Session Information:

Achieving and Sustaining Secured Business Operations for Digital Workplace Transformation

• Security Transformation and Digital Transformation go Hand-in-Hand.
• Both are cross-functional
• Same sponsorship and accountability is required by business and IT CXOs
• Security has created a lot of fear, it should be transformed in a manageable way to get grips around it.
• Make CXOs accountable for achieving and sustaining Secured Business Operations, as part of their business goals and objectives.
• Use this as a competitive edge and not just to be compliant.

Session Transcript:

Now, I'm super excited about our next guest speaker here, talking about the less money Less is the IT transformation leader, with multiple industries experience at Cisco. Key. Is that an enterprise architect? The focus on data transformation leadership? And one foot truly focuses on outcomes.

Lish has graciously join us today to share his wisdom and expertise specifically focus on achieving and sustaining secure business operations for digital workplace transformation. Unless it's always a privilege to have you with us.

Thanks for sharing your wisdom and expertise with our global audience today, Kempe.

Hello, everyone!

So today my forecast is on achieving them, sustaining secured business operations.

Why?

We are we introduced, certainly, our digital workplace transformation, and I want to emphasize that security, even though being considered, given, and everybody's focusing, my emphasizes how security should be looked from, balance of securing the business operations.

And I've been doing this for the last, I would say, 15 plus years small.

And this forecast is something we advising others.

I would say, customers off Cisco and outside Cisco.

Really able to look at from the business operations, and not just from the technology angle. So that's what I will cover today.

And, I want to cover on the soft side of it, not on the technology side, because there is already a lot available in that area.

So, this is my agenda today, and we'll look into the details.

We know we are all gone through this journey of digital workplace transformation. It's not a new thing.

At least in my books, it's going on for ages.

And if I look into it from the last 50, 70 years, in this transformation, we started I'm not going beyond mainframes.

But if we start from mainframes onwards, we are looking into, you know, in this journey, we started with simple security in our mainframe room.

You can say, Call it with the physical locks, and then, we added additional security controls, runway introduced, internet era.

And, we added DMZ. We added firewalls and so on.

We kept moving in the technology side from mainframes to laptops to, you know, mobile devices.

But, eventually, now, we are at a stage that, we already know, zero trust motion.

And that is, looks very flashy is, you know trust.

But think of it.

We have reached a state that we have a zero trust now on.

Any kind of those assets that we want to access, And we want to build trust every moment to get any, Any new screen, anyone popping up, We need to first make sure that it is validated that we ought to guide people.

Who is trying to access that particular information, and this is turning into lifeform security to cybersecurity.

Security has become a growing industry, Hundreds, keep growing.

It is causing more risks, and creating clear.

Think about all of this, but where we have taken our sense in this journey, and the digital workplace transformation, we have moved towards full remote work. In the last B, F small. We are talking about hybrid cloud.

And still, we have no trust on anything.

So how do we change this, that's what I'm trying to emphasize today.

If you look into cybersecurity, which is that Tom, that is commonly used today, you look any profitable, not any non-profit company, CEO, CIO, Van ..., their job is at stake, and it starts from the board level.

What about others?

Do they have to play any role in security, But it's only door to CT, CEO, to CIO, to CISO.

And not only in the corporations you want in our presidential, we are facing this technology, because of the IOT, we have connected devices at home.

and that poses a lot of that is quite identity.

And we are deep adding this fear, but at the same time, we are geek improving our technologies to use them with that increased fear.

So, how do we change all that?

We want to mitigate the risks on individuals and also on others.

And I look into all this engaged in these kinds of initiatives.

My talk process is always on business operations, how do we secure them?

And if you look into any theft incidents, that became our national level or operate level issue, At the end of the day, you will find out the root cause.

While always that there was some lacunae operations and bad cost, you know, not applying, say, a badge at a time or not editing Software updates that are provided by the vendor in a timely manner, ARR.

