Kick-off & Panel Debate The Downsides of Digital Transformation

Show video

Hello, and welcome to Harvard Extension School's Inaugural Digital Innovation Summit. My name is Jill Felicio, and I'm the Director of Advancement for Harvard Extension School. Thank you for joining us for three days of debate and discussion of the challenges organizations face as they navigate their digital transformation in a post COVID era.

I am so pleased to welcome all of you, both guests and members of the Harvard Extension community, including students, alumni, and faculty. For those of you who are new to our community, the Extension School is one of 12 degree granting schools at Harvard University. We offer part time programs for working professionals, with 16 degrees and certificates in information technology. Our newest program-- a master's degree in cybersecurity will debut this fall. The design of this new graduate program as well as this summit is the work of Dr. Bruce Wang-- Director of Information Technology Programs at Harvard Extension School.

Now for these three days, Dr. Wang has arranged a wonderful lineup of sessions led by information security leaders from a range of industries. They will be exploring digital transformation topics, such as the evolution of cybersecurity, artificial intelligence, cyber warfare and model risk management.

We will close out the three day event with an opportunity to network with our speakers and each other. We hope you'll join us on Friday afternoon for this networking session, and the opportunity to learn much more about the IT program at Harvard Extension. Now, a few housekeeping items before we get underway. All sessions during these three days are being recorded.

Each day, you will receive an email with the day's agenda and webinar links for each talk. Each session will be 45 minutes to one hour in length, and will feature a Q&A session facilitated by my colleague Christal Holland. You can submit your questions directly through Zoom's Q&A feature in the lower hand right of your screen. And now-- without further ado, it is my distinct honor and pleasure to introduce Dr. Bruce Wang. Thank you very much Jill and welcome everyone.

Welcome to our First Annual Digital Innovation Summit. So this morning that we're going to kick it off with a panel debate. And the subject that we are debating on is digital transformation-- the down side of it.

The down side of digital transformation. Now-- this morning, we are honored to have a number of the speakers that we have here joining our panel. We have David Cass, and David is a veteran in the IT field. And he has been a chip information security officer at IBM and a number of other financial institutions. He's currently the vise president of cyber risk.

And IT risk at the Federal Reserve Bank in New York Supervision Group. And then we have Tom Cochrane and he is the head of cybersecurity at Farmers Insurance. And we have [INAUDIBLE] us and he is the Global Head of Modern Risk Management at American Express. And we also have Brian Subirana and he is the Director of MIT'S Auto ID Lab and Director of the MIT and Accenture Convergence Initiative for industry and Technology.

And he is a research scientist at MIT. And we also have [? Jose ?] [INAUDIBLE] and [? Jose ?] is the Chief Information Security Officer at Ananda's Health and which is the largest health care system in New Jersey. Well, welcome-- Everyone! And we are going to start our debate. And we're going to debate the downside of digital transformation from the implementation perspective. From the security, privacy perspective, and from the employment workforce perspective, and then from the economy's perspective. So we're going to kick it off by looking at implementations right? And, now-- digital transformation has been a buzzword in the IT field in the industry for some years now.

And every company every business is talk about digital transformation. But it was not done until COVID-19 came. And, when COVID-19 came and this sort of accelerated the need to transform digitally.

And, many companies basically got online and become a digital business overnight. So we can get this digital transformation-- what more can be done? Now I also hear that most of the digital transformation failed. And, so what's the problem? And so maybe we can start. And so David-- you want to us lead us and start the conversation here? Sure, and I'd say probably one of the main reasons why digital transformation tends to struggle or fail is probably too short of a timeline from a planning horizon. When you look at how organizations do budgeting, and planning from that aspect of it. Oftentimes, do IT budgets in a one year cycle.

When you're talking about a transformational event of the scale that we're talking about here today, you really need to have kind of a three to five year planning horizon, which means that you should have at least some of your budget strategy planned for that three year horizon. With the expectation that there'll be changes-- but you have to be able to plan for more than a year out. Yeah, I would say-- maybe that the rule of thumb is that you have to plan for as long as you think is reasonable. And then you'll fail by 2 and 1/2. So it's almost 2 times and a half longer, than the longest you've possibly thought it could last.

So it just-- I agree completely with you it's very hard to plan. And, I want to know your thoughts David or anyone's thoughts on costs. Because the experience I also have is that retail transformation is like an iceberg. And you only see the nice tools, and the nice apps, and the nice interfaces. But below, the costs are huge.

