Digital Resilience: Leading Business Transformation

INTRODUCTION

The COVID-19 pandemic is a paradigm shifting event, a crisis of health and a business revelation. The ongoing pandemic has not so much altered businesses environments as it has uprooted them. The pertinent question for digital leaders in the face of such unprecedented change is not how we restore our pre-pandemic work environment, but how we improve it.

This question is, at its core, one of design; we must identify which business structures are weight-bearing and must be reinforced, which systems can be reengineered, and those processes that can be abandoned. This sweeping recalibration will distinguish the resilient from the vulnerable, the flexible from the rigid, and our future leaders from followers.

NextDC and Connect Media recently invited CIOs from all sectors of the national economy to interface digitally and discuss this reinvention of the workplace. From compressing transformation timelines to advancing communication and security infrastructure, we unpacked the decisions digital leaders are making to lead business transformation and secure advantage amidst uncertainty.

INFORMED INSTINCT: OUR HEIGHTENED CAPACITY FOR CHANGE

The sheer pace of the pandemic forced nations and businesses to respond with reciprocal intensity. From international border closures to remote work transitions that, from an aerial perspective, more closely resembled office evacuations, governments and businesses made decisions of severe consequence at unprecedented pace.

These were not acts of transformative ambition, but acts of survival: processes, layers and timelines were reduced by the logic of necessity. The pandemic cut through cultural aversion to transformation on a revolutionary scale and reaffirmed our will to change. And change we did.

The rapid uptake of remote work practices is a shining example of the capacity for business leaders to communicate and act resolutely. But now, the context that enabled this bold decision-making is changing. While the pandemic continues to define our social and business environment, we are adjusting to its presence. Flexibility may well be the new normal, but normality exists to stifle urgency.

In a mass transition instigated by deep crisis, it is vital that momentum for profound organisational change is preserved and we do not revert to pre-pandemic levels of complacency. Business leaders must inject their organisations with a different sense of urgency.

The challenge for business leaders is to dissect the consequences of our instinctive leap to remote work practices, protecting and amplifying new sources of value while mitigating new structural and personal vulnerabilities.

WORLDS COLLIDE: ALIGNING PERSONAL AND PROFESSIONAL PRIORITIES

Businesses are learning to communicate in an operating environment defined by distance. We are all learning how to live in isolation, or at least, how to interact in a world where the human touch has been muted. Whether as a commercial necessity, or an act of collective empathy, businesses have amplified the importance of employee wellbeing.

Communication strategies and the channels our voices and faces travel on have developed to facilitate closer, more authentic connections. Executive leadership have become more visible and accessible, inspiring confidence, reigniting motivations, and connecting separated employees to a shared ambition. As a broader consequence, the spaces separating professional and personal life are shrinking, a collapsing of realms that is at once both an affront to privacy as well as an opportunity to amplify real identities and expressions in the workplace.

Increasingly, employees are being empowered with the tools and trusted with the autonomy to deliver business outcomes – outputs, not inputs, are being assigned value. These are paradigmatic shifts that signifying that technology itself is not the answer – it is the enabler, granting employees the options to be flexible, resilient, and empowered.

RISK REIMAGINED: ADVANCING SECURITY FRAMEWORKS

As the context for work evolves, the parameters for secure work have fundamentally shifted to create new vulnerabilities. We are witnessing a fundamental, digital expansion beyond fixed perimeter defences – an expansion that is particularly fraught because of the very pace at which it is unfurling.

Rapid change breeds exceptional risk, and as a company’s digital footprint expands to lay tracks in new territory, the unmapped attack surface available to cyber actors grows in unison.

Attack vectors are being remapped to directly target home environments, and there is a distinct danger that employees are becoming apathetic towards, or at the least unsure of, expectations around data handling and remote information exchange in this new context. Businesses cannot afford to remain vulnerable to dangers borne from the pressures of expediency.

Responding to these risks requires a whole of organisation approach; a cyber-security lens must be applied to every aspect of the enterprise; risk assessments must be embedded in all cadences of activity; and a deep interrogation of existing infrastructure must take place.

BUILDING NETWORKS TO FORGE A NATION

The rapid transition to distributed workforces has reignited debate on the core capabilities and limitations of the nation’s infrastructure. The Coalition Government has announced a further $4.5 billion investment in the nation’s broadband infrastructure.

