Many organizations are now undergoing a digital transformation where managing security issues correctly is crucial for success. The foundation is built with a risk assessment approach that allows risk to be measured quantitatively.
Digitalization, or rather a digital transformation, is fully underway in both the public and private sectors. Established business models and operational models are being fundamentally changed, and information security risk exposure is changing in a similar way.
"The management of security will be crucial to a successful transformation. Security will become an enabler in succeeding with this transformation,” says Ryan Mattinson, practice leader for information security consulting at Nagarro—a global provider of high-end technology services. He says that the starting point for an effective information security program is the risk assessment. "A proper risk assessment is a decision-making tool that helps business leaders to make the right investments in security, at the right scale, and measure their effectiveness over time."
He also sees how security issues often fall between two stools. It may not be obvious who is responsible for security; the attitude can be "that's someone else's job." Simply being on schedule and within budget are common measures of project success in many traditional business models but using these measures of success alone when adopting new technologies may leave a hidden risk that would turn out to be beyond the business’s risk tolerance if it were assessed and known.
"Information security is a business function that should deliver measurable results, but it’s still often seen purely as a cost. We want to help our clients to change “a good security day” from a day where nothing bad happened, to a day where the information security function delivers measurable improvement, e.g., reduced uncertainty regarding the future outcomes of digitalization initiatives, reduced risk, or increased probability of achieving other important business goals."
Nagarro also offers a broad range of operational and technical security services that complement strategic consulting services. A specific assignment might be to carry out penetration testing to identify technical vulnerabilities of a client’s new app and backend APIs before they go into production. Nagarro testers work closely with their clients’ developers so they can begin fixing critical issues immediately, even before the testing is complete, to avoid impacting tight release deadlines.
Ryan feels that while information security issues are often still viewed as purely technical problems, they are getting increasing attention in the boardroom. “That’s a positive development. It means more organizations are shifting their approach to information security risk management to support the success of their digitalization strategies. We now have opportunities to work with our clients to not only help them address specific technical vulnerabilities that appear in a given app today but also to work with them on the information security risks and opportunities that will impact their business in the years ahead."
In today's threat landscape, all organizations will experience information security incidents from time to time. Risk assessment can help organizations prioritize the easiest, most cost-effective short-term improvements, while also providing invaluable input to budgeting and investments in developing adaptive security capabilities—that means not only prevention but also detection and response capabilities.
“From an information security risk perspective, the Nordic region is particularly interesting. Both the private and public sectors are known for often being eager, early adopters of new technology," says Ryan. "There is a great deal of optimism in the Nordic countries when it comes to new technology and what we can achieve, but there is also a lack of awareness and management of the potential downside—the risk associated with these technologies. Our role is really to work with our clients to manage risk in a way that optimizes the value that new and existing technology brings to their business."
Nagarro drives technology-led business breakthroughs for industry leaders and challengers. When our clients want to move fast and make things, they turn to us. Today, we have 5,000 experts in 20 countries. Together we form Nagarro, the global services division of Munich-based Allgeier SE.