They are lost some, you know, loosely coupled workforce, who has no export that information accidentally. So, those are all related to business operations.

And we should not be enough fear mode, we should be changing it into a confidence, at home. We take this as an advantage and make it a competitive edge.

Bye gaining no control on it and not in the field.

This leads to soft areas.

Like, how do we look into our mindset?

A lot ed teacher?

How is our approach for planning and managing the security?

So again, here, I'm covering some of the high level details.

If you look into any of these frameworks that are in use, they are highly technical focus, and they are very detail oriented, you mean?

It is, according to me, challenge to adopt this framework and to learn, because they are not pragmatic.

They have lot of details, and if you do any assessment on any company, you will be able to only focus on food of the ..., and they are also, you will find that, guidelines that, or do you want to, abuse frameworks are not properly adopted.

That is still focusing on the security from the technology standpoint.

Then, if you look into the evolution that has been occurred in the business area, I picked two of them, quality or automation or Internet or digitization.

Let's start with quality, metadata quality management, begin.

It wasn't many manufacturing facility where the quality controls were applied gradually.

When the impact of that was seen on, at a business level, it became my management practice and it became law.

Operate, quality, flex, not just at a manufacturing plant, and all that happened through IT innovations.

And gradually, IT cash started digging up, no men seek in the corporate strategy building.

What does this, a backend support organization?

Because IT innovations are helping improving business outcomes on achieving business outcomes.

And same happened in the case of automations or Internet.

Know, now we are in 93 or 4 Internet for Dotto, and it's growing.

We are completely independent.

I joke with my friends, that when you go to a new hold, what do you want us to jump on an Internet?

The first on-site immediately comes, I want it and add access.

So it has become a part of our life, and same as in digitalization, so everywhere what we are seeing, that once in any of the ADF, it has got top business focus.

It has been looked, pulled up, business management angle.

It has become of growth for business, and it has created avenues to grow a business and gain competitive edge.

So Sam needs to be done in the app security area, and when we look from digital workplace transformation, which is also key.

Going, We have two: make it part of that DNA of the business, But how do we do that?

I'm going to share some more slides. We've got to have some frameworks and the holistic viewpoint, how it should be looked into.

And that should be hopefully interesting for you too.

Think about it.

And going on.

What do I mean by business? centricity of security and risk management?

First of all, this is very simple and high level, But I wanted to start with these five piece, that, when we talk about security, we talk about all these five key elements.

And if you see from people perspective, we are talking about culture. We are talking about on TV.

And we are talking about management and operations, and these are all intertwined.

If you lose focus on one, if you don't realize what needs to be protected, you will have challenges if your profile is not valid bid.

If you do not have good control on your vulnerability, is audio or risks identification.

And how do you what policy is, what process is, what governance you have in place mitigate those?

If they are not tied to your pupil culture, if they are not tied to your prevention knowledge, you will not be able to have a balanced, secure business operations continuing.

What should be the CIC book operating model?

And, if you see, looking from the business management, risk management, compliance controls, operations, master data, audit infrastructure management perspective, the intersection of all this, that is where that secured operating model should be.

Not be just lean towards automation malnourishment all IOT site, our infrastructure site, it should be holistic.

Continuing. What do we need in this model, and how it ties with the other pieces of the business?

So, we have our business engagement model.

But, in that model, we need to focus on, why do we need to secure business operations?

And that will become possible, only if every CXO is thinking about it.

And accountability is shared about it by all the ... will not be like bullet to CEO, to CEO to CISO.

And what do we secure?

So, we need to have the business model around it. What do we secure and I'm shooting very high level frameworks over here, there are detailed frameworks.

What capabilities do we need? Like we saw in the previous slides, we need to have a ...

model, and we need to look into form on doors, domine.

Yes, to come up with this model, and.

After addressing why or what?

We need to focus on hope, and that's where we need to leverage these frameworks that are available, but we need to, again, look into holistically. Some policies, obsesses, controlled, and systems perspective.