It is hard to deny that the NBN has performed admirably during the lockdown. And while using the pandemic as a retrospective justification for the decision to expediate the rollout of the NBN is rhetoric befitting scrutiny, it is clear that improving our nation’s infrastructure will further empower businesses to operate remotely and improve our digital competitiveness as a nation.

The impacts of the pandemic on our environment are not transient – already our CBDs have been challenged by a growing movement towards decentralisation. Australia’s vast ecosystem of corporate and market partners must continuously ask how they can both leverage and advance the fundamental architecture underpinning the way we work.

CONCLUSION

The pandemic has forced us to remould social and professional patterns. While change has been mandated by forces larger than any single corporation, it is our individual, digital leaders who remain largely accountable for the experience and precise direction of that change.

Enabling remote workforces, not only on a digital and structural level, but on a human level, is a severe but surmountable challenge that can only be accomplished by dual-wielding technical knowledge and emotional intelligence.

Our digital leaders must work to actively resolve security vulnerabilities, adopting a framework that is directly suited to remote work. They must ensure that digital infrastructure is scalable, flexible, and highly responsive, enabling the business to operate with confidence and lead through a climate defined by uncertainty. And they must communicate tirelessly and openly throughout this entire transformative process.

Only with continuous dialogue, collaboration, and the support of trusted partners will businesses be able to lead through this crisis.

UNBOXED THINKING

Achieving the twin goals of digital convenience and security is a dynamic undertaking in today’s hypercompetitive, digitally entangled environment. Technology is advancing at an unprecedented pace, and businesses must reckon with this exponential rate of discovery to satiate the immense appetite consumers have for mobile, seamless interactions.

A once unfathomable number of devices are now destined to be connected under the Internet of Things, creating new opportunities for organisations to build creative, engaging, personal experiences. But each one of these consumer touchpoints is a source of vulnerability, and cyber-criminals have displayed their ability to evolve and mutate their attack patterns with pace and ferocity.

Ultimately, to deliver efficient, intuitive services in this frenetic technology landscape, organisations must intimately understand their consumers and strike an appropriate balance between immersive user interfaces and security. GBG gathered leading security, fraud and digital experts from all corners of the national economy to explore how the country’s leading organisations are walking this line on the way to securing competitive advantage.

FLEXIBLE BUT NOT VULNERABLE: SUPPORTING REMOTE WORKFORCES

INTRODUCTION

Businesses are beginning to accept that our current operating environment, defined by distance, is not a fleeting affair. The seemingly immutable practices that defined the way businesses interacted with each other and their employees have been upheaved on a global scale, creating new behavioral and structural precedents such as recruitment beyond proximity that bear ongoing commercial significance.

The reflexive, near-instinctive steps that businesses took to enable remote workplaces following the onset of the COVID-19 pandemic are falling under heavy scrutiny as the longevity of these practices and the value they yield becomes apparent.

Enterprises reflecting on the lasting business case for remote work are confronting the redundancy of legacy perimeter defence methods as the parameters for effective cyber-security recentre around identity. Security threats are compounded by behavioural and processes challenges that stand in the way of employees reaching their full potential under a mandatory remote work regime.

In response to these challenges, OKTA recently arranged for leading digital professionals from all sectors of the national economy to virtually interface on the current state of work. Their conversation illuminated shared challenges around securing remote workplaces and revealed strategies for empowering a truly flexible workforce. This is what they had to say.


SECURITY CHALLENGES: IDENTITY AND ZERO TRUST

The context for work has evolved as companies become physically dislocated from their employees. The firm’s digital footprint has ventured outside familiar perimeters to lay tracks in new territory, and security vulnerabilities are the corollary for this mobility.

The parameters for secure work are fundamentally shifting: attack vectors are being remapped to directly target home environments; employees risk becoming apathetic towards, or at the least unsure of, expectations around data handling and remote information exchange; and the danger of disenfranchised individuals becoming antagonists of security breaches is amplified by reduced visibility across remote work locations.

The sheer scale and speed at which businesses adopted blanket remote work policies, while necessary, has amplified these threats considerably. To operate with confidence in this new commercial landscape, businesses must ensure that information is being viewed by relevant parties in unquantifiable locations and across unseen devices. This is an imposing but surmountable challenge, provided businesses can recognise the vital role identity plays in ensuring that workforces do not introduce vulnerability to the workplace.

