BTOES Insights Official
October 06, 2021

Digital Workplace Transformation Live - SPEAKER SPOTLIGHT: Insights on how to improve Enterprise Security posture that enable smooth operations

Courtesy of Brother International Corporation's Ajitha Narayanan below is a transcript of her speaking session on 'Insights on how to improve Enterprise Security posture that enable smooth operations especially with the shift in paradigm of the digital work force working remote' to Build a Thriving Enterprise that took place at Digital Workplace Transformation Live.



Session Information:

Insights on how to improve Enterprise Security posture that enable smooth operations especially with the shift in paradigm of the digital work force working remote

Proactive steps that will help orgnizations minimize disruptions and security incidents enabling smooth operations while working within budget constraints.  Sharing a practical approach towards improving Security posture and minimizing risk efficiently and cost-effectively. key take-aways:

  • Use a structured approach to produce measurable and consistent results
  • Integrate Security program tightly with Risk management and temper it with risk appetite.
  • Institute a strong process for Technology induction & change management
  • Institute Solutions for vulnerability/risk prioritization, monitoring, tracking. alerting and automating defenses.
  • Leverage Efficient and reliable managed services to expand the SOC capability
  • Build a strong human firewall by generating security awareness and instituting strong security training for staff.

Session Transcript:

I'm talking about Ajitha Narayana, then who is with us at, is the former Director of Information Technology Broader. He has she is unlike chief strategy and transformational leader with significant experience helping organizations improve the maturity of information security services and software engineering practices. Agita is gonna lead us today on the insights on how to improve enterprise security posture, that enable is smooth operations, specially with the shift in paradigm of the digital workforce and remote work. So, Agita, thank you so much for taking the time to share your expertise and wisdom with our global audience today.

Thank you for that great introduction and thanks to the organizers for this wonderful opportunity to exchange ideas and experiences. Hi, everyone, My name is Ajitha Narayana, and I am an IT Leader with expedience across the spectrum of IT services in my last year with us.

As Director of.

As Director of Security for Consumer Electronics Organization. I helped establish the formal security's program for the organization, and helped improve the security posture. Today, I'd like to share with you my experiences about how organizations can improve their security posture in a cost effective manner.

In such a way, that introduces organizational exposure, minimizes incidents, enables continuity of operations, it is adaptable, and it is cost effective.

First and foremost, do this important to set up a structured process to drive improvements and the key attributes of such a process or it needs to be iterative.

Return boil the ocean and we have to be careful not to sacrifice progress in the name of perfection.

The idea is to keep making improvements, continuous improvements till we get to perfection.

So, first and foremost, the process, it's great to have an iterative process. It needs to be paid to be consistent.

It needs to be measurable.

We need to measure where we are on the journey, Where we make a start, we need to understand where we want to go, and we need to, taking measurements are largely to guide us.

The process needs to be collaborative.

Security is not just the responsibility of the security team. We need to take the whole organization, along with us, on the journey.

That means the business, the end users, and we also need to build strong collaborations and partnerships for service providers, who can act as an extension of our own security team and abdulla assault capabilities.

The process needs to be pragmatic. We need to use dollars, It's common sense while going about implementing such a program.

The security controls are fast.

And we need to prioritize what we addressed first.

There's only so much budget and so many resources. We need to use our resources wisely to tackle the most important problems first.

So it's very important to tie the security program tightly with enterprise just managed to have a good understanding of the risk appetite of the organization, To understand what, it means to the organization, to the, ask the impact of the organization, control is not in place, and use that information to guide and prioritize.

So really important to try prioritization is actually teaching.

The process needs to be adaptable to a lot of factors that play into the security program, internal factors, as well as external factors. Internal factors could be the changing business landscape. External factors could be evolving, landscape.

So we need to make sure that our process is responsive to these changes, and that we are able to adapt and fine tune, and make modifications, and, of course corrections as we go along.

The process needs to be evolutionary. There needs to be continuous improvement community learn from what we're doing, both the strengths, as well as the weaknesses. And I'm playing back and less if you go along.