This is just one of the illustrative view of all the operating capabilities that needs to be part of ... operating model.

And, I did cover at a high level about it, but yet, I went into, you know, from 10000 to one thousand feet long.

And, sharing all the various capability, yes?

Where do we need to focus on?

And create it as off.

This model, our platform, prosecuting the business operations.

Continuing security measurements are critical, and how do we measure security effectiveness?

The traditional way we have all scene?

Like, we have reduced these many e-mail fishings activities, or we could send some off vulnerabilities in the platform, and our meantime, producers have been improved.

Well, you have seen all those type of measurements, but are they truly related to given the positive effect to the business operations security?

Are they tied to the business operations, KPIs?

Keeping all of that in mind.

What I am trying to say over here is that, first, we need to understand, how do we measure the effectiveness of an organization.

And we need to align security effectiveness, talks back.

These are the common.

You're not measurement, Yes.

For organizational effectiveness, and part there is no liability and its relevance.

And these covers innovation to run the business, to manage the business equity.

And if I give up boss on a moment over here, if you think about security, KPIs, are there any way out there aligned to this RB, ensuring that what's our measurement on watch what roles we have in place?

Will they help us achieve these effectiveness goals?

We need to build a bridge so that security effectiveness is eventually helping achieving organization attractiveness, and as I show up the last night, so we have various capabilities in the security operating model.

So we need to look each capabilities, cost effectiveness, it costs.

Otherwise, sky is the limit when you start securing everything to anything.

But we need to be pragmatic because we need to understand the cost effectiveness perspective also.

And, again, these aren't about, you know, you can say a subcategories for cost, effectiveness, cost of performance. I'm an opportunity cost.

And what should be the total cost of ..., we need to look into that. And when they say total cost of capability.

And when I say management, it includes maintaining that capability on an ongoing basis.

And continuing, If you look into the value four, like from strategic and financial measures perspective, from operational perspective, from the capabilities and the various type of solutions and practices, It goes to a very complex slope.

And this is just one illustration that achieve value, or to sustain value.

What?

Yes, we go through, but this is showing an illustration of how they are all tied together.

Oh, they have interdependencies and how they contribute in each other's ADLs.

Can my next slide, I'm going to saw another illustration that if we focusing spot achieving this value tool, what should be our roadmap, like, if we just look into this, highlight a data. Yes?

So this is, again, an illustration.

Every company will have its own value flow, but when we look into effectiveness, we are considering securing business operations as part of it, if you look into all these key.

I think this is what I wanted to cover today.

I want to give more time for Q&A.

And this is, uh, very broad topic.

So, I'm open for any Q&A right now, and thank you for listening to all this.

Very good. You always. You're always incisive in your coverage, You get to the point, and you discuss the main areas very effectively and efficiently. And I ask the audience that continue to submit your questions here. I have a few questions for you that have popped up already.

And I'm gonna ask you to stop showing your presentation screen, so that it opens up more space for our cameras to come through, and the audience can see us now. So, terrific presentation, Alicia. Again. I'm going to start by asking you.

What do you see on specifically related to security and secure secure business operations?

well, you know, with the pandemic of course, digital transformations have accelerated, security, concerns, and opportunities have accelerated our quarterly. What do you see right now? When you see organizations that are doing it best?

What is the what is it that they are doing different from everybody else when it comes to security?

So, I think up.

Like I mentioned in the beginning of my presentation, still, I see that it is fear driven and regulatory driven.

Every company, first, trying to make sure that they are complying with all the regulations.

Regulations are not easy, First of all, to be compliant when we look globally and IOT companies now global.

So you have local regulations, you have federal regulations, you have global regulations.

Maintaining all that is moving on.

Well, otherwise, you know, it is not for sustaining any business.

There is no focus on how to make it a competitive edge, and how to convert this PR when you are complying with the regulations.

You are that's it taking care of fear that, OK, now I'm compliant.

I will get to find your knowledge. But still, you are not able to make it as a competitive edge.

