30/Oct/2019
In recent years, Digital Transformation has become the Holy Grail of organisations in every industry. Digital Transformation seems to offer an easy, effective way to achieve greater efficiency, reduced costs and so on, but what might be the less welcome results of achieving it? We spoke to Koen Gijsbers (right) to gain some insights from his fascinating career with the Dutch army and with NATO. Koen is a Board Director of CyNation.
As he explains: “connectivity has now become so good and this doesn’t apply only to fixed connections. With 4G and soon 5G, you can be on the street and you can still work. In digital transformation it’s necessary to choose how you make use of the opportunities offered. However, you need to avoid bringing in additional risk to the company. So there is a need to balance the two. We certainly don’t want to do what we did in the past, which involved trying everything.
“The BYOD (bring your own device) trend of recent years seemed like a nice development – people could use the equipment they were familiar with and it offered huge cost savings to companies that no longer needed to provide their employees with equipment. However, I was the CIO of the Dutch Defence Organisation and I barred people from using their own devices in our organisation. I didn’t know if everyone did all of their updates or patches and I had no control over the devices people might want to bring in.
“It’s easy to bring viruses in and compromise a huge network and, as long as that is the case, you are not going to connect your device to my network!
“In relation to Digital Transformation, as a CISO you need to understand what is connected to your network. As a CSO you want to understand the configuration of all the devices that are in your system.
“Another problem of digital transformation is that most organisations make a mess of it because they have something and essentially all that they do is add “nice pictures” – extra, often unnecessary features that merely appears nice. This results in a very complex IT environment, one that you don’t know what it looks like.
“When, in 2009, I joined the department of Defence in the Netherlands as CIO, one of the first questions I asked was “how many pieces of software do we have?” No-one knew. It took them weeks to find out and the total was around 2500. That’s not a bad amount, but it is bad if you don’t know it.
“We reached a conclusion that, using simple methods, we could bring the total number of software being used down to no more than 1200. This reduced the number of licenses needed.
“Companies tend to be eager to purchase the latest, exciting software. They want to plug it in and start using it as soon as possible, However, IT departments tend to be more cautious: they don’t know how it might affect the other software on the network. This is why a structured approach is necessary: one based on what you understand about the risks that you have.
“Another point is that the interaction between business and IT needs to be much more intense. Most companies – and, indeed, government – comprise two worlds that hardly speak to each other.
“I have lived in both worlds. In my view the IT world is very focused on technical solutions. Their hair is on fire if the system doesn’t work. But they are less concerned if the accountant cannot do his work. They set priorities based on technical problems rather than business problems. That interaction is missing in many companies.
“However, it can be fixed, and that is one of the things I do through my training company. We work with the board and run them through cyber crises. We move back to what they have done before in order to prevent these crises. Then they see that interaction with IT is more important than they perhaps realised.
“The two worlds also speak two different languages and in terms that neither party can understand. So if you ask a non-IT person about cloud computing, they don’t really know what it is. As a result of this language gap there is no communication.
“Blockchain is a good solution for some things but not for everything. However, sometimes IT guys get very excited about hype. Unfortunately you can’t run a mature company on hype.
“Digital transformation is a difficult process. In the Netherlands we have a training centre for boards and board directors about how to lead digital transformation from a board point of view. This is important so that the board can actually make proper decisions and they are not left to the nerds!”
Living on a battlefield
Koen points out that businesses are failing to realise that they are living on a battlefield. As he explains: “this is a battlefield between nation states that want to achieve objectives – like Russia harassing the Ukraine – and they do that through the same infrastructure that companies are sitting on, which is the Internet. There is a huge risk of collateral damage.
“What happened to Maersk can be viewed as collateral damage. It wasn’t intended to happen, but it has cost Maersk almost €300 million to date to fix. Despite this, I wouldn’t get too nervous: at the end of the day the key to battling the hackers and nation states comes down to risk management.”
Take a look at our previous articles featuring Koen and his career and spotlighting his NATO experience.