The process needs to be learned. We need support from the highest levels of management for our security initiatives. So there needs to be good reporting and good bye and good governance overall.

The process also needs to be auditable. We should welcome outside perspectives. And it's also great to use formal audits of the process from time to time.

Screenshot - 2021-07-31T184659.836So these are the key attributes of also of a good, strong process that can help Jive improvements in our security posture.

So you should look at the key considerations, it is exposure assessment to really understand what the impact of due to the organization is. What is the likelihood of a control of the risks becoming a reality, and what is the impact of the organization.

What are the three sub on relative to the business. So we need to fine tune it to our business and understand what are the threats, what sectors are more relevant to our business.

We need to understand tolerance for downtime in a band that might be zero tolerance Street on time. So if you've got to have a good understanding of what a subtle in Sudan and Whatsapp. You gotta look at cap ex tools and technology, and also operational expenses focused on execution suggests headcount, third party consulting, ... Daniels, and that sort of thing.

So you also have to look at the people aspect.

We should we should include strong training for security eventless to educate our staff about security. Any general security evangelist.

So if you look at it, a good program focused on people, process, and technology.

So, if you look at the data breach report in 20 21, the top breaches are laid out. Social engineering is one of the key reasons for breaches that has to do with people.

Um, so, good training, good security training for staff is extremely key in preventing bleaches because it's one of the number one reasons for security features of the 20 to 21 report from ....

Um, that obligation a bass are the number two reason according to this report.

So, if an organization has an e-commerce solution, for example, they do need to focus on ways to prevent the application attacks such as a strong web application firewall.

Other system intrusions are just complex attacks to, you know, leveraging malware could be another is another reason for pages so having automated defenses, that can detect and block this.

malware is extremely important and so on. So, understanding what is going on in the world and fine tuning lot of knowledge and on priorities becomes extremely important.

So in terms of the process for driving the improvers, it is important to understand where we are on a journey been where we start, Where we want to go. And measured along the way.

So it's good to take a benchmark and a baseline of our current and one events standard security, any security standards such as yeast or CI, is a top 20 controls.

Again, good to take a top-down approach while while doing this baseline, and this ties back to what I said earlier, about using an iterative approach.

This is a vast field, under a merely controls in, each federal has many controls.

So in order to know not to overwhelm ourselves, we take a top-down approach into increasing levels of granularity as we tighten up our environment, and asked me, make things better, so use a continuous and evolutionary approach, get them to increase their levels of granularity and and, you know, prioritizing and fixing and achieving common problems.

So, perform gap analysis, take an honest look at the environment to see, you know, what are the areas where the organization might be meeting the controls, and what areas need work? Done. Step back and look at what the organization, if something were to go wrong in that area, basically exposure analysis.

And then prioritize. Prioritize and prioritize prioritization is key.

A vision for how you'll see this baseline evolving over time, you might be non console means in a given area.

But if you do the work and you have a plan of them to get, you know, to get that control into compliance of ensembles, to Guide or ..., and then make sure to re-enter baseline periodically.

Btog CTAAnother important aspect to take into consideration is that we're going to use a lot of solutions and tools to automate defenses, or to automate monitoring. Automation is key. And therefore, we need to have good technology, selection, process, technology, induction, and change management process to ensure that we are picking the right solutions that meet the needs of our environment. So, a good technology selection process is key to making good decisions about what solutions could really go on and do the job.

Um, make a solid plan to close the gap, and then chateaus actions to closure. So this is how the improvement process plays out.

So, if you want to see us, talk 20 controls, the. Center for Internet Security has to come off at the end with the way that organizations can, and can secure themselves. And a good thing about that is, it's laid out in a way that it's all It's all really prioritized in the way that, you know, the basic controls, foundational, organizational, etcetera.

So, the first six controls are considered basic controls, Inventory of authorizing authorized devices, inventory of authorized, and then authorize software, secure configurations, continuous vulnerability assessment and remediation, controlled use of administrative privileges, maintenance, monitoring, and analysis of audit logs. For these controls ensure that the right users have access to the right pieces of information and that the servers and software and all of that screen.

