For organizations looking to accelerate digital transformation, it takes three key pieces: people, process, and platforms. For many, the challenges we all faced in 2020 sped up that transformation, adding new challenges, deadlines, and goals. The key to addressing each, says Arun DeSouza, was maintaining relationships, though they may be virtual now, and respect.
Many companies’ margins have been reduced and expectations are high. Innovation has to move faster and leadership has to evolve. Risk, it’s taken a whole new meaning in 2021. Business continuity is just one of the many complex business challenges creating unanticipated market turbulence.
Arun DeSouza, Chief Information Security and Privacy Officer at Nexteer Automotive Corporation joins J.D. Miller to talk about digital transformation during the pandemic.
This conversation has been edited and condensed for clarity and length.
J.D. Miller: Many companies have been honest in the fact that disaster planning hasn’t held up well during the pandemic. What has been the biggest obstacle so far? The ups and downs during the process and how zero trust is embedded in it?
Arun DeSouza: Absolutely. We’ve been very fortunate to have a solid scalable identity management platform. It enables anytime, anywhere, authorized access to a majority of business-critical applications, both cloud and on premise. We have single sign-on and multi-factor authentication, so this allowed for a seamless lift and shift – in the office on Friday and Monday at home. I’ve been here ever since for almost well, more than a year now.
Of course, with certain on-premises applications that are very custom that we couldn’t plug into the ILM, we had to use legacy-based VPN and then we determined that we had some contention challenges. Other than that, it was a pretty easy lift and shift. People didn’t even realize you’re going from the office to the home and it’s become a new way of working today. Also, I think our identity management platform powered a pretty seamless business continuity for us, along with selected cases of the VPN, etc. It’s just business as usual, really. People learned how to use things like Teams and Office 365 remote, using video from time to time. It’s been a blast really.
J.D. Miller: What lessons have you learned from going to work from home overnight and how would you apply them to your business continuity plan going forward?
Arun DeSouza: Some fundamental principles come to mind. What I’ve learned first and foremost is that strategic planning and enterprise risk management must be an adaptive, cyclical, and dynamic process, because if you keep that front and center every year, you’re much better positioned to adapt to macro environmental changes, like COVID, which is really a seismic change. As we go into these kinds of interesting circumstances and macro environmental conditions, building relationships and trusted partnerships across the enterprise is key and really critical because when you’re not seeing people in the office all the time you read to really strengthen those relationships. Take time out to video call because there’s no coffee machine, no walk down the hallway, and work a little bit extra hard to maintain that connection, because conversation, connection, community, at the end of the day, these relationships can help power it. It’s all about people and relationships.
From a technology perspective, the primary lesson we learned is that we need to further optimize zero trust and software-defined perimeter, strategic plans to strengthen our enactment of identity as digital perimeter. So we in fact, since we started and moved away from a legacy VPN architecture, hub and spoke model to a zero-trust network access, cloud-based solution. So that’s good. Now why are we doing that?
Because at the end of the day, as we pivot almost semi-permanently into the sphere of distributed work, we got certain benefits from this move towards zero trust. Business enablement, digital transformation, because work has changed today and the winds of change are blowing.
Twitter and other companies have decided that as long as you want to work from home or Twitter, stay there, so I think this is an era that’s going to stay. Zero trust can help power that seamless shift. When you embrace identity, zero trust and SDP principles, you can have agility and flexibility to serve business services anytime, at a pace and scale almost on a turnkey basis. It allows the ability to do security federation, more security management, right into the areas of the business or to the regions in a very proactive manner.
J.D. Miller: When we’re talking about that, how, as a security executive, how did you navigate the transition to a distributed workforce?
Arun DeSouza: I think there are four principles.
The first is to build and maintain trusted partnerships and foster mutual support and collaboration across the enterprise ecosystem both within the company, but also with partners and vendors as well. I can tell you, that’s really important because, especially last year, one of the key things that I did was work with all our strategic partners to enact strategic cost optimization, restructure our contracts to enact cost savings, get additional tool sets. and also, keep my team engaged. I couldn’t have done that without these strategic relationships. I think the first and most important thing, whether inside the company, in the era of distributive work is partnership can’t speak enough about that.
Something that’s always relevant is executing priorities effectively, keeping in mind how do you keep your team and your larger stakeholders engaged and enact priorities in the right way and not chasing the next fire? How do you stay on track and work with the business stakeholders and your team and IT to do that?
The third and most important thing is fostering a culture of respect and trust. That’s always true, but even nowadays, it’s just simple things like when you get on a video call, take the time to inquire how people are doing, show them that you care, because it goes a long way. When people can’t see you from time to time and only see you once in a while, you can make a difference.
The last thing is leveraging constant communication, relationship management and minimizing conflict, and just working to gather a common cause in what I call the power of federation.
You can hear Arun and J.D.’s full conversation on CDM Media’s podcast, Executive Insights.