It's not integrated into your product, into your culture.

So, still, there is a lot to be done in this area.

My talk process is not helping companies, because there are many consulting companies. There are many smart people helping them.

I am looking into ..., bringing it into culture, the academics, college education networks, so that they understand how Sugaring business operations is critical, And if they are transitioning into VR professional work, how they think, and how they, you know, create further self awareness, and understand the fact that their companies are explaining to them, and how they should act upon. So, that's what I see the gap.

Very, very well. Do you know, as you see, of course, you mentioned throughout your presentation, just emphasize. Now, a lot of security is driven by compact compliance, regulatory, and this fear of something going wrong or being caught somewhere.

Um, now, what do you think you're talking about the academic side of things. You can educate the new generation to learn about, you know, looking at security as an opportunity for business better business operations as opposed to a C R. Factor. Very, very useful for sure.

In the meantime, where do you think that we are falling short. I think that as business leaders we're falling short of making the business case to senior leaders and Anda. And again, people just wanna stay out of trouble as opposed to becoming proactive about security and showing how he creates value.

So, my question to you is that, if I'm discussing with senior leaders, what is the business case that I can make for them? that you think is most effective?

When, when I say I want to become more proactive about security, and that's part of our business operations, is sounds good, but, but I think most business leaders are still look at it as a cost, and not as a value add. So, how can you, how can you articulate that as a value add, so that we can communicate better with our senior leaders?

Sorry, Buddy.

Good question.

And I think if I read in-between your question, you are saying, How do we create a business case?

And, how do we show that value to our business leaders?

I'm interpreting that as a bottom-up effort.

Like I mentioned, it is a board level issue for every corporation, but from Borg, it goes to CEO to CEO to CISO, OK? Then, CISO is trying to do the same thing.

The examples that you have given, how do they create a business case, or a how do they show that business value.

And what I am emphasizing over, here it is that when it comes to see your loved one, why, it is only going to see, are you, why not to others, he exhales, because they have the same states.

And they have to get the same accountability, but think about Daddy, just like, if you are in R&D, I'll do look into research and design your products, which are secure embedded. No.

If we are in production, how do you mix your production facilities are going to be secure to not only securing the design, but your production operations.

OK, if we are in Operations, ADM, You need to make sure that you are understanding your accountability. If you lexicography UDL like have we.

Operation.

Now, base is dependent upon some type of a software solution, and top tips are the main source of bringing those security vulnerabilities.

You have to stay on top of that. How do you manage, you have a matter of, how do you attract?

So, it needs to be look top-down, then the business case is already there.

The business value will be a collective business value from different functionalities. Yes.

Then, it will become up top-down driven initiative and it will add value for the business.

It will not consider Ben as a cost.

So, that's all, I'm trying to emphasize repetitiveness, That's very good, and it's a, it's a very difficult, ...

culture break, because the CEOs of, The organizations often are not aware of this. This very good perspective, they are sharing here with us.

And that, just certain extent, they think, I'm gonna hire some IT guy, some technical guy who's gonna do this for us, right? And it becomes the business of IT, as opposed the IT of the business. And, and, and, and that's very difficult to escape that. I can, you made some very good analogy for us. Some of us have been in the industry for a few decades. I caught onto the analogy of, security systems.

Quality management, quality management, perhaps, in its very beginning, was very much driven by compliance, as you said.

And that was out.

And then over time, it became its own business, the business of quality, While, in reality, it should always be about the quality of the business.

And it's a very important shift in perspective that I think security is somewhat of a, certainly, relative to quality is a newer field, information security anyway. We are I think that we're still kind of evolving that sense. And what you're talking about here is an acceleration of that evolution.

Yeah, and if I may add to my response one more element.

When I say that academic level, it should be considered as a root cause on the root level initiatives.

I'm can be a background.

And I think it is very important part of the business schools to consider this as an academic course, ADL, Beach thought, future business leaders, because some of them will become CEOs, Some of them will become executives in the business organization.

