The Impact of Digital Transformation on Business

Steve King 00:13
Good day everyone, I’m Steve King, the managing director of cyber theory. Today’s episode is going to focus on digital transformation from a business impact point of view. And joining me today is Pete handle and the group Chief Technology Officer for money Penny he’d spent in the IT and InfoSec business for about 25 years. And even going back to rosboroughs EDS days, he served as CTO for auto trader and similar roles for Rabobank and Lloyds Banking Group along the way. So welcome, Pete, I’m glad you could join me today.

Pete Hanlon 00:50
Well, thanks for having me, Steve. It’s great to be on the podcast. So you’ve got some strong beliefs about the role that people must play in successful digital transformation going well beyond technology? Can you share your view about the importance of business processes, and models and organizational culture in that in that journey? Absolutely. So I think, really to start off is just to frame it is what is digital transformation. So you know, all businesses today use technology in one form or another, and digital transformations, not just about simply implementing a new CRM system or an ERP system. And it’s not about using the latest cool tech, it’s about leveraging the right technology to fundamentally change how a business operates. And that might be to improve revenue, to improve the customer experience, or to future proof of business. But I think one of the key things about a digital transformation is it’s not a tech project. And it’s often seen that way. It’s a way of thinking differently across a business. You know, what new markets can we operate within, considering automation, and optimization, all levels in the business, and how to leverage technology to compete to get a competitive advantage. And one of the things I always like to think about is Amazon have a really interesting way of looking at the products, they always look at the products and say, How can I build my product better? How can I get AI or smart intelligence into my product to make the customer experience better? That’s an example of an organization that is digital. First, they’re looking at it and saying, How can technology help me? So so the game the goal of digital transformation, is about becoming a digital first organization. So it’s that kind of what I believe digital transformation is, in terms of the question in terms of models, business processes, and culture. You know, when you go into a digital transformation, you really have to question your business model. And is it fit for purpose, part of it is to really look holistically at your organization. I mean, a classic example is Netflix and Blockbuster Video, you know, Blockbuster Video, doing really well. And then a digital first organisation came in and really sort of ate their lunch. And that was it, and of the business. And if I think about, from my experience, my background autotrader was a really good example of a really successful digital transformation. In fact, it’s considered if it’s not the most successful digital transformation, the UK, it’s certainly one of them. autotrader used to be a magazine. And it was one of the most popular magazines in the UK, as a classified advertising for cars. And in 2000, all of the money came from the magazine. But as an organization, we have a digital first approach, we’re starting to put together a digital first approach at how we looked at the business, which meant that we we had a focus around moving online and moving to websites and web classified advertising on the web. So moving to the web, then gave us new opportunities. So we took the chip the choice to move to the web. We then opened up new opportunities because we could start to get data that we never had, when it was a publication, we could see supply and demand information. We could see, you know, who wanted cars and where we’re coming from. So we can build new BI products and tools. And then ultimately, we use that information to build a solution across the whole of the automotive market, which allowed dealers to automatically purchase vehicles automatically for them as they sold cars off the lots. So that’s an example of a company that started off selling magazines, to ultimately really owning a significant part of the automotive industry, and how they buy and sell cars within the country. That’s a significant shift. And all of that was around digital transformation and looking at the business model and saying, Is it fit for purpose? can technology help it?

Steve King 05:19
Yeah, sure. And those are pretty, you know, kind of simple business model examples. Many businesses have more complicated business models. And you talk about I know, in the past, the importance of leadership in digital transformation, can you talk to us about our leadership or lack thereof can impact the VT programs?

