track-2307_kukreja.potx
TRANSCRIPT
![Page 1: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/1.jpg)
SESSION ID:
#RSAC
Puneet Kukreja
Thinking Digital Enablement, Think Protection, Think Process Re-engineering
2307
Partner, Cyber Risk AdvisoryDeloitte Australia@iPuneetKukreja
![Page 2: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/2.jpg)
#RSAC
2
What is Digital?
![Page 3: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/3.jpg)
#RSAC
3
What is Digital – your key questions
Question 1• How is digital (disruption) and/or change affecting our organisation?
Question 2• How well are we responding to minimise the threats and maximise the
opportunities presented by this change?
![Page 4: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/4.jpg)
#RSAC
4
But what is Digital?
Technology Innovation
Advanced Computing
Cloud Computing
Data Analytics
Speed of Connectivity
Mobile Computing
Increased Automation
Big Data
![Page 5: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/5.jpg)
#RSAC
5
Why I ask what is “Digital”
…because over the past 40 years, many new technologies have been introduced which have caused
disruption and met a definition of digital.
![Page 6: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/6.jpg)
#RSAC
6
Computers in the 1970’s
in the 1970’s
Image Source: http://thecomputersgalaxy.blogspot.com.au/ Image Source: https://zeth.net/images/blog/Digital.PDP-11.1970.102646128.jpghttps://s-media-cache-ak0.pinimg.com/736x/50/f5/39/50f539ba7df30f986562d81d1a0e38fb.jpg
![Page 7: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/7.jpg)
#RSAC
7
Mobile phones and televisions
Analog to digital
Image Source: http://thecomputersgalaxy.blogspot.com.au/ Image Source: http://demo.idg.com.au/pcw/inlineimages/digital_tv_switchover_2013.jpg
![Page 8: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/8.jpg)
#RSAC
8
Why I ask what is ‘digital’
neither technology today requires the ‘digital’ prefix.
![Page 9: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/9.jpg)
#RSAC
9
So what is Digital?
Author Ronald Tocci in his book Digital Systems: Principles and Applications defined it as below.
“digital system is a data technology that uses discrete
(discontinuous) values”
![Page 10: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/10.jpg)
#RSAC
10
What is all the fuss about?
It is about creating a distinctive customer experience
staying ahead of the competition by increasing efficiency
finding new routes to market.
discrete datasets
bringing discrete datasets together to create actionable insights
maximising investment in systems and processes
above all protect the organisation, keep it secure
![Page 11: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/11.jpg)
#RSAC
11
Digital enablement
creating a distinctive customer experience
staying ahead of the competition by increasing efficiency
finding new routes to market
discrete datasets
bringing discrete datasets together to create actionable insights
maximising investment in systems and processes
protect the organisation, keep it secure
Technology Innovation
Advanced Computing
Cloud Computing
Data Analytics
Speed of Connectivity
Mobile Computing
Increased Automation
Big Data
![Page 12: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/12.jpg)
#RSAC
12
– your key questions
Question 1• How is digital (disruption) and/or change affecting our organisation?
Question 2• How well are we responding to minimise the threats and maximise the
opportunities presented by this change?Big Data Projects
Cloud Projects
Social Media
Enabling Mobile Channel
CustEx CX
UserExpUX
![Page 13: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/13.jpg)
#RSAC
So what do we do about it?