Identity empowers businesses to abandon perimeter defense methods in favour of zero trust principles. By bringing the strongest representation of security to the user, wherever they may be, businesses can allow the right people with the right access to the right resources in the right context. The effectiveness of identity as the foundation for an enforceable security policy hinges on the fact that cyber-security antagonists only succeed when they compromise identities – every attack is levelled through some form of compromised identity.

Businesses will only succeed as defenders and build their security posture in meaningful ways when they drive past passwords to secure identities. Identity is the child of context – by continually assessing location and actively managing devices, businesses can generate a unique profile of characteristic behavior. These profiles can then be leveraged to make immediate and informed decisions around when and how certain applications are being accessed.


BUSINESS CHALLENGES: A BROADER PERSPECTIVE ON FLEXIBILITY

Flexibility has been subject to many varying corporate interpretations. In too many business cases, flexibility has become synonymous with remote work policies that enable employees to engage with the company on personalised terms. While this definition carried some weight prepandemic, it is of little differential utility now that entire industries have been forced to abandon their offices and routines. Instead, it may be helpful for businesses to think of flexibility as the practice of empowering people to realise the full value of their skills.

It is important to recognise that remote work on the scale we are currently witnessing poses several behavioural and processes challenges that can inhibit employees from realising their full potential in line with this broader painting of flexibility. Businesses that apply a service design lens to their actions to counter these challenges will be in a stronger position to compete when our operating environment corrects, and employee choice once again becomes a factor in remote work practices.

Beyond software requirements and hardware limitations, one of the most immediate challenges tied to remote work has also proved to be the most obstinate: being remote first makes it incredibly difficult to be present. Physical separation always threatens to fester into isolation, not only from colleagues and friends but from the company’s mission that serves to connect, inspire, and motivate action.

When combined with any number of external market pressures threatening job security, it becomes very difficult for employees to sustain performance let alone generate momentum for new initiatives under the spectre of disconnection. This mindset affecting relatability is not sustainable from an individual or business perspective, and stems from the fact that the rituals of a physical workspace do not naturally translate to virtual environments.

Constant, two-way dialogue an interactive experiences have emerged as favourable remedies for stagnation from separation, with many businesses reporting a spike in virtual team events that serve to channel information up and down the corporate hierarchy. When well executed, digital engagements are an effective vehicle for both incentivising action back to core values as well as aligning employees behind a shared mission. Constant dialogue is not without its own dangers, including the erosion of the line between professional and private life.

For some businesses, the fact that the boundary between work life and private life is collapsing is being celebrated an opportunity for greater authenticity, connection, and representation, particularly as employee generated video content gathers momentum as an effective vehicle for both communication and development. It is thereforecritical that leaders reassess the communication strategies and business processes that surround remote work to better support, connect, and enable employees.


CONCLUSION

The swift transition to remote work practices has had a sweeping impact on the security posture of Australian businesses. The inefficacy of legacy perimeter defense methods is being cast into stark relief as businesses move to enable a set of technologies built on identity that aspire to a flexible workforce. But the challenges of supporting a remote workforce extend beyond security.

To empower a truly flexible workforce, businesses have had to reengineer processes and adopt new modes of communication to connect and inspire otherwise disparate employees. It is fair to say that our current businesses climate is defined by a crisis of identity, in terms of both security and wellbeing. The ability of businesses to defend the identity of their employees in this wholistic sense will prove consequential for success in the uncertain times that lie ahead.

Email [email protected] to schedule a meeting and learn more about Okta.

BUILDING YOUR THREAT INTELLIGENCE

AKAMAI and CONNECT MEDIA recently hosted 10 of Australia’s premier hi-tech leaders for an executive conversation on mitigating the latest cyber-attack threats.

With new attack vendors being discovered almost daily, AKAMAI’sEnterprise Security Architect provided a first-hand account of the emergence of a new security paradigm. Next followed a robust discussion on how to effectively militate against dynamic and mutating attack patterns.

As one of the world’s largest procurers of bandwidth, AKAMAI delivers a formidable portion of the internet. With a hundred and twenty terabytes per second of traffic – and visibility over 15 to 30 percent of global web traffic – AKAMAI absorbs billions of attacks a day.

This data is manipulated by a team of data scientists to create actionable threat intelligence that is then embedded in their security portfolio. Conversation around the table was anchored in this veritable intelligence.