Yeah, pashtun and and get on the committees.

Now, each of these controls has many, many self-control, about 177, some controls, MCI stop going to the controls. So again, use the iterative approach, take a top-down view of all of these controls, and go into increasing levels of granularity. Luckily, we don't rest on our laurels. We keep going all the way through to truly understand, you know, where we stand with respect to all of these controls entitled, as we go along, and you're using a method of prioritization and impact to the organization.

So, if you look at the Cybersecurity Capability Maturity Model, that I'm mentioning, the indicator levels associated with Eastern Shores going from a lower level, to a higher level, and so maturity Levels, zero, against a practice, means it's not performed. Maturity, Level one means that it is done in an on an ad hoc basis. It's not mature. It will be done, is ad hoc maturity level to indicates that the practices borderless institutionalize it has documented the stakeholders are aware and involved.

Adequate resources are provided to support the process. So the process is basically understood and carried out, and it's obviously more matures and Level two and Level one maturity. Level three includes skull bones. So, it's, it's more of all the maturity level to, not only is the practice, cat or dog, but that is visibility at all, that, that is governments around it, that our policies around it.

So, it's more mature. Now, you could go even higher maturity to include measured, quantitatively understood, practices quantitatively understood, and improvements brought about by understanding, analyzing the numbers, and feeding it back into close your feedback system.

Um, continuous improvement.

So, the idea is to mature income, show, and infant tractors just met you already bought to the highest levels of maturity.

So, to guide the process, as I was just mentioning, it's very important to have measurements. So, MT. Control, take the time to identify what measures make sense. And again, the measures could be different for different audiences. So people who are doing the actual work, close to the work world trenches, need, obviously, need more detailed measurements, and asked me, go higher up the management chain. We need to ask that the machines.

To make it meaningful. So it took the time to understand, you know, what the measures are. Measures make sense, traditional rules.

And make sure that we're regularly take journalists measurements, and learn something from it. Establish key performance indicators. So these controls, offer the program, she performs indicators. Tell us how well I'll give them control is Performing, or how well our security program is performing.

For example, the number of sub one, step two, step three incidents and the trends could be a key performance indicator. No sub one shaft to a set of three incident at all shows that our security program is possibly working very well. The performance indicators tell us how well our program is performing.

Then, we have the key risk indicators.

Should risk indicators, like the smoke alarm wounded at the leading indicators that There could be a problem that might manifest itself, if we're not careful.

So, some example in, If the organization has an exemption process on to accept any risk in a given area, and, you know.

that, that's part of the process, A, and if you suddenly find that a lot of these risks of being accepted are going to be routed through the exception clauses and I'm being accepted, that could be, Jesus can begin to do that.

No, if we do that, a lot. Something will go wrong. So, kudos. Indicators, give us a leading, you know, they give us notification ahead of time that something is wrong, and we can do something about it. Again, establish masses to judge of the detail. Automate as much as possible to analyze the data regularly, so it's not only important to gather the data, but I think the focus should be an analysis. Getting actionable insights and doing something with those insights. to improve the process. And improve drug drum and security posture of the organization.

And establish good management, reporting all the way up so that everyone is informed and does right, no support for the process, potential these security initiatives and does ... for the initiatives.

So, as I mentioned, automation is key. Automate as much as possible. on the monitoring. For example, log monitoring should be automated alerting, if anything goes wrong. If there are new events on the dot.

That should create an alert. That should be automated.

Reporting and dashboards should be automated.

Automate the defenses, so that it's not manual to find solutions, go out and find solutions to automate as many of the defenses as possible, and training staff on the classroom training is cool. I think it's great to provide online trainings or training on a shovel some training given to the need to the folks.

He enforced and to a learning management system and tracking, for example, and also things like, you know, sending our phishing tests, and if people take the bait, then we need to reach out and train those people even more to make sure that they don't click on a phishing e-mail from examples, right? Sure.

