Security often is seen as a barrier to digital transformation among businesses, according to a survey of 631 IT decision-makers fielded by Dimensional Research and sponsored by Dell.
Nearly all (97 percent) of global respondents said they're investing in digital technologies to transform their business, including mobile, cloud applications, cloud infrastructures and the internet of things (IoT).
Three-quarters said the need to increase employee productivity is the driving force behind digital transformation initiatives, while 67 percent cite business growth.
Where security stands in these initiatives is a bit more shaky: 85 percent of respondents believed security teams can better enable digital transformation initiatives if they are included early in the project, and more than 90 percent said the security team can better enable the business if given more resources.
"I've never met with a customer who actually has enough security budget. The best course for any security department is to first assess their risks. Understand what the business is doing. Where is data being stored? What data—is it PII, credit card data, health records? The security department needs to understand the IT landscape so as to understand the security and risk posture," Bill Evans, senior director of identity and access management for Dell Security, told eWEEK. "Once this is known, the best the security department can do is prioritize and attack. No security department will ever eliminate all risk from the enterprise."
The goal, he said, should be to prove that today there is less risk than yesterday and have a plan to achieve even less risk tomorrow.
Only 18 percent of respondents said security has been involved in all mobile, IoT, cloud and self-service initiatives, and 76 percent of respondents believed security is brought in too late to digital transformation initiatives.
"We believe that security will remain in its current form, but the action will change dramatically. Security needs to reach out to its business partners and find out what they planning before the business goes and does it," Evans said. "Then they need to work with, not against, the business to meet those needs.
“Imagine a situation where the marketing department goes out and subscribes to a SaaS solution. After a few weeks, some marketer forgets his or her password and calls the help desk,” he continued. “The help desk didn't even know the company has the application. They call security and before you know it, they find out that customer credit card data was being stored there, which is a compliance violation."
He noted one of the most concerning stats in the survey is the number of respondents who agree that security could and should be involved earlier in the digital transformation, but don't bother to get them involved.