Founder and CEO of Pathlock.
getty
As digital transformation accelerates, the economy is relying more and more on enterprise systems to keep up with the ever-increasing pace of business. No industry or geography is immune — in fact, more than 77% of the world’s transactions touch SAP systems alone. Add in other financial systems of record such as Oracle, Workday financials, NetSuite and Microsoft Dynamics 365, most transactions now touch one or more financial systems.
The Growing Cost Of Downtime And Shift To The Cloud
This enormous reliance on enterprise systems comes with a cost, especially when these systems go offline — whether that be due to network issues, failed hardware, improper configuration or an external data breach. Research suggests that for large Fortune 1,000 companies, an hour of downtime can cost up to $1 million dollars, resulting in huge expenses when applications are down for a prolonged period of time.
To increase business continuity and reliability, many organizations are shifting these systems to the cloud at a rapid rate. Many applications like Mircosoft Dynamics 365, NetSuite and Workday were born in the cloud. But even the larger enterprise systems such as SAP have put pressure on existing customers to transition to more modern, cloud-enabled solutions. Now, 51% of customers are currently migrating roughly 81% of their processes to SAP S4/HANA.
Though moving to the cloud decreases the maintenance burden on organizations, as these systems move to the cloud, they become ripe targets for attack. In fact, according to findings from an IDC survey, 98% of the companies surveyed that used the public cloud have experienced a data breach in the last 18 months. And the cost of these data breaches is rising at over 10% per year, resulting in potentially thousands and millions of dollars in cost per data breach that occurs.
The Issue Of Business Resilience Falls Through The Cracks
Part of the problem is that companies are not evolving to meet the ever-changing landscape of applications and threats. Most organizations are relying on application owners and IT administrators to handle the security of their ERP systems. According to a report by Turnkey and Onapsis, 67% of organizations surveyed put this responsibility on IT, with only 18% having information security teams handle this function.
In the past, placing the security burden on IT has been a reasonable arrangement, because most of these solutions were hosted in-house and protected by the corporate network that the CISO’s organization managed. However, as these solutions move to the public cloud, they are subject to attack from a variety of bad actors. IT teams are not equipped with the necessary skills and tools to detect and respond to these emerging threats.
Why Collaboration Of Finance, IT And Security Leaders Is Essential In The Cloud Era
Going forward, organizations will need to rely on the collaboration of finance, IT and security organizations to ensure that business continuity and performance are maintained throughout the digital transformation journey. Specifically, each group is responsible for separate but complementary aspects of managing the increasingly complex enterprise landscape.
Typically, finance leaders have tended to push off responsibility around technology implementation and data security. For finance leaders to be successful in the new world, they need to drive the process of:
• Defining roles, alongside typical access profiles for various users in their finance organization, to ensure that users comply with least privileged access principles.
• Procuring modern, cloud-enabled solutions that come with good security out-of-the-box and can operate seamlessly with other applications.
• Designing and implementing proper automated controls to ensure that business processes run smoothly and securely between multiple cloud applications.
In the past, IT leaders have focused their efforts on the technical aspects of maintaining the technical infrastructure and applications that run on them. For IT leaders in the new era, they need to drive the process of:
• Setting a game plan in terms of cloud strategy, architecture, general infrastructure and best practices to build a resilient application ecosystem.
• Deploying and configuring applications and associated integrations to ensure that data and business processes are protected and safe from internal and external threats.
• Ensure reliable methods of updating and upgrading applications that provide a safe means of making changes to applications without introducing unnecessary risk.
Over the last few decades, security leaders have focused on building an impenetrable corporate network that can secure the critical infrastructure that the business relies on. For security leaders in the cloud era, they need to drive the process of:
• Classifying and defining critical data stored both on the network and in the cloud and monitoring access to this data to ensure breaches of critical data are detected and remediated quickly.
• Driving organization-wide initiatives related to zero trust, identity and access management to provide a comprehensive security strategy across on-premises and cloud resources.
• Work with business groups to understand the complete landscape of enterprise applications, hosting environments and required controls to stay protected from threats.
While digital transformation is a priority in every company, pushing toward cloud adoption without considering the potential risks can introduce even greater consequences in the way of additional data breaches and application downtime. Fortunately, with the proper collaboration and cooperation between finance, IT and security, organizations can enable digital transformation without fear of these negative consequences. Each party plays a role in driving a successful transition to the cloud, and bringing these distinct skillsets together is critical in ensuring the desired transformation goals are met.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
