ITWeb and Fortinet conducted an online survey to assess how South African organisations are securing their digital transformation journeys.
A total of 373 responses were captured, with 65% of respondents being at executive and middle management level, and working in a range of major industry sectors. Some 37% of respondents came from the IT sector, 13% came from the financial services sector and 10% from public sector.
Less than a third (29%) of respondents said they were making good progress on their digital transformation strategy. 21% said the route was planned and the journey had begun, while 19% said they’d successfully transformed into a digital entity. Ten percent are partly there, but have experienced some hitches.
Surprisingly, 14% don’t have a digital strategy and 6% are still trying to get buy-in from the powers that be.
Doros Hadjizenonos, regional sales director for the SADC at Fortinet, says these results are as expected. “It’s a big concern that 20% haven’t even started as we’ve been talking digital transformation for years now.”
Almost half of respondents (48%) said that their organisation didn’t have a Digital Officer (DO), and their digital strategy wasn’t aligned to their corporate governance methodology. However, 46% do have a DO and have aligned their digital strategy with their corporate governance methodology. The remaining 6% have a DO but their strategy isn’t aligned.
Hadjizenonos says this shows maturity in their digital transformation process: “I’m surprised to see the high number of digital officers. It’s promising as these are the people who’ll be in charge of process going forward, and it’s good that a large percentage have aligned this position with strategy.”
Close on half of respondents (44%) have a unified security transformation strategy for their digital journey. 28% say they’re adding appropriate security to each individual project, while 15% say they don’t have enough budget.
“This is as expected, but alarming nonetheless as it’s not advisable to embark on the digital transformation journey without a corresponding security transformation," comments Hajizenonos. "It’s no longer good enough to have point solutions as these are increasingly complex to manage, not to mention the skills challenge. I’d prefer to see organisations change to more of a platform approach to security, consolidating with fewer vendors that are easier to manage.”
Asked how the COVID lockdown and the need to get employees working remotely has affected the pace of transformation, 42% said it had accelerated digital transformation, 37% said their plans weren’t derailed, and 21% said projects had been put on hold to focus on remote working.
“There’s been a lot of focus on allowing people to work remotely and access information. We’ve stalled more advanced projects in favor of ensuring the workforce could connect.”
Asked about the possible liabilities in their own network, survey respondents listed the main causes of weaknesses in their systems as: not having enough money to throw at the problem (36%), employees not taking the risks seriously (35%) and concern about attacks coming through the less secure systems of the companies they connect to (31%).
“There’s always a balance between how much security you need to put in place and your appetite for risk,” says Hajizenonos.
"We need to move to a Zero Trust approach as there are too many devices and users on networks that shouldn’t have access to systems."Doros Hajizenonos, Fortinet.
On the topic of cloud security, almost half (40%) of respondents believe their cloudbased data and applications are more secure than on-prem, while 47% say it depends on which provider they’re with. “Your security should be the same regardless of which device you’re on, or whether you’re on-prem or in the cloud. You should be using the same security principles and policies. It’s concerning that respondents think that their cloud provider must provide security when in fact it’s the responsibility of the organisation that owns the data.”
When looking at improving who and what can connect to the network and specific applications, almost half (47%) of respondents regard a Zero Trust approach as necessary, while 36% aren’t sure the extra protection justifies the inconvenience; 19% say users resent it and 13% say some users have found a way around it.
Hadjizenonos says, “We need to move to a Zero Trust approach as there are too many devices and users on networks that shouldn’t have access to systems. However, it's critical to choose the right tool that’s easy to use and has the least impact on the user.”