Getting the measures, understanding how the organization is maturing into security eventless by monitoring and measuring the training is also extremely cheap.

So, automation overall is really key.

In the end, we bring it all together. We use a structured approach to produce measurable and consistent results.

We integrate the security program tightly with risk management and template with risk appetite.

Because prioritization is key.

Event Email Graphic Virtual Conferences (17)-1The Institute, as shown process for technology, induction, and change management, to make sure we are picking the right solutions that will roll in our Enlightenment, The Institute's solutions for vulnerability and risk ..., for monitoring, alerting, and automating defenses.

We leverage efficient and reliable managed service providers to expand our saw capability, strong human firewall training staff, we acknowledge the gaps and will to close them, celebrate the wins, and enjoy the journey.

Thank you very much.

Fantastic, Agita got great, great summary and review of the journey of bringing security to our environments.

Whether it's, we are working in our offices or remotely, as so many of you have been in the past 18 months or so. Number of questions from the artists I want to bring to you and the first one has to do with striking this balance.

Between, know, the need for accessibility is the need for openness, the need for collaboration and security. What does it look like in the organization? Then you have work of so many great leaning organizations that struggle with this question. How do we make things accessible, and open and transparent, and secure? I mean, the first free rewards don't go well very, very well with secure. What do you see out there in the marketplace today that for the organizations that strike the best balance or blanda of these needs, what, what did they do that's different from most of other organizations?

So information should be shared on a need to know basis.

So when I mentioned collaboration, it's to collaborate with the right level of people, and share information at the right level of abstraction and on a need to know basis. Only. That's very key.

Um, so, you know, we want to take the entire organization along for the journey security journey, because security is not just the responsibility of the security team.

What that means is that folks, you know, in general, what security means and, know, how breaches can happen. What other types of breaches that one could fall into. What is an individual's your unresponsive ability, in London reach such as social engineering attacks on educating them and take them along for the journey is very, very important.

But information itself should be shared on a need to know basis only. That's why privileged access and other such things are very important.

You provide information to the right people at the right time and on a need to know basis.

Ask them when they need to know it. In terms of external collaboration, I think managed service providers who are in the security space will experts at what they do.

You could build strong partnerships with them, and the security professionals, and they work with us in providing services.

So that's another aspect of collaboration that I mentioned. Did I answer your question?

Absolutely. That's, that's such a comprehensive, honestly, type of question that I gather here from the comments that were being made, and that, yes. You have, you have, you definitely have addressed it. I'm gonna, I'm gonna skip to a different question here that William Fuller has asked. First of all, he makes a comment, that great list of process attributes, that framework that you shared, which is, very helpful.

And that, he was curious about, if you can provide a little bit more information regarding the selection and the measurement of what your term, the key risk indicators, how do you go about, if you can talk a little bit more about, how do you go about selecting and measuring this key risk indicators?

So I would go with the approach of Google question. I would say, you know, what are we looking to do what you're trying to prevent in a given area, right? So you can do it at a control level, or you could do it at an organizational level, and.

What is right and what is meaningful? As I said, for example, this one is a very good example, we have an exemption process, when removed, but it's a third party. Vendors go through a strong security review of their stone on the vendor software to type previews.

And then if the undisturbed review, if you find out that the vendor didn't pass muster right.

But there's a strong business reason to go with that Vendor regardless which the security team will say, well, we just review and know it, the vendor didn't qualify from security standpoint.

But a business decision is managed regardless to go ahead. Because at the end of the day, security is not an end in itself. It's an incident, means, to an end, to support the business, Of course.

Sure, is, If a business decision was made to go forward, regardless? Well, that could be an assumption and manage risk, but it keeps happening within the hub, will be the problem. And so, it's important to track how many exceptions are happening. What are the reasons for it to step back and look at it? That's one aspect of acute ischemic dosage.

