In Europe, as in France, we are actively transforming our businesses to support a global digital economy. However, while the US digital transformation began in 2001, in France we just started few years ago. We’ve got a lot of catching up to do. In fact, we have just a few years to do what the US has done in over 15 years.
So, we find ourselves running very fast to become a digital and more open economy. However, because of the compressed timelines, the digital transformation in France is not the same as other, more traditional IT projects, where you can spread the investment between 10 years. We don’t have that kind of time here.
We are under pressure to build out a new infrastructure and transform our traditional businesses to digital businesses as soon as possible. And that doesn’t leave a lot of time to learn lessons along the way. In fact, the very nature of the digital world that we are moving to is one that we’re not entirely familiar with.
What we do know is that cloud migration, virtualization and evolving IT processes will accelerate the move. Our current security strategy revolves mainly around protecting the data center. But as data centers are transforming into cloud or hybrid environments, we are now putting more and more machines and applications into the cloud. Most European organizations look to the cloud to reduce their burden and help to accelerate the transformation. However, while they embrace the advantages of the cloud, they ignore or underestimate the risks, especially the cyber risks.
Unlike the US, businesses in Europe may be less safe, less secure and more exposed as a result of the digital transformation. We are simply not building out security fast enough, nor are we addressing it in a global fashion. Why does this happen? I think it’s because of the accelerated speed of our digital transformation.
In the US, businesses have changed and learned over 10 years, and they now well understand the dangers of the digital world—just as they have well understood the opportunities. So businesses in the US are able to drive their IT divisions to better secure their business as a result. Because of this maturity, security awareness has crossed the line into a company-wide topic in the US, not just something that is handled only by IT.
In Europe, businesses don’t place as much importance on IT security strategy and don’t roadmap across the organization. Consequently, business groups do not share IT’s concerns and fears and may not be able to correctly assess their cyber risks. Of course, they are still making security investments. But it may not really help to accelerate investment in security without the proper commitment and understanding from across the business.
So I think there are certain risks that European businesses will need to overcome. One risk is that organizations may not be able to transform fast enough. As their business continues to grow, there will constantly be new parameters that must be addressed throughout the transformation. Another risk is that organizations will be so focused on getting the infrastructure right that they will be tempted to put security a bit lower on the priority list. If that happens, security will continuously lag behind the pace of the digital transformation.
The bottom line is that it will be difficult for French and other European organizations to know what they don’t know about digital transformation. It’s new territory. And they may have difficulty measuring the risks in the midst of the transformation. So they may run the risk of elevating their cyber exposure. And it will be difficult for them to assess risks that they have not encountered before.
I’m not saying they are doing nothing to assess and prevent cyber risks. I’m just saying that they do it partially. Digital transformation impacts business processes, humans and machines. And cyber risks impact the same groups. But the vast majority of companies still focus mainly on protecting user identities, not on the identities of the machines that are fueling the transformation.
Why are machines viewed as less important than users? I don’t know. Perhaps it’s because machines don’t seem as real and active as users. Unfortunately, hackers know that we are not adequately protecting machine identities. So machine identities represent a perfect target for them to attack.
I think it’s time to stop doing half the job of protecting our machine identities. Our digital transformation is progressing so quickly that we may not have time to stop and backfill security. We must extend protection to the identities of all machines that we rely on. We can’t just blast boldly ahead and hope that our machines will somehow defend themselves.
Eurpean organization are moving to the digital world at a very high speed, and to forget to secure the resulting explosion of machine identities is tantamount to suicide.
How secure is your organization’s digital transformation?