November 11, 2019 By Jasmine Henry 4 min read

Digital transformation isn’t just a matter of luck, perseverance or foresight. Research shows there are many differences between best-of-class enterprises, who are creating revolutionary new operating models, and their peers, who are falling behind.

The challenge for enterprises is balancing speed with security and knowing how to roll out innovation in a way that creates advantages. Innovation leaders deploy more technologies, but their secret isn’t just speed — they’re also more likely to adopt certain strategies around design. Those leaders tend to consider data protection earlier in the process and tackle risks differently than their competitors.

While it’s impossible to crack the precise strategic and cultural codes of the leading transformers, research can help us piece together many of their secrets.

10 Best Practices for Secure Innovation and Digital Transformation

1. Evaluate Tools

Digital transformation leaders deploy a broader range of technologies at a faster rate, according to a McKinsey study. These initiatives aren’t always ground-breaking innovations. Across the board, the majority of transformation initiatives incorporate low-risk, web-based technologies. However, leaders are more likely than their competitors to put emerging tech into production, such as artificial intelligence (AI), the internet of things (IoT) and sophisticated machine learning.

Volume isn’t the whole story though. If your organization has fallen behind the innovation curve, you can’t catch up by simply doubling-down on speed. You will likely have to develop your culture and security too. In the minds of the leading transformers, high-volume innovation is matched with smart strategy and effective change management techniques.

2. Focus on Outcomes

Deploying an emerging technology like blockchain without a clear use case isn’t going to propel you to the top of your industry. Instead, leading organizations focus on achieving outcomes and strategic goals, such as “speed to market” or “operational efficiency.”

“There is no single technology that will deliver ‘speed’ or ‘innovation’ as such,” according to the Harvard Business Review (HBR). “The best combination of tools for a given organization will vary from one vision to another.”

3. Incremental Testing

Best-of-class enterprises deploy transformation using an incremental model, according to Gartner. A “disaggregated” approach to transformation means breaking a big initiative into small, discrete pieces. Leaders perform sequenced market tests based on perceived risk. An incremental approach to testing enables enterprises to learn more from initiatives earlier and fail quickly without increasing risk, if that becomes an inevitable outcome.

4. Alignment

It’s probably riskier than you think to take a secretive approach to innovation that involves incubating projects in a lab. Internal alignment is a huge success factor. Your innovation lab needs to align with strategy, users and operations to achieve great results.

Seventy-five percent of digital transformation projects aren’t aligned internally, according to Gartner. The consequences of misalignment may include:

  • Product launch delays;
  • Mediocre experiences; and
  • Increased security risk.

Internal innovators and external transformation consultants need to be effective listeners and cross-functional collaborators. The people closest to the work or product can be invaluable sources of feedback on new ideas.

“Often new technologies can fail to improve organizational productivity not because of fundamental flaws in the technology but because intimate insider knowledge has been overlooked,” noted HBR.

5. Simpler Security

Just 11 percent of organizations have reduced security complexity, a recent Forrester study noted. When organizations achieve a simpler security ecosystem, they’re 54 percent more likely to believe their cybersecurity strategy supports digital transformation.

Some key strategies for simplifying secure transformation (per Forrester) include:

  • Adopting security by design;
  • Consolidating security vendors and solutions;
  • Increasing analytics and reporting;
  • Tackling shadow IT; and
  • Balancing security and usability.

6. Secure Innovation

Secure transformation matters. Studies show that innovation without security can lead to increased risk. Companies that transform without security controls are more likely to experience data loss, which can damage future innovation efforts.

Despite clear evidence that secure transformation is critical, the majority of companies are still charging ahead without adequate controls. Ninety-seven percent of enterprises are using sensitive data on new transformation technologies, according to IDC. However, just 30 percent are using tools like encryption to secure sensitive data. Effective leaders balance risk with innovation.

7. Security by Design

The General Data Protection Regulation (GDPR) urges companies toward secure innovation by emphasizing the importance of “security by design and default.” Studies show that the majority of companies haven’t made the shift toward secure design and SecDevOps, however.

According to TechRadar, only one-third (34 percent) of organizations consider cybersecurity during development. Fifty-five percent don’t consider security until pre-implementation or implementation, and, most shockingly, 9 percent don’t create security controls or analyze risk until post-implementation.

8. Self-Service Deployments

The secrets of digital transformation leaders are often surprisingly simple. Research reveals that the best transformation tactics focus on creating compelling user stories, such as generating more convenience and ease-of-use for the workforce.

Innovators are deploying digital self-service tools more often than their lagging peers. McKinsey found that digital self-service deployments are correlated with a success rate that’s nearly 200 percent higher.

Digital self-service tools for employees and customers aren’t necessarily groundbreaking. Instead, these solutions matter because of how they affect the end user. The most effective initiatives empower workers to become more self-sufficient and collaborative.

9. Modified Standard Operating Procedures

Adoption is a key success factor for any technology initiative. If your innovation is ignored, you will be less likely to experience positive returns on investments in the form of higher profits, greater efficiency or better communication.

The most revolutionary companies are taking a people-first approach to deploying new tech. This involves inspiring change in how people work. Leaders are 1.8 times more likely than their competitors to modify standard operating procedures (SOPs) to include new technologies and digital initiatives, according to the McKinsey report.

In nearly as many cases, best-of-class enterprises evaluate employee adoption after deploying innovative solutions. The most effective enterprises are 1.7 times more likely to measure changes in employee digital behaviors during formal employee performance reviews.

10. Don’t Get Comfortable

Late adopters aren’t doomed — even best-of-class organizations have no illusions about winning the race. Forbes reported that 87 percent of organizations believe late starters still have a chance to beat out the competition with successful initiatives.

Fortunately, there’s also no sign that slow adopters must anticipate a lengthy wait to pay for new technology, either. As Forbes noted, the majority of organizations (54 percent) say they waited just one to three years for a positive ROI from transformation initiatives, and only one percent waited longer than three years.

Creating a Successful, Secure Digital Transformation Strategy

Studies about the most innovative organizations tell a clear story about what it takes to innovate successfully. Leading transformers listen to employees and customers as they look to create compelling use cases. They adopt security by design and incremental testing practices to deploy more quickly and drive cultural change once innovations are live.

Regardless of where your organization currently falls on the innovation curve, you’re not destined to fall behind. You can catch up by changing your organization’s mindset. Winning the race to create the next best digital business models requires a strategy that balances people, processes, technology and security.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today