Smoke alarm. So you would look at it. You can look at other sagittarius to me and see, you know, say, for example, if you do vulnerability scanning software and you find that certain kinds of vulnerabilities alarm. And that's a huge risk indicator, that something is not right about the development process. And we need to institute more single strongest secure engineering tools, more training for the development folks to introduce you know sexual core OS, combined code and things like that. So key risk indicators are leading indicators of problems and depending upon what is the problem you're trying to solve you can come up with.

You know how you would figure out ahead of time whether that is going to become a problem.

Well very well agenda. I'm going to the next question here comes from Rakesh Cobre and he has a very good question which I think is that you have established a very disciplined framework for enterprise security and the which is sound. But it does require governance C requires resources requires you know assumes a certain size of organization and his question is Can this work for a small company environment? And, if you're not doing a small company environment, what are some of the adaptations that you may need to make?

Very good question!

So, this process can work for a company of any size, right? I said, right at the startup start, the prioritization is key, and Iterative processes, key shine, tuning the approach to what is needed by the business. And this is key.

Show some aspects that organizations can do on automating certain differences. For example, is something that you're a small organization can and should do, because you don't have a lot of the sources anyway. So you need to focus on good solutions that can automate a lot of this. And you can obtain governance to what is needed for the organization. So that if this is not prescriptive, destructive to say that it needs to, the scope of this needs to be a loss is just so much, you know, so many resources are so much stuff. You tailor your approach to what is needed and the constraints on what, what your environment is.

So that answers your godless of the size of the organization, I think everybody can say, killed themselves using common sensical practices dot gov rooted in Google process.

Following up on that, Geeta, one of the questions till at all is bringing up is if you have a work place security management platform that that, that you recommend that you have found to be useful. And we're trying we know that we're not, you know, endorsing any specific vendor here or there. But it's OK to talk about things, though, that work well.

Screenshot (4)Is there, is there is there, Workplace Security Management Platform out there that you'll find to be kind of leading the market in terms of, No, no, they use ease of use, and they are, of course, the capabilities of the platform, and there's something that's, that's, that's really useful.


I have not used a unified workplace management security workless management platform. Although, that's an interesting concept, Something like this.

And to be made into a platform that could help people help organizations implement security programs, actually, cool concert. I have them use fat. But, what would I have used just, you know, what we have done, and what I have used as good solutions in the market from different things.

So, for example, in, when you look at the top 8 or nine reaches that, what I spoke about for 2021, things like immunity to create training.


Shelf special training, administering training to mean to, to the staff that are paid solutions of the start of Web application firewalls.

Dot gov needed to prevent repeating web application gracious.

Directed endpoint, EDR solutions out there, create solutions for vulnerability management, vulnerability scanning and analysis.

So, for each of those controls, I think, that there are a lot of industry solutions out there and one has to accept a 1, 1 size fits all. So, it's always good to do a proof of concept in your own environment and you also have to look at what are the other mitigating controls that you might already have? And so on.

Solution may be extremely critical for one organization may not be asked to nickel from another organization. Because they have something else already in place. So, if you need to fine tune it to, What is your environment?

So, gap analysis is extremely important, Um, two, to decide the overall approach.

I can give you a better answer than that.

Now, that's good. I think you have just identified that there's an opportunity in the marketplace, therefore, these workplace platform for, for security, which is fantastic. We have lots of great leaders and entrepreneurs in the sessions, and I'm sure someone out there is is looking at.

This is an opportunity, and there are some but, you know, a unified standardized platform is Maybe It's not as prevalent and develop at this point, or security, following up on this technology lead heater. A new book, Paula, asked the question about what you have seen in terms of intelligent automation for enterprise security. What are the technologies, if any, that you have seen, especially in the last couple of years, that have really deliver value for enterprise security? And he's thinking in terms of, you know, AI and Blockchain and other related exponential technologists that maybe being applied to enterprise security Now, a very useful way. Anything that stands out to you that you find that's not hype but really useful applications of this exponential technologies.

