Contributed By: Vikram Kunchala, application security leader for Deloitte Cyber and principal in Deloitte & Touche LLP, and Jonathan Martin, senior manager, Deloitte & Touche LLP
In today’s “everything-is-connected” world, the reach of cyber goes way beyond IT. Cybersecurity has become a business-critical capability with the power to drive – or, if mismanaged, derail – the competitive prospects of a business. Increasingly, successful digital transformations require a holistic cyber strategy that engages the entire business, not just IT, and focuses on more than just risk mitigation, compliance, and the cost of a breach. Today’s business leaders are discovering that the more valuable role of cyber is to help secure and advance their enterprise’s growth and innovation objectives with a “cyber everywhere” approach. However, many organizations have yet to embrace this broader perspective.
This view is supported by Oracle’s ongoing conversations with clients – and by Deloitte’s latest Future of Cyber Survey of 500 C-level executives who oversee cybersecurity at companies with $500 million or more in annual revenue.
The survey revealed that executives remain keenly focused on cyber, with 49% of respondents, a plurality, citing “cybersecurity vulnerabilities” as their top concern. Yet, the overwhelming majority of these cyber executives (90%) say they’re not putting a significant portion of their cyber budgets (less than 10%) behind digital transformation projects – projects such as cloud migration, AI-driven products, and SaaS solutions –areas where cyber vulnerabilities can be readily addressed.
Furthermore, only 30% of the respondents indicated their organizations have integrated some form of cyber “liaising” into their core business functions to facilitate cyber awareness and readiness throughout the organization. This means that for the majority of companies, cybersecurity remains almost exclusively a concern of IT, which could undermine cyber’s potential for accelerating digital transformation and innovation across the rest of the business.
Unleashing cyber’s full potential
In our client base, we see the tide beginning to turn as more businesses wake up to the power of cyber to drive growth and innovation. We saw this firsthand at a recent engagement at one of the world's largest logistics companies, where the adoption of advanced cybersecurity solutions is helping the company unify global operations on a single Oracle ERP Cloud and capture synergies from its global acquisitions.
The logistics company had recently completed an acquisition of a big competitor, and executives were committed to integrating both entities on a single platform to generate savings and facilitate growth. They saw the acquisition as an opportunity to drive a major business transformation that would include simplifying its heterogeneous, on-prem IT environment and moving to a modern, secure cloud environment.
Deloitte was brought in to evaluate the company’s existing environment and help it reorganize core ERP processes, including finance and procurement, to create an optimal digital transformation pathway and take full advantage of the native capabilities of Oracle ERP Cloud. The multi-year journey encompasses quick adoption of key emerging and disruptive technologies—such as robotics, cognitive, and analytics—to pave the way for modern finance in the digital world.
As the company accelerates adoption of Oracle ERP Cloud, however, its information security and compliance organizations have been challenged to adapt to a more complex threat landscape. So with Deloitte’s help, the logistics leader reengineered its cyber strategy, moving from an IT-centric to an enterprise-wide approach to cyber-risk management. The goal: to enable a scalable and sustainable security model that would strike a balance between business, compliance and statutory requirements across multiple geographies.
Our team worked with the company to help it address a range of cyber risks, designing and building solutions focused on application security, identity governance, infrastructure security, and data privacy and protection. To the extent possible, the cyber solutions were standardized for easy maintenance while allowing for local and country-specific variations in security requirements, such as data privacy. We engaged business and compliance stakeholders early in the implementation and socialized the Oracle Cloud ERP security architecture with administrators to ease adoption of the new ERP.
Cloud governance council
One of the success factors was the creation of a cloud governance council spanning multiple business functions. This cloud governance council brings together leaders from IT, audit and compliance, and relevant lines of business to ensure that cyber capabilities, processes and technologies can meet the company’s current and future business needs and quickly scale and adapt to help the company take advantage of emerging opportunities.
The company is anticipating a range of operational benefits from the cloud-based cyber initiative, including:
When the company completes its move to a single Oracle ERP Cloud platform, it will unite more than 100,000 users around the world and create a secure, agile, and compliant environment for propelling further growth and innovation and readying them to face the realities of “cyber everywhere”.
Learn more about how Deloitte can help you create a holistic cyber strategy to help secure your ERP cloud and extend the digital core to help your business grow and innovate.