And if they have been taught their education online, that thing, this, as part of the DNA, of making any business decision, then, it's going to be top-down K one, and the cognitive are very difficult. Sure.

That's right. If we just focus on co-operation than trying to educate, CEOs will get success, and I'm not saying we will not get success, but Australia will not become my culture.

And security needs the way it has been feeling, like I gave an example. Without internet, we cannot do you want to enter our new home?

So, without security, how will you run your residential day to day life, or, how will you, Jake, needs to become part of that.

I love that, and I'm going to say, I'm going to steal some of these concepts. I'll say this in public right now. I'm doing a keynote for a university in Delhi in India on April 15th, and there will be 300 academics and administrators there. And you have just gave me a very good insight that I should just shared directly with them about, because this is a conference, there, are having focus on IT and security. And I think what you have just encapsulated here very well is a very important part of that. I should build in my message to them. Because I very much agree with you that it requires an evolution of the business of security.

And Ensure the security of the business, And that it requires academics, plays a big part of that in educating the next generation of leaders.

Um, now, um, so, these are transformations that have been taking place right now.

They have security, typically, as a component of digital transformation. And, to your point, it's usually about, we're doing this digital transformation. Oh, and by the way, someone makes sure that this stuff is secure. So we're not going to get hacked because we're creating vulnerabilities here.

Um, what is your advice for practitioners right now, who are doing digital transformation, and they are thinking about security on their digital transformations? How do you start making that shift for them? What type of advice do you give to the practitioners who are in the field right now, for, for implementing security as part of their digital transformations? How should they shift their mindset?

So, what is happening, right now, in the industry is, in this digital transformation, they are having siloing, you shadings, they are looking in one particular, eating up, within the same company.

Other function is looking into another particular rate here, and they're not seeing that impact of Deb progression on the other.

And the root cause of that is, than that architecture that they are putting together, is not at an enterprise level.

It's that our function laurita Shinola.

Security is like a virus.

It spreads in a moment, a hot click of a button you expect.

Yeah.

Already, there are lot of thoughts and a lot of, I would say, academic or books, articles are valuable.

We should collaborate, and all that.

We're not having enterprise architecture, as up practice.

That is, industrial globalized and many companies, I would say, most companies, we will not have that as a function.

They have architecture functions, but at a solution and out of silo function now.

You will make goods through that, but you will not look into vulnerabilities that needs to be looked from enterprise integrity layer perspective.

So, you have to build those kind of functions which are looking enterprise and reach out seeing the impact of one progression on others holistically.

And then, this has a direct impact on budgeting and prioritization.

Every software goes to its own life cycle, and it add more vulnerabilities.

It provides more recommendations.

That you have to go to my new version to get this problem fixed, but there is a cost associated, and every business has mentality from the finance perspective when they are controlling the finances that this asset has 5, 5 year life cycle.

We should consume it for five years and then see whether we can extend it through external support.

But then you would lose the vulnerabilities.

Management doors are getting more introduced, because of other factors, which are making progress.

You will not be able to control it, so it will always be mandatory.

So look at holistically and through the enterprise architecture angle, and have the priority on maintaining dop life cycle as the biggest priority, and understand the risks to it.

Not just that you are looking into other business outcomes, and don't focusing, particularly as a business outcome, always, as your top priority.

Very well, and I have a final question here from the audience, and this has to do with enterprise architecture. I'm glad you mentioned that. So, as you, as you just mentioned, enterprise architecture is poorly defined. And a lot of organizations is a bit of an emerging field still, We have the entire conferences focused right now, on Enterprise Architecture, and you can just attend one of those, to see that there are five different speakers, are five different definitions of Enterprise Architecture.

So it shows that it's a field that's still forming to a certain extent, even though it has been somewhat claimed, has been around for a long time.