Yes, yes. So I was very excited to discover Solutions. I'm sure, you know, Web Application firewall, a one stop solution for a laugh about nutrition firewall, both management and CDN, or, you know, a one stop shop. Because then we are looking at improving our e-commerce performance. You should grab an individual vendors for management or the application firewall, CBN. It could introduce latencies because it's all, you know, molecules as a hall on Silicon introduces latencies on torture, it can increase cost. So, we really analyzed a lot of solutions side by side for our environment and for all bell shaped for for what we wanted to do and really excited to find a solution to an orphanage and helped us so on.

I think it's important to understand what you're looking to do then.

That's why I mentioned a strong technology, selection, induction and change management process in a structured manner. Use measurement.

Just use measurements, measurements, guide you and tell you, know, what a strong about a lump solution versus another. And then, based on your needs and your specific environment, you can pick what you need. So I have found some very exciting solutions out there that did great things.

So, yeah, it's, it's, it's exciting, and it's interesting, and there's always something new coming. So that's why you cannot rest on your laurels. You can you have to keep looking and you have to do periodic assessments. Yeah, it's cyclical. That's why it's different.

It's iterative, it's cyclical. You gotta look at what is out there, and you got to take stock every once in a while.

Screenshot - 2021-07-31T184659.836Very, very good, so we'll have Fuller, has a number of questions related to the concept of the S O C that you discussed before.

The actual, C, And he, he asked if you could repeat the components of the SOC, and then talk a little bit about who and which departments on the SOC and who has access to it. How do you decide on Access?

So, if you can expand a little bit more about the governance around the SOC, so, Security Operations Center line, then, the organization can afford a human Security ...! Right? So, you know, it needs to be, That's why it's important. To go to the manager of the strong and find reliable partners, manage those providers who can, who can act as an extension of your own security team. For example, some solutions, a security incident, and event management solution could be the great managed service providers out there on the entire cell capability. So what happens is that you, you, through piped logs from your struggles, your network, you know, from orphaned on to the shock service, and they are looking at a dam lunging the data. They're looking at it, they're analyzing it.

And they tell you dissent automatic alerts if they see something out of that happening, and I'm sure, basically, automated log monitoring and analysis, Right? Sure.

Log analysis of the logs tell you, it looks for patterns, It looks for things that might be happening. It might not be something that assembly event might not tell you, that there's something wrong, but there could be a pattern of events that will tell you that there's, there's something going on. And also, the soc services, they're looking at data not just from your own, from your organization but from other organizations. So, they actually correlating it with what is happening in the world at that point light and keeping you informed and and acting as an extension of your security services. So, shocking, really, I mean, there are different ways of managing the Salk team, and every organization has to decide what is right for them. You know, you can get creative about how you do. It all depends upon how much budget you have resources and then you'll find unit button.

If you don't have a lot of resources or budget, I would say, don't be disheartened to have ways to get around it. You can get creative and there are ways to get around that our professional services out there, whose job it is to do this. So you just need to make sure that you you'll find the right solution that fits your needs and interchange in October.

Very, very good, and Ajit, I have one final question here from the audience. And this has to do with either the last 12 months or maybe the next 12 months. If you look at from where we are today, plus or months, what do you see as the biggest change and enterprise security that has taken place in the marketplace, and that, that's requiring organizations to pay attention to you? And they need to be aware of that. What would that be?

Everyone was looking for more or less amount of remote web going on. Right? On, I need in order to make sure that no force can do more without interrupting the interruption of services. That are a bunch of things that we need to keep our eye scan for. Monitoring is a key aspect of it. So, if you look at it, a couple of things, Rachel. Alumnus, Obviously, things like, you know, multi factor authentication, the education of the staff, and in in security awareness training.

Because phishing e-mails, if they clicking on a phishing e-mail, can really costs a lot of churn. So it's avoidable if you can coach and train on people, of course. You can also put solutions in place to prevent those kinds of things.

That doesn't replace the need for training and education on a show, I think, educating the end users, looking at solutions for multi factor authentication to prevent breaches. And also because everything is online now. So, I think strong obligation, firewalls.

