process Re-engineering

2307

Partner, Cyber Risk AdvisoryDeloitte Australia@iPuneetKukreja

Page 2: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

2

What is Digital?

Page 3: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

What is Digital – your key questions

3

Question 1

• How is digital (disruption) and/or change affecting our organisation?

Question 2

• How well are we responding to minimise the threats and maximise the opportunities presented by this change?

Page 4: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

But what is Digital?

4

Technology Innovation

Advanced Computing

Cloud Computing

Data Analytics

Speed of Connectivity

Mobile Computing

Increased Automation

Big Data

Page 5: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Why I ask what is “Digital”

5

…because over the past 40 years, many new technologies have been introduced which have caused

disruption and met a definition of digital.

Page 6: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Computers in the 1970’s

6

in the 1970’s

Image Source: http://thecomputersgalaxy.blogspot.com.au/ Image Source: https://zeth.net/images/blog/Digital.PDP-11.1970.102646128.jpghttps://s-media-cache-ak0.pinimg.com/736x/50/f5/39/50f539ba7df30f986562d81d1a0e38fb.jpg

Page 7: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Mobile phones and televisions

7

Analog to digital

Image Source: http://thecomputersgalaxy.blogspot.com.au/ Image Source: http://demo.idg.com.au/pcw/inlineimages/digital_tv_switchover_2013.jpg

Page 8: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Why I ask what is ‘digital’

8

neither technology today requires the ‘digital’ prefix.

Page 9: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

So what is Digital?

9

Author Ronald Tocci in his book Digital Systems: Principles and Applications defined it as below.

“digital system is a data technology that uses discrete

(discontinuous) values”

Page 10: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

What is all the fuss about?

10

It is about creating a distinctive customer experience

staying ahead of the competition by increasing efficiency

finding new routes to market.

discrete datasets

bringing discrete datasets together to create actionable insights

maximising investment in systems and processes

above all protect the organisation, keep it secure

Page 11: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Digital enablement

11

creating a distinctive customer experience

staying ahead of the competition by increasing efficiency

finding new routes to market

discrete datasets

bringing discrete datasets together to create actionable insights

maximising investment in systems and processes

protect the organisation, keep it secure

Technology Innovation

Advanced Computing

Cloud Computing

Data Analytics

Speed of Connectivity

Mobile Computing

Increased Automation

Big Data

Page 12: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

– your key questions

12

Question 1

• How is digital (disruption) and/or change affecting our organisation?

Question 2

• How well are we responding to minimise the threats and maximise the opportunities presented by this change?

Big Data Projects

Cloud Projects

Social Media

Enabling Mobile Channel

CustExCX

UserExpUX

Page 13: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

So what do we do about it?

Page 14: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Focus on your crown jewels

14

Services Data Assets

Others Others Others OthersCloud Supply Chain Third Parties Cyber

Supported by Multiple Enablers

Governance and Metrics as the Foundation

Page 15: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Digital transformation approach

Page 16: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Digital transformation approach

16

Tactical Agility Strategic Enablement

Page 17: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Tactical Agility

17

What was achieved

Rapid deployment of mobile customer

engagement applications

Creation of Omni channels for enhanced

selling

Analytics based customer segmentation

Moved towards data-driven decision making

Business lead deployment of cloud capability

Where pain was felt

Rise of shadow IT weakened their backend

technology processes

Lack of security controls for customer data

Sub optimisation of security architecture

Limited understanding of deployed cloud

capability

and then…

Page 18: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

18

HACKED

…stuff was lost…

Page 19: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Strategic Enablement

19

What was achievedCloud first strategy was adopted

Streamlined processes enabled service

standardisation

Supplier assurance was revamped with

significant focus on data security and cloud

controls

Operational maturity was the cornerstone of

Digital using ITIL as a foundation capability

Operational transparency assisted with the

enablement of shared digital services

Cross-channel integration was achieved as

business and IT were integrated with IT as a

service broker

Data security was introduced as a non-

negotiable

Digital and cyber were elevated to the board

for discussion as an enabling capability

Page 20: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Strategic Enablement

20

Where the pain was felt

Business understanding that without cyber

maturity Digital enablement was at risk

Business case and funding for process

maturity based on previous experiences

Realisation that Digital is a business

transformation initiative

Understanding of the limitations of what data

analytics can actually deliver for the business

Justification for increase in spend supporting

cyber security capability

Shift within the IT function from an architect

and operate mindset to a service broker and

integrator

Support functions awareness and uplift to

think about customer data security and

privacy

and after all that…

Page 21: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

21

AT

TAC

KED

...DDoS controls…X 3

…no stuff was lost…

Incident Response Processes

Third Party Agreements

Secure Cloud Hosting

Data Governance Controls

Page 22: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Bringing it together – how do I apply this?

Page 23: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

– your key questions revisited

23

Question 1

• How is digital (disruption) and/or change affecting our organisation?

Question 2

• How well are we responding to minimise the threats and maximise the opportunities presented by this change?

NO SILVER BULLET

Page 24: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

What can I apply tomorrow

24

Integrate cyber & digital

Spend on process maturity

Strengthen governance and reporting

Page 25: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Integrate Cyber & Digital

25

Identify areas where digital projects are taking place across the organisation and

ensure there is an understanding of cyber security obligations

Assist business in understanding why spend on cyber security is required to increase

as they embrace digital where data is key

Undertake business awareness campaigns to ensure the threat landscape and data

security risks of digital enablement are understood by the business

Initiate discussions with the organisations executive leadership and board to ensure

digital enablement is not happening in isolation.

Page 26: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Spend on Process Maturity

26

Understand that “Cloud” is intrinsically tied to Digital

Have an appreciation of support processes that will enable the use and

consumption of cloud

Identify core processes required to support cloud enablement and agile

development

Set up a data security function that focuses on managing risk to data assets

Page 27: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Spend on Process Maturity

27

Ensure process maturity effort is not in isolation and supports standardisation

across architecture

operations

projects

When talking process maturity most organisations default to using ITIL in some

shape or form.

at a minimum focus on the following 10 processes for digital and cloud enablement.

Page 28: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Process Maturity

28

ITIL based processes for digital enablement

Page 29: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Governance and Reporting

29

Security governance is key given the change in threat profile of an organisation

Implement vigilance and resilience controls given the increase in and organisations

attack surface following Digital enablement

Ensure there is business awareness of the changes in risk posture across the Digital

transformation landscape

Risks related to cyber attacks, confidentiality and regulatory breaches, brand

exposure and data security should be reported at the board level

Use data enabled insights based reporting of your organisations security posture.

Page 30: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

#RSAC

Thank You

30

Re-engineering

Page 31: Thinking Digital Enablement, Think Protection, Think ... · Thinking Digital Enablement, Think Protection, Think Process ... and operate mindset to a service broker ... Thinking Digital

SESSION ID:

#RSAC

Puneet Kukreja

Thinking Digital Enablement, Think Protection, Think Process Re-engineering

2307

Partner, Cyber Risk AdvisoryDeloitte Australia@iPuneetKukreja