SDA Bocconi will be hosting the members of its Digital Strategies Roundtable at its campus in Milano. Chief Information Officers (CIOs) from Global 1000 companies like Chevron, Levi’s, Nestlé and Swarovski will join a number of tech executives and executive fellows of the roundtable, as well as SDA faculty, in discussing “Enterprise IT for the 21st Century”. Two recent roundtables led up to this topic, one discussion examining the state of digital transformation in enterprises, the other the challenge of cybersecurity.
Digital transformation has been a major corporate agenda item for a few years now. Many companies have made progress, while others are still struggling to define what it means for them and how to execute it. While digital transformation is certainly driven in part by new technology and technical capabilities, it is even more about how to manage and use data, about new ways of connecting to customers, about digital products and services, and about new ways to equip, enable, and manage a workforce. The pandemic accelerated many of these trends, speeding up an already-stressed system. Executing on digital transformation requires a strategy that delivers value, is operationally executable, fits the culture of the company and engages the workforce.
A few key takeaways are:
- Digital transformation is truly a journey, not a project with a beginning and an end;
- Digital transformation is not something IT does — it requires both leadership from the top and full business unit engagement;
- Many companies have broken digital transformation efforts into a few key pillars: revenue generating connected products and services, customer experience, digital workforce, and Industry 4.0 initiatives.
- Successful digital transformation requires new skill sets. Companies need to locate talent for design thinking and business architecture in locales that have been under the radar — and then integrate them into the hybrid workplace. They should also ensure they do not outsource for short-term savings at the expense of building internal capabilities.
- The onset of COVID catalyzed digital transformation, but the long, ongoing nature of the pandemic is causing fatigue that is hindering progress. Devising an adaptable but effective hybrid workplace approach will be critical to maintaining the enterprise’s culture and attracting/retaining talent.
Meanwhile, against this backdrop, cyber risks have increased many fold and there is no end in sight. As threat actors become more capable and numerous, it is becoming ever more difficult to protect the systems, people, and information inside our corporations or our connections to our value chain and partners. As discussed above, as digital transformation connects everything and data becomes ever more central to competition, our attack surface has expanded at the same time that the threat landscape has become a lot more varied and capable. Enterprise security has therefore to become an endeavor that everyone in the company engages in and supports.
Key takeaways from this discussion were:
- Cyber-attacks have become so sophisticated against such a broad surface that a proactive and extended defense-in-depth is required. Ransomware and phone-based phishing and smishing are among the security challenges without satisfactory solutions.
- Zero-trust security principles, continuous employee awareness/training, good cyber hygiene, and extension beyond the enterprise are required to protect the enterprise and establish cyber resiliency. Technologies such as machine learning help, but employee awareness and training remain at the heart of protection.
- The economics and advantages of the cloud are irresistible, but the risks are equally large — and considerably less visible. A new mindset of vendor qualification and verification has to appear — though few, if any, scalable processes now support it.
- Operating environments such as factories are vulnerable to many advanced threats, and they carry the risk of shutting down production and therefore business. From upgrading aging equipment to training shop floor teams, enterprises have to give as much attention and resources to protecting OT as they do to protecting traditional IT/office domains.
- In an increasingly networked world, determining which partners can be trusted is a key challenge in cyber security. Persistent trust will result from security-by-design, incorporated from the beginning of development (whether product, service or process) rather than bolted on at the end.
For PDFs of the overviews with full content from these roundtable discussions, see here.
SDA Bocconi School of Management