Published on the 07/09/2016 | Written by Newsdesk
With all the talk around digital transformation today, organisations of every stripe are looking to information technology to innovate…
Digital transformation is being driven by the heightened requirement for customer intimacy and relevancy, the ability to ‘mass personalise’ and create new ways of engaging. But, warns Phil Wright, Foodstuffs South Island IT GM, you’d better come at that innovation with a ‘don’t forget security’ mindset. It’s a topic he is presenting on at the Advance Security Summit in Wellington next month.
Wright explained that IT tends to be at the forefront of innovation for the cooperative. “We’ve got a good history of using technology to drive the business; there’s the basic stuff which has to be executed extremely well, and then there is new ‘leading edge’ stuff for competitive advantage. The security of information and information systems is part of both components.”
It is in the second area, however, that he said the ‘don’t forget security’ mindset with innovation applies. That’s because the paradigms in which security is being applied are likely to differ from those in the ‘business as usual’ IT systems and services.
“For example, with the introduction of our New World Club Card in 2014, we are holding customer data and that raised the stakes of how we need to approach security. We need to handle customer data with the appropriate levels of security and trust to be sure that we can deliver value to our customers without compromising their information. Privacy, which had never before been a major issue as we didn’t hold large amounts of personal information, has now come to the fore.”
Digital transformation means there are changing approaches to business, and along with that, changing expectations from customers. Included in those expectations is that any organisation holding their personal information should take care and look after that data. “With our Club Card, we collect sales history and use that information to better communicate with individual customers that is relevant to them. The security of information and information systems has always been integral to our operation, what’s different now is the type of data we hold, so we have adapted with additional measures to take account of that.”
Another aspect to which Wright draws attention is the necessity to establish a chain of trust across multiple service providers. Many technology solutions today are comprised of services from multiple vendors; when you have these suppliers integrated into a composite solution, it is crucial that there are no weak links in the chain. “Security is a key aspect of any initiative, and with multiple providers, the security blanket has to stretch a bit further,” he stressed.
It’s not just a technical approach either; Wright said Foodstuffs has looked at the organisation from a wider perspective and ensured that staff training and processes around data handling has formed a part of how it has introduced its new initiative, including a focus on personal responsibility.
“There tends to be some scaremongering around security, driven by more awareness of cyber threats in general industry, but for IT people, it has always been on the agenda as a component of the overall risk management framework. It doesn’t have to be scary and restrictive. What it does have to be is suitably rigorous and encompassing of people, process and technology. There is a balance that has to be struck between managing risk, innovation and operational efficiency, and also maintain a healthy relationship with the rest of the organisation.”
The Advance Security Summit takes place at Te Papa, Wellington, on 17 October 2016.