Pete Hanlon 05:43
Sure. So Solid leadership, I mean, that that’s critical when you’re running a big deep tea program, you know, that whole push and energy to transform an organization that has to come from the top, and has to be something that from a board level, from an executive level, from the CEO level that everybody needs to be bought into. And that communication needs to distill throughout the whole of the organization. So when I think of leadership in a transformation program, it’s not just the CEO, but it’s in need change advocates change leaders working at all levels within the business to sell a vision, because you need that vision to go out to everybody and for it to be authentic. And the only way to do that is for people within the various different parts of an organization to, to understand what it means to them. And to sell it to the people they work with. That there needs to be clarity around the kind of the whole strategy and scope, one of the big things that you find with a digital transformation is around scope, creep, or just misunderstanding of what it is that you’re trying to deliver. So that leadership piece or to make sure and communications piece to make sure that everybody is fully understand what it is that you’re, what’s the angle, what the outcomes that you’re shooting for. But I think that, you know, for me, the biggest takeaway from a leadership piece is just around communication. Because you know, however much you communicate, it’s never enough. You just have to keep communicating and explaining why you’re doing it. What’s in it for people? What’s the purpose? What’s the outcome? What’s the scope, and just keep doing that? repeatedly, until people get it? As an example, there was a project where I worked at a bank, and there was a project called Project X, that was being run. And once there was a reasonable amount of communication about what that project was about, it wasn’t very clear from its title, what it was delivering. And it ran for a year and a half, as do most digital transformation projects will run for a long time. And by the end of it, everyone forgotten what it was delivering. And so everyone had decided it was going to deliver the thing they wanted. So when the project finally finished, everybody was disappointed, because it didn’t, it didn’t achieve the goals that they had in mind. So just making sure that everybody is aligned is absolutely key. It’s clear, it’s absolutely key.

Steve King 08:06
Yeah, you know, and the impact that digital transformation has on on cybersecurity is enormous. And we’ll get into that in a minute. You’ve nailed the problem on the head with change. And we all know, I mean, change is very hard as generally responsible for the slow adaptation of new technology and processes. The, you know, we’ve seen this over and over and over again, anytime, you know, we’re introducing anything that requires that people sort of, you know, give up or threaten territorially. And so, you know, the question is, how do you overcome that change resistance? And how do you bring all employees into the transformation, you know, equally at the same time, I have found no magic bullet for that.

Pete Hanlon 08:59
I think you have to build a culture of change within your organization, you have to be open and receptive to change. You know, that means acceptance, that not everything will work, but commitment that you’ll learn from mistakes, you know, we, it’s, we expect some failure, but we expect to learn from that failure, commitment that people are trusted to operate freely, within clear boundaries, that you know, you’re going to get, you’re going to get people to buy in to change if they know how they can work within that change, or how they can add value to that change. And actually ask people for ideas, you know, all these help build a culture of change. Make sure that you know, communication is transparent. And you know, you’re constantly explaining to people what you’re doing and why you’re doing it. What’s what’s in it for the business and what’s in it for them. So again, build a culture To change, over communicate, but also, you know, incentivize people make sure that one of the things I’ve seen that cause real problems in the past is when you have teams of competing objectives. So you have, you know, a chair, a team that’s delivering change, that they have to deliver change to a sales departments and operations department, the sales department that has an objective around, you know, selling targets and an operations department that have an SLA. And, you know, change is, is the last thing, an operations department, one with an SLA. So you have to make sure that everybody in the business has aligned objectives around, you know, meeting the goals of the change program. So what’s in it for them, I’ve had distractors in the past word, they’ve been very vocal about not wanting change, and I brought them into the team. And I’ve given them jobs to actually significantly implement change, and also to explain it to other people. And what I found is, if you give them that role, then you know, they often become very positive about the change. So you’re not set, you’re not take everybody on the journey. But if you give people that kind of opportunity to, to be involved in it quite significantly, then they can often change how they feel about it.

Steve King 11:25
Yeah, of course, one of the observations we now make over the impact of the pandemic, for example, has been in the arena of customer service. And I know that it’s clear to anybody that’s a consumer that’s tried to get a customer service rep on a telephone, or, you know, online response, even under these circumstances, today is virtually impossible. So I know that, you know, embracing more digital world means we have to, we have to start to rethink how we interact with our customers and for improve customer service. That means being proactive, and how you help your customers and offer them a wide range of channels to support them, Can you can you give us some examples of what has worked for you in the past?

