Don't let the workforce become a double-edged sword: RSA

What’s more, 30% of businesses in Singapore said their total spend on digital transformation products and services would grow by more than 10% in the next three years.

Dynamic workforce amplifies digital risk

A plethora of mobile devices and applications for work and play exemplifies our hyper-connected workforce in the age of digital transformation – and the digital risks that comes with it. To top it off, the face of today’s workforce is undergoing profound changes sparked by globalisation and shifting demographics.

From Baby Boomers, Gen-Xers and millennials working in full-time, part-time, temporary and contract positions, the way today’s dynamic workforce work and interact has become more automated, more digital and more mobile.

Employees seek collaborative environments transcending geographical boundaries, desire the freedom and the ability to choose the applications and devices they need to do their jobs. Furthermore, mobility and the consumerisation of IT are driving personalised and frictionless user experiences across a variety of device platforms in the present application economy.

The rise in on-premise, cloud and mobile applications, the number of personally owned mobile and IoT devices in the workplace, generates and amplifies new sets of digital risk to manage unwanted and often unexpected outcomes that stem from introducing new technologies in pursuit of digital transformation.

These usually conflict with requirements for security, support and the user experience, such as providing the necessary access to resources to contractors while keeping those resources secure. As data privacy and security concerns become the number one barrier in digital transformation, we are seeing organisations increasing their IT spending over the years.

As such, it becomes more challenging to secure a dynamic workforce because the complexity and velocity of important activities ranging from authentication and access control to data privacy to cyber incident response substantially grows. For example, if a data breach risk lies with engaging with a cloud service provider, it represents not only a cyber incident risk, but also a third-party risk and a data privacy risk, which itself is a compliance risk. In turn, this increases the digital risk, and consequently the business risk, that a dynamic workforce brings.

A concerted approach to managing risk

Like all risks, dynamic workforce risk is not binary. It is not possible to eliminate it completely without forsaking all the benefits that dynamic workforce computing delivers. What’s needed is a concerted approach to managing risk in general, and digital risk in particular—integrated risk management.

Unify and understand both security risk and business risk concurrently, and apply tactical technologies to carry out risk management strategy. The best way to realise this is through a clearly-defined risk framework.

The challenge in developing a framework for integrated risk management is that there is no one-size-fits-all risk profile. This gives rise to a need to identify, mitigate and continuously manage dynamic workforce risk, and continuously improve and maintain the maturity of your dynamic workforce risk program. It is a highly idiosyncratic exercise that will be different for every organisation, depending on specific factors contributing to its digital risk. The framework must also address risk management from the perspective of both business strategy and cybersecurity technology.

Setting up risk framework

The first step is to establish a regular communication channel with key business stakeholders to deeply understand the business’s goals relating to any digital initiatives.

From there, locate where the risks exist, and start thinking of ways to mitigate, manage and develop a process to track them continuously. This includes understanding the extent the business relies on aspects such as third-parties across different business operations, and whether the third parties also rely on other subcontractors.

Next, analyse the risk management maturity of the organisation. Evaluate the gap between the current state and desired risk posture, and develop a roadmap that can be utilized to achieve that maturity in time. For instance, should data privacy be of paramount concern, assess how well prepared is the organisation to deal risk that comes with your overseas customers’ data that may be subject to stricter nation-wide data privacy regulation or industry’s data governance rules.

Then, quantify the cost to manage risk in an integrated manner. Break down the cost of technology tools to address cyber incident risk—including defending against them, detecting them when they occur and remedying them. Conversely, compare it to the cost that would result from potential dire cyber event.

Together, this will provide a big picture view of the true business impact of digital risk.

Embracing digital risk

As organisations embrace dynamic workforce in the race for digital transformation, the volatile, hyper-connected nature amplifies digital risk that can hinder growth. However, this should not stop organisations from pursuing it. In fact, organisations should grow to be comfortable to embrace risks in order to seize new opportunities and drive innovation.

Ultimately, the success of a risk framework is determined by its initial and continuing assessment. This will create the foundation that will lead to a more mature, business-driven risk framework that is informed by and accommodates both IT and business risks across the organisation.

It is only when risks are identified, mitigated and continuously managed that an organisation can build a secure digital foundation that gives its employees a peace of mind to reap the benefits of digital transformation.

George Lee is VP of RSA APJ, a provider of business-driven security solutions