PRACTICAL APPROACHES TO HOSPITAL CYBER SECURITY

INTRODUCTION

Technological decisions within the Healthcare sector have long been guided by risk aversion principles. Digital transformation was perceived as an unnecessary risk to established methods of care provision. But now, as legacy systems slow down organisations and pose increasing risks to cyber security, hospitals can no longer be complacent. In the pursuit of improved patient outcomes and mitigation of an increased volume and sophistication of cyber-attacks, leaders are confronting the technological debt and are moving away from the infrastructure dependencies weighing down the sector.

Hospitals are now making bold strides towards interoperability, turning to cloud technology to create hybrid-environments that enhance business performance as well as the patient journey. But as the operating and technological environment shifts, so too does the attack surface. Given both the value and sensitivity of the patient information that hospitals hold, as well as the essential nature of the services they render daily, security risks must be met proactively.

To help address this issue, Akamai hosted healthcare executives from across the public private divide for a candid, virtual conversation on the practical steps hospitals can take to advance their security posture. Their conversation unearthed several shared challenges, as well as aligned opportunities. This is what they had to say.

 

THE OPPORTUNITY

Cloud technology is providing hospitals with greater flexibility, scalability, and efficiency than existing on-premise infrastructure. Legacy IT systems were implemented at a time when hospitals were only required to support patients whilst they were physically within the hospital. These days, patient data is no longer stored in a file on the premises but held across multiple practitioners’ systems, across multiple organisations and even by the patient themselves with the rise of wearable devices such as smart watches that collect a patient’s health data.

Patients also expect far greater service both prior to an admission and for after-care, so the patient journey is no longer confined to within the walls of the hospital itself. To meet this challenge, hybrid environments are emerging as the preferred model that deliver both a superior experience and better controls to secure patient data.

 

THE CHALLENGE

The move from legacy infrastructure to hybrid-cloud environments exposes hospitals to an array of cyber-security risks.  As hospital environments evolve and establish new connections, the attack surface available to attackers shifts.  To enable interoperability, devices and systems that sit outside of the existing network perimeter defenses must be able to talk securely with the cloud. Each device, every link, represents a potential vulnerability that must be protected from an array of threats, from DDoS attacks and credential abuse to emerging, more sophisticated, attack vectors formulated by state actors.

 

BUSINESS IMPLICATIONS

The volume, sophistication, and successs of attacks directed at healthcare organisations is climbing steadily. The value of patient data, combined with the relative unpreparedness of the sector to protect data assets, largely accounts for this increased severity of attacks. The rapid rise of electronic medical systems and interoperability requirements has rendered previous methods of storing data behind firewalls and allowing minimal traffic from the internet to get into the network ineffective.

As a result, hospitals must now address two opposing challenges; improving their security in the face of more frequent, and sophisticated attacks, whilst simultaneously creating portals for patients and healthcare providers outside the network to securely access that same data. To overcome cultural resistance and build change momentum, security leaders must effectively articulate the specific ways that digital transformation will not only improve the delivery of patient outcomes and secure data but shift budgets from CAPEX to OPEX.

 

RECENT DEVELOPMENTS

One path for extending the patient journey is telehealth, which has the potential to fundamentally transform the healthcare landscape. Naturally, the unique characteristics of the nation’s geography hinders the provision of care in remote communities. The technological capability to bypass these limiting environmental characteristics is a crucial step towards revolutionising the way patients interact with the sector. But the potential of telemedicine services to improve patient outcomes extends beyond applications in rural locations.

Patients in all locations and at all stages on the continuum of care will benefit from the sector raising its telepresence. Historically, the unwillingness of both private health insurers and Medicare to extend coverage for telehealth has limited the market and by extension the efficacy of telemedicine services.  However, the ongoing pandemic has served as a catalyst for accelerating investment in telehealth, prompting healthcare providers and insurers alike to begin disassembling physical barriers to care delivery. It would be surprising if the sector constricted rather than accelerated its telepresence as our operating environment begins to correct.

 

CONCLUSION

A significant amount of technical debt has accrued in hospitals due to the healthcare industry’s historical reticence to embrace digital transformation. Hospitals are now accelerating projects to regain control over their networks and data. By curating hybrid environments with cloud delivered security controls, hospitals are improving patient outcomes while providing greater protections over health information.

By keeping bad actors at the edge, they can never reach and overburden the hospital’s data centre. Healthcare leaders must remain proactive and diligent as digitisation extends the patient journey beyond the physical hospital site. The security landscape will continue to evolve – new threats will emerge, and old threats will resurface – but with the help of trusted security partners and technologies, hospitals have the potential to radically improve their cyber security postures and the patient experience.