Pete Hanlon 12:15
What will account and guess just for context, so I work at an organization called Money Penny, I was the CTO. And we are the number one outsourced communications provider in the world, we do a lot of stuff around, you know, customer service. So, and we take very much a digital first approach to how we build our products and how we solve these customer challenges. And we see our job to be we need to be where our customers are, our customers, customers are, in fact, so that’s where we need to be to sort of find out what people are using and how they’re communicating the pandemic, you mentioned before you know it. During the pandemic, one of the things that we you know, was very clear was the rise of video conferencing tools, particularly the likes of Microsoft Teams, we looked at our customer base, you know, that the use of teams just went through the roof. So we looked at that and said, Well, how can we integrate teams into, you know, the journeys that we have with our customers? How do we integrate that into our call centers? But how do we do it thoughtfully? How do we mindfully it will be very simple to just use teams as a phone, that’s just a digital, you know, receiver. But that’s not really sort of taking advantage of the power that, you know, that platform has. So it’s not really thinking about the technology. So we built an integration between Twilio, which is our telephony system, and Microsoft Teams. And, you know, we’re now able to take telephone calls and forward them to people in using Microsoft Teams. But when we forward them, you know, we can digitally announce who it is. So give them a window pops up and says this is who’s calling, we can give them information about the call itself. We can group call into a group of people in Microsoft Teams, and you know, this is a unique service. So it’s I think this comes back to the digital transformation piece. It’s, it’s not just about doing, you know, very simple to just put in the call it a session border controller, just something that allows us to board a call to teams, but we want it to be part of a workflow. So you know, we can now share files, look at calendars, do all those sorts of things. And that becomes very powerful. And that’s just done that by talking to our customers and looking at you know, how the world has evolved during lockdown.

Steve King 14:47
Yeah, that’s a sounds like a sensible response for sure. The larger impact it seems to me of digital transformation in business has been on cybersecurity. Which, you know, I mean, you could look at it from 20,000 foot view, which says, you know, none, none of our systems were designed with cybersecurity in mind. So we shouldn’t be surprised. On the one hand, on the other hand, you know, we’ve been at this for a while now, in earnest, let’s say the last 567 years, where the landscape has changed. And the cybersecurity threats are much more advanced and complicated, and complexes sophisticated than they have been in the past. One of the enemies and some of our minds for able to mount a mountain effect of cybersecurity defenses is speed. And we’re, you know, digital transformation pressure from business units is creating a lot of pressure on cybersecurity folks to somehow deliver the kinds of digital results that these folks want, on the one hand, and to make them secure, and the other and those two things don’t usually come together. It feels to many of us that we’re going way too fast for our skis, what’s what’s your opinion about the role that digital transformation plays in, in many of our current exploits?

Pete Hanlon 16:16
So I think there’s definitely a lot to be said for, you know, digital transformation has to be done thoughtfully, and has to be done with some curiosity in mind, for sure, you know, digital transformation, it can either improve or impact on security, I don’t think it’s a one or the other, it’s just around, you know, like a poorly considered transformation can absolutely impact the company’s attack surface, for sure. Making systems more complex. And, you know, when you make the more complex, the hardest is secure. But equally, you know, legacy systems and poor processes, then are also, you know, genuinely large attack surfaces. So it’s always a difficult one to know, is it better to have a legacy platform that, you know, well, you’ve got just as many probably as many security for the legacy platform as you do as you make a change. But definitely, as you make change you, you increase the likelihood of security flaws. For me, I think the big one, the big area of concern for digital transformation from my perspective is on the supply chain, when you look at an a lot of digital transformation these days is around outsourcing processes and outsourcing data to third parties that will process it on your behalf. You know, and so, on one side, people like Amazon and people like that, you know, that the AWS as your GCP, what you’re getting workloads on their servers, for most companies is probably significantly more secure than they were before when they were running on their own tin. But then when you start outsourcing CRM systems, and insight systems and systems that are handling, I don’t know health data, you’ve really got to be all over the due diligence on those third party and understand where your data is, how was it being processed? You know, are you comfortable on how that that data is being secured. And that very difficult. And I think as with this brand of outsourcing technology capability to third parties, it’s becoming increasingly hard to really manage that and know where your data goes. So I think it’s a double edged sword, it’s potentially a good thing. But you know, depending on how you do it, it can have downsides. So not not really clear cut from my perspective. Yeah.

Steve King 18:49
Nor from mine. And we’re, as we saw this weekend with like, for Jay, the reverse is true as well and supply chain where we have no idea what is resides in most of the open source code that we throw out into the universe here and, and and or who is using it, or what dependencies it has in the wild on other open source code modules as well. So it feels to me like there’s a lot of playing with fire here.