![Page 14: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/14.jpg)
#RSAC
Focus on your crown jewels
14
Services Data Assets
Others Others Others OthersCloud Supply Chain Third Parties CyberSupported by Multiple Enablers
Governance and Metrics as the Foundation
![Page 15: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/15.jpg)
#RSAC
Digital transformation approach
![Page 16: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/16.jpg)
#RSAC
Digital transformation approach
16
Tactical Agility Strategic Enablement
![Page 17: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/17.jpg)
#RSAC
17
Tactical Agility
What was achieved
Rapid deployment of mobile customer engagement applications
Creation of Omni channels for enhanced selling
Analytics based customer segmentation
Moved towards data-driven decision making
Business lead deployment of cloud capability
Where pain was felt
Rise of shadow IT weakened their backend technology processes
Lack of security controls for customer data
Sub optimisation of security architecture
Limited understanding of deployed cloud capability
and then…
![Page 18: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/18.jpg)
#RSAC
18
HACKED
…stuff was lost…
![Page 19: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/19.jpg)
#RSAC
19
Strategic Enablement
What was achievedCloud first strategy was adopted
Streamlined processes enabled service standardisation
Supplier assurance was revamped with significant focus on data security and cloud controls
Operational maturity was the cornerstone of Digital using ITIL as a foundation capability
Operational transparency assisted with the enablement of shared digital services
Cross-channel integration was achieved as business and IT were integrated with IT as a service broker
Data security was introduced as a non-negotiable
Digital and cyber were elevated to the board for discussion as an enabling capability
![Page 20: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/20.jpg)
#RSAC
20
Strategic Enablement
Where the pain was feltBusiness understanding that without cyber maturity Digital enablement was at risk
Business case and funding for process maturity based on previous experiences
Realisation that Digital is a business transformation initiative
Understanding of the limitations of what data analytics can actually deliver for the business
Justification for increase in spend supporting cyber security capability
Shift within the IT function from an architect and operate mindset to a service broker and integrator
Support functions awareness and uplift to think about customer data security and privacy
and after all that…
![Page 21: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/21.jpg)
#RSAC
21
ATTA
CKED
...DDoS controls…X 3
…no stuff was lost…
Incident Response Processes
Third Party Agreements
Secure Cloud Hosting
Data Governance Controls
![Page 22: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/22.jpg)
#RSAC
Bringing it together – how do I apply this?
![Page 23: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/23.jpg)
#RSAC
23
– your key questions revisited
Question 1• How is digital (disruption) and/or change affecting our organisation?
Question 2• How well are we responding to minimise the threats and maximise the
opportunities presented by this change?
NO SILVER BULLET
![Page 24: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/24.jpg)
#RSAC
24
What can I apply tomorrow
Integrate cyber & digital
Spend on process maturity
Strengthen governance and reporting
![Page 25: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/25.jpg)
#RSAC
25
Integrate Cyber & Digital
Identify areas where digital projects are taking place across the organisation and ensure there is an understanding of cyber security obligations
Assist business in understanding why spend on cyber security is required to increase as they embrace digital where data is key
Undertake business awareness campaigns to ensure the threat landscape and data security risks of digital enablement are understood by the business
Initiate discussions with the organisations executive leadership and board to ensure digital enablement is not happening in isolation.
![Page 26: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/26.jpg)
#RSAC
26
Spend on Process Maturity
Understand that “Cloud” is intrinsically tied to Digital
Have an appreciation of support processes that will enable the use and consumption of cloud
Identify core processes required to support cloud enablement and agile development
Set up a data security function that focuses on managing risk to data assets
![Page 27: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/27.jpg)
#RSAC
27
Spend on Process Maturity
Ensure process maturity effort is not in isolation and supports standardisation across architecture operations projects
When talking process maturity most organisations default to using ITIL in some shape or form.
at a minimum focus on the following 10 processes for digital and cloud enablement.
![Page 28: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/28.jpg)
#RSAC
28
Process Maturity
ITIL based processes for digital enablement
![Page 29: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/29.jpg)
#RSAC
29
Governance and Reporting
Security governance is key given the change in threat profile of an organisation
Implement vigilance and resilience controls given the increase in and organisations attack surface following Digital enablement
Ensure there is business awareness of the changes in risk posture across the Digital transformation landscape
Risks related to cyber attacks, confidentiality and regulatory breaches, brand exposure and data security should be reported at the board level
Use data enabled insights based reporting of your organisations security posture.
![Page 30: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/30.jpg)
#RSAC
30
Thank You
Re-engineering
![Page 31: Track-2307_KUKREJA.potx](https://reader036.vdocuments.net/reader036/viewer/2022070509/589fbc001a28abf9038b6c0f/html5/thumbnails/31.jpg)
SESSION ID:
#RSAC
Puneet Kukreja
Thinking Digital Enablement, Think Protection, Think Process Re-engineering
2307
Partner, Cyber Risk AdvisoryDeloitte Australia@iPuneetKukreja