These are the things that I think assume more important in today's world, very, very well think before you click for sure.

And, listen, agita, thank you so much for taking your time to sharing your expertise across multiple organizations aren't very respect to enterprise security in this new world that we live in today of remote work. Very helpful insights, and we very much appreciate you taking the time to do that for us.

Thank you for this opportunity and wish everyone all the very best.

Thank you.

Ladies and gentlemen, that was ...

Narayan and former Director of Information Technology, a brother and sharing her expertise with security in times of remote work in times of a dispersed and digital workplace.

Event Email Graphic Virtual Conferences (17)-1So, I would like to set up our next session now, and that on the next session, we're going to be bringing a top expert on the environment, on workplaces, on technology, on improvements and innovations. And I'm talking about Michael Muilenburg, who's director of Operational Technology and Strategic Planning for three M. Michael will be with us and he's going to talk about creating a frictionless employee experience to foster positive culture change, drive innovations, connected experiences, and better user adoption. So, my goal is a organizational culture and operational leader and that's going to be sharing with us that journey ... that he has been leading successfully for many, many years. So, join me back at the top of the hour with Michael Mullen. Barbara: Thank you.


About the Author

Ajitha Narayanan-1Ajitha Narayanan,
Former- Director Of Information Technology,
Brother International Corporation.

IT Leader with depth and breadth of experience spanning IT Security, Software Engineering, Shared Services, and Digital Experience.

With a background in Computer Science and Mathematics, I am passionate about improving processes and enabling flawless execution. I have deep and varied experience in providing leadership & oversight for the strategic assessment, planning & execution of enterprise-wide programs for improving software engineering, security, quality, performance & ecommerce.

By skillful use of improvement frameworks, solution prioritization, metrics and analytics, I bring together technology, tools, processes, and people for optimum results.

Over the last 6 years, the work done towards instituting a comprehensive enterprise-wide Security program & best practices for improving the overall Security Posture of my organization worldwide, have helped to enable smooth operations and enhance productivity with the shift in paradigm of the digital work force working remote.


The Business Transformation & Operational Excellence Industry Awards

The Largest Leadership-Level Business Transformation & Operational Excellence Event



Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Download the most comprehensive OpEx Resport in the Industry

The Business Transformation & Operational Excellence Industry Awards Video Presentation

Proqis Events Schedule

Proqis Digital

Welcome to BTOES Insights, the content portal for Business Transformation & Operational Excellence opinions, reports & news.

Submit an Article

Access all 75 Award Finalist Entires
Subscribe to Business Transformation & Operational Excellence Insights Now
ATTENDEE - Proqis Digital Event Graphics-2
ATTENDEE - Proqis Digital Event Graphics (2)-1
ATTENDEE - Proqis Digital Event Graphics (1)-1

Featured Content

  • Best Achievement of Operational Excellence in Technology & Communications: IBM
  • Best Achievement of Operational Excellence in Oil & Gas, Power & Utilities: Black & Veatch
  • Best Achievement in Cultural Transformation to deliver a high performing Operational Excellence culture: NextEra Energy
Operational Excellence Frameworks and Learning Resources, Customer Experience, Digital Transformation and more introductions
  • Intelligent BPM Systems: Impact & Opportunity
  • Surviving_the_IT_Talent_deficit.png
  • Six Sigma's Best Kept Secret: Motorola & The Malcolm Baldrige Awards
  • The Value-Switch for Digitalization Initiatives: Business Process Management
  • Process of Process Management: Strategy Execution in a Digital World