Having said that, um, the enterprise architects, and they're still who are attending this conference, and watching this video live, or they will consume this content later on, What is your advice for enterprise architects? What are the skill set? I mean, we assume a certain level of technical knowledge, on going on, tools, and methods, and techniques, and enterprise architecture as a discipline.

What are the skill sets that you think are missing on enterprise architects today? To make that connection to the business and drive meaningful enterprise architecture? What do you suggest that they focus on developing?

Broader business understanding.

Because it again, ties back with what is the definition of an enterprise architect?

And skillset? one of the major factors, business understanding, but at an enterprise level.

Off radius functions, if not all, the functions, and technology is not the priority for an enterprise architect.

Don't know the nitty gritty details. Do not need to know the nitty gritty details of our technology.

They need to look into what all about business strategies.

How?

Executed properly.

And two, achieve that execution.

What kind of abilities are required that can be used by various functions?

Stay at a business knowledge and data concept.

I'm not saying that you can remain in that layer only as an Enterprise Architect, but that is a major skin.

Many of you take down one level below.

How does it align my current technology, lack of technology environment, not individual product, or indeed, we do solutions, and do the gap assessment adapt? So, they should be great in doing that gap assessment.

That means they need to have strong, analytical skills, that only they can understand the gap assessment of conduct.

They need to understand the operational part of the business.

Not only strategy, because they have to ensure that, through their lunch, they can guide how to achieve operational excellence and sustain it.

So do a lot of them, they just go for enterprise architecture.

If you have that fails and you are an architect, then you are either our functional architect, our solution architect, or our domain, or an IT architect.

Very well said, and unless it's always a masterclass with you, I know you're broadcasting today from Boston, Massachusetts. So, the rest of the world, and on behalf of this global audience, I wanna say thank you for your generosity, thank you for your time, and sharing your tremendous wisdom and expertise with all of us.

Thank you again, everyone, and thank you for giving me this opportunity, and thanks to all of you, our team, who is reduced.

Thanks again, and look forward to work with you again.

Thank you.

Ladies and gentlemen, that was ... money.

Customer success measurement, and analytics and data management at Cisco, shared his wisdom and expertise with our global audience, and we're all better off as a result of that.

So, we're going to be wrapping up the session out, and I'll have to say thanks to everyone who has been here with us for the last three days. Thanks to our speakers for being so generous in sharing their wisdom and expertise with us. Thanks to our sponsors, ... and work Board for making all of this possible. We couldn't be.

We shouldn't be able to provide.

There's a level off, this level off, material content, speaker quality. If you are not for the support from our sponsors, which are tax in work board for this conference, thank you so much for really engaging with the audience here, and putting our resources behind the production of this conference and allow us to broadcast and no cost to our global audience. We have more than 1500 registered participants in the conference. We're all going to be benefiting from this content now.

For those of you who missed a few sessions, remember, in the next couple of weeks, as a registered participants, you will receive an e-mail with a link, and password to access each one of these sessions at your own pace on demand.

So, it's a benefit of being a registrar participant.

Now, ah, I want to say thank you to Brian Russell who makes sure that all the pieces come together to produce this conference across three different days, 12 different speakers in different Global locations. There are so many things that can go wrong with technology and locations, and schedule conflicts. It's remarkable how it all comes together, and we're able to provide you this, this content with very few interruptions. So, thank you, Brian, for your dedication and your leadership. Thank you, ...

for making this all happen for creating an environment where great leaders and great ideas can connect, And, of course, thanks for everyone here in the audience. who has participated, engage, actively contribute through your questions for your insights sphere of commentary. Make sure that you go into the LinkedIn close of this conference, say thanks to the sponsor, say thanks to the to the speakers. I ask additional questions, if you have them right at the conference post on LinkedIn. You'll find it under my name, shows that there is an digital workplace transformation live post on LinkedIn.

So, for now, have a great rest of your week, wherever you are in the world, and we will continue on our culture, business, and digital transformation journey, in the years ahead. Take care for an hour, and thank you for being with us.