Pete Hanlon 19:21
And so the winds, I mean, it’s not just open sources, it’s, you know, it’s closed source, too. It’s it’s across the board really, isn’t it?

Steve King 19:28
Yeah. And then the other push for s bomb, you know, isn’t going to solve the SolarWinds problem, which was, you know, we already which which happened at compile time brilliantly. Yeah, yeah. Yeah, hats off to them indeed. And knowing what’s in your source code is not going to do a lot of good if, if an attack like SolarWinds occur, so And why wouldn’t it right, I mean, so every time we sort of come up with what We think is a partial or point solution. It just reveals like 14 other alternatives for the bad guys to take. And I guess the final question here, Pete, is, what is your outlook? What do you think about the general state of cybersecurity as it relates to, you know, information technology and, and our immediate future here?

Pete Hanlon 20:22
I mean, it’s, you know, it’s a constant battle, isn’t it? I’d like to be positive about, you know, these things as much as they can, it makes it quite difficult, you know, things like the Exchange Server vulnerabilities earlier in the year from Microsoft, and how long it took for those things to come out and be sort of, you know, public domain, that there are certain types of security vulnerabilities are going to be always going to be very hard for us to lock down. But equally, you know, I look at the controls that, you know, we’re putting in place, for example, and you know, which words they seem to be very good controls. So I think there is, you know, in the market, there are good security solutions, but you’ll never be secure. You’ve just got to layer in levels of security. And, you know, just try your best as far as I can see, I don’t think that I think it’s a brave thing for anyone to say, you know, my system is 100% secure. But you know, I think it’s valid to say that you’ve got all the right security controls in place. And, you know, you feel that you’re in a good place.

Steve King 21:28
Yeah, sure, whenever. Well, I hope that we all understand we’re never going to get to 100% of anything here. But I guess finally, what do you think is zero trust is a strategy and a reference architecture for mitigating threat going forward?

Pete Hanlon 21:47
I think it’s great. I think I think zero trust is, you know, it’s a very difficult thing to retrofit zero trust into existing systems, I think if you’re building a brand new system, you know, as a reference architecture, I would say that, that’s, from my perspective, that’s absolutely the way to go. And it’s not about not trusting your employees, it’s about, you know, protecting, protecting everybody protecting the innocent, you know, zero trust is, just feels like the right way to go. But when you have, you know, existing systems, or you have some legacy systems, or, or even quite complicated systems, then it’s quite a hard thing to overlay. So it feels like a good architecture. But I think it’s challenging to retrofit on existing companies below what your thoughts are on that, Steve?

Steve King 22:38
Well, indeed, and well, we’re big proponents of zero trust here. And we, we believe that anybody can incrementally overlay that on existing, non existing systems. Sure, it’s more difficult as, as you get deeper into legacy and so forth. But But there aren’t, there are no systems from our point of view that they can’t benefit from, from a zero trust approach, either pick your poison, whether it’s in identity management, and more granular approach to authentication and validation, and so forth, or, or whether it’s in the design of your, your attack surface, so that the, the critical assets are, you know, isolated in the network and sort of micro segmented away from the rest of it. I think those are the six nonetheless, I go ahead. I’m sorry.

Pete Hanlon 23:27
I think they the main thing, from my perspective is forcing people to architect with security as a first class citizen, you’re driven towards as you build your system. It’s not an afterthought. It’s not something that happens after the fact. It’s, you know, it’s it’s part of the system. It’s a it’s a first class requirement. I think that’s important.

Steve King 23:50
Absolutely. Well, listen, we’re out of time today. I do want to thank our guests, P. Hanlon, again for taking time out of his schedule. And joining me in what I thought was a thought provoking exchange around digital transformation and its impact and in our both business world and in the world of cyber security. So thank you. Thanks, Steve.

Pete Hanlon 24:11
Thanks for having me on.

Steve King 24:13
And thank you for our listeners for joining us in another one of several theories, unplugged reviews of the complex and scary world of cybersecurity technology and our new digital reality. Until next time, I’m your host, Steve King, signing out.