Popular Tags

Speaker Presentation Operational Excellence Business Transformation Business Improvement Insights Article Continuous Improvement Process Management Business Excellence process excellence Process Optimization Process Improvement Award Finalist Case Study Digital Transformation Leadership Change Management Lean Enterprise Excellence Premium Organizational Excellence Lean Enterprise Lean Six Sigma Execution Excellence Capability Excellence Enterprise Architecture New Technologies Changing & Improving Company Culture Agile end-to-end Business Transformation Execution & Sustaining OpEx Projects Culture Transformation Leadership Understanding & Buy-In Lack of/Need for Resources Adapting to Business Trends Changing Customer Demands Failure to Innovate Integrating CI Methodologies Lack of/Need for Skilled Workers Lack of/Need for Support from Employees Maintaining key Priorities Relationships Between Departments BTOES18 RPA & Intelligent Automation Live Process Mining BTOES From Home Cultural Transformation Financial Services Customer Experience Excellence Process Automation Technology Healthcare iBPM Healthcare and Medical Devices Webinar Culture Customer Experience Innovation BTOES Video Presentations Exclusive BTOES HEALTH Strategy Execution Business Challenges Digital Process Automation Report Industry Digital Workplace Transformation Manufacturing Supply Chain Planning Robotic Process Automation (RPA) BPM Automation IT Infrastructure & Cloud Strategies Artificial Intelligence Business Process Management innovation execution AI Lean Manufacturing Oil & Gas Robotic Process Automation IT value creation Agility Business Speaker Article Systems Engineering RPAs Insurance Process Design Digital Speaker's Interview data management Intelligent Automation digital operations Six Sigma Awards thought leaders BTOES Presentation Slides Transformation Cloud Machine Learning Data Analytics Digital Transformation Workplace Banking and Capital Markets Data Finance Professional Services Education IT Infrastructure IT Infrastructure & Cloud Strategies Live Blockchain Interview Solving Cash Flow with AI BTOES White Paper investment banking Analytics Insight BTOES19 Consumer Products & Retail Enterprise Agile Planning Government Operational Excellence Model Project Management Algorithm Automotive and Transportation Banking Business Environment Digital Bank Enterprise architecture as an enabler Hybrid Work Model Primary Measure of succes Relationship Management Sales business expansion revenue growth Adobe Sign Agile Transformation CoE Delivery solution E-Signatures Electricity Global Technology HealthcareTechnologies Innovation in Healthcare Reduce your RPA TCO Transportation Accounts Receivable (AR) Big Data Technology CORE Cloud Technology Cognitive learning Days Sales Outstanding (DSO) Logistics Services Operational Excellence Example Risk Management business process automation transformation journey Covid-19 Data Entry Digital Experience Digital Network Digital Network Assistant (DNA) Digitization Drinks Effective Change Leaders HR Internet Media NPS Net Promoter Score Program Management Portal (PgMP) Sustainability TechXLive The Document is Dead The New Era of Automation Automated Money Movement Banking & Financial Services Biopharmaceutical Blue Room Effect Building Your Future Workforce in Insurance Business Process Governance Capital Market Creative Passion Digital Transformation Workplace Live Digital Workforce Digitalization ERP Transformation Finance Global Operations (FGO) Financial Services Software Frameworks Hoshin Planning Human Capital Lean Culture Natural Gas Infrastructure Natural Language Processing Organizational Change Pharmaceutical Pharmaceuticals & Life Sciences Project manager Supply Chain Management Sustainable Growth The Fully Automated Contact Center Transformation Initiatives Workplace Analytics eForms eSignatures 3D Thinking BEAM BFARM BTOES17 Big Data Processing Business Analytics Business Growth Centralized Performance Monitoring System Communication Creativity Digital Technologies Digital Technology Educational Psychologist Energy Management Health Insurance Health Maintenance Organizations Hospitality & Construction Human Centered Design Integrated Decision Approach Integrated Decision Making Intelligent Document Processing Kaizen Medicare Moodset for Excellence Natural Language Processing (NLP) Offering Managers Oil and Gas Optical Character Recognition (OCR) Pharmaceuticals and Life Sciences Photographing Price and Routing Tracking (PART) Process Design Document (PDD) Product Identifier Descriptions (PIDs) Python Quote to Cash (Q2C) Resilience SAP Sales Quota Team Work Telecommunications Text Mining Visually Displayed Work Culture master text analytics virtual resource management