������Ƶ

The digital transformation is a top priority for companies seeking to stay competitive by making the best possible use of the wide-ranging digital resources available today. But how to add real operational value while controlling costs and managing the cyber risks inherent in a hyperconnected world? What are the ingredients of success? This was the theme of the think tank led by Thales at the recent in Paris.

Chaired by Laurent Kettela, head of cybersecurity and transformation at Thales, the debate brought together the CISOs (chief information security officers) and CTOs (chief technical officers) of major manufacturers, banks, pharmaceutical and other companies. The objective was to set out the key challenges and identify the winning best practices for a successful digital transformation, based on practical experience and feedback.

Challenge #1: Make the company more agile and efficient by adding value for its various functions and departments, while managing costs, through new digitisation solutions and, implicitly, changing the way it produces and delivers IT services. The fourth industrial revolution has begun. We’re entering a new era, characterised by the ‘uberisation’ of industries and corporate functions.

Challenge #2: At the same time, companies must address the explosion in cyber-related threats by investing more in cyberdefence. This is a complex but vital issue for ensuring their long-term future, which was addressed from the three key perspectives of governance and organisation, technologies and communications.
 

Objectives shared at all levels of the organisation

While the particular issues vary from one company or sector to another, the overall trend is the same everywhere: organisations are increasingly complex and constantly evolving. It’s vital to find the right balance between the benefits of all-digital for company operations and the associated security risks and costs.

The approach must be pragmatic and suited to the context and maturity of each company. It’s also important that objectives are shared at the highest level by the executive committee and that they translate into a strategy. Application of this strategy by the IT and security teams should result in collaboration between purchasing, production, finance, marketing and the other corporate functions, irrespective of whether the organisation is a matrix structure or hierarchical. The digital transformation encompasses all parts of the company and calls for partnership with the teams concerned in a lean approach.
 

Technologies: a pragmatic and iterative approach

How can companies understand and make the most of all the technologies available, which are constantly evolving, have varying levels of maturity and can be complex to implement? Here again, the approach should be pragmatic and based, for example, on one of the new implementation methods, such as Agile or DevOps. These methods emphasise iterative development to achieve a final product that’s mature and meets user needs and expectations as closely as possible.

DevOps for fluid collaboration between development and operations

In a DevOps approach, the development (Dev) and operations (Ops) teams are organised around the same systems and work closely together. It aims to heal the antagonism between the objectives of the operations teams, focused on system stability, often irrespective of time and cost constraints, and the development teams, whose primary objective is to make the necessary changes as quickly and cost-efficiently as possible, often to the detriment of quality, especially when delays start to impact project schedules.

The DevOps method advocates:

• Regular rollout of applications
• Tests performed as early as possible and in an environment similar to production
• Continuous integration, including continuous tests
• A short improvement cycle, with rapid feedback from users
• Close monitoring of operations and production quality, using metrics and KPIs

 [[asset:image:156726 {"mode":"original","align":"","field_admin_bool_link_target":[0],"field_admin_bool_image_filter":[0]}]]

Faced with the vast array of SMAC (social, mobile, analytics and cloud) technologies and development principles available, choices should be based on consultation between operational departments, IT and security, taking account of the skills available in the company, the maturity of the technologies involved and how well they match the strategic objectives of buy or develop, identify risks, test continuously, etc.
 

Tailor communications and reporting to expectations

There’s no standard type of reporting. It should be tailored to the needs of the requesting parties and the project sponsors and stakeholders. A production manager, focused on production rates, will emphasise system availability / downtime (technical or security factors). A CEO will need an overview (few indicators, but the major trends, comparative benchmarks, etc.). A government, keen to protect the country’s assets, will need to ensure its critical infrastructure providers are duly complying with security regulations. And the end customer will want to be sure that its private data is duly protected, etc.
 

Conclusion

There’s no one-size-fits-all recipe for a competitive, agile, dependable and secure information system. Rather, it’s about a set of ingredients that together contribute to success: collaborative teamwork and shared objectives, pragmatic choices of technologies and methods, plus communication and reporting tailored to the people most likely to help maximise the value of the company’s products.