So I don't know what are the thoughts of everyone else here? I agree Bryan-- I've often seen folks underestimate the dependencies and the support required for some of these efforts. That mass below the waterline-- absolutely. Yeah I'll add to David's comment about the planning perspective, and sometimes it also is a multidisciplinary exercise, and not just initiated by IT. And typically, if it's initiated by IT there are going to be challenges. So it really needs to be a business driven initiative, and changed management is critical because changes will come about as David said you know.

You start from one starting point and as you get to the end, you probably see a totally different formation of processes. So you know I think COVID-19 accelerated it, but organizations were already trying to do it. And, like we see usually struggle because of the cost and the length of the projects. Also and on to Shane's point-- other issue that I see here is sometimes in organizations there is a race for digital transformation.

There are many groups-- it is democratized. They are trying-- it's not a bottom up, top down approach. Sometimes, different business units trying to do different things.

But you have different and some of them are really well planned, some of them are not planned. Some of them, including IT in their planning, some don't. So it's kind of a race between different groups within the company. That's also one of the main reason that it is failing, because they realize after one month of planning that other business departments in the company they are doing the same thing but they didn't know they [INAUDIBLE] along and there's a well thought process that suddenly they are stopping.

I think that's the other reason is that--there is kind of a worry that I see an organization for digital transformation, that's missing or fear of missing out. So that is kind of like a attacking a gold mine. That's what I see in companies that there is kind of a race for digital transformation.

I think that's the main reason that it is failing. I think the biggest question is should it be top down or should be it should be everybody should be entitled to do their own digital transformation. I think that's an excellent point and when you look at it from the perspective of starting with-- what problem are you trying to solve? From even with transformation you still need your starting points or milestones from that aspect of it.

And often times these types of events do occur in silos or small pockets within the business. But when you look at today's technologies, whether it's cloud, whether it's AI, ML-- whether it's blockchain. It really requires a business wide look when it comes to the solution because it really needs to be a much more integrated approach than having things go off in a silo and expect success. So, I think the best way to solve the problem is for the implementation of the digital transformation is to outsource it.

Agree? I don't know about that-- I think it's probably important to define your organization's vision of digital transformation first. Bring the business leaders together and understand what really are you trying to do? And then, probably, bring in the high paying consultants to help move it forward. Yeah and to the same point of really what are you trying to outsource? Because again, you don't want to outsource your core competencies-- maybe the technology aspects of it. But what's giving you the strategic competitive advantage as an organization? You tend not want to outsource that-- but from the complexity of dealing with all the technologies. You may want to seek assistance and in that space. Also, it depends on the company too.

Some companies, they have a big IT department. They are more than capable of doing the transformation on their own. Some companies, they did not invest in the IT department. So, for those companies they need to outsource. Other companies like labeled themselves the tech companies they have a big IT department, I think is a matter of planning with all the panelists suggested that it needs to be-- I believe it should be centralized as well as you should have all your flexibility to do the transformation for your business but it should be centralized. And IT needs to be involved.

I think if you do that, it will be successful. And there are other parts of it too, but when you outsource you are not training your own people, et cetera you are already-- you need to train your own people I think. There's a people aspect of it too with the digital transformation. But I think it really depends on the company is how strong their IT department is. But one of the benefits of digital transformation, right? And, so let's not look at from other than the implementations perspective at the moment. From the implementation perspective one of the best thing is that digital transformation provides efficiency-- efficiency! One of the insurance company that I work with previously that somewhere there in the Midwest and the IT department has like 5,000 people.

5,000 people IT department, and digital transformation supposedly that we can reduce that down. Maybe that we don't need that 5,000 people running the IT organization. right? agree? So, I mean that's a challenging question because that kind of speaks to how are you reskilling your people? Because again, I'm sure we'll touch on it later but there is a pretty extreme skills shortage in not only the cybersecurity aspect of it but cloud blockchain. So, there is a lack of talent in these transformational technologies. So, rather than saying you're cutting down staff maybe it's an opportunity to look at how do you reskill some of those key staff and look at it from that before you achieve other operational efficiencies. Yeah, Yeah I know-- You can have 5,000 people, but yet have none of the right people.

And there's key skills that are really hard to find these days. And so, that's the question-- do you outsource it you basically reskill your existing people to find those skills because finding them on the open market trained and ready to go is pretty tough these days. And to build on that I think the governance issue that you have to consider as well that goes with all these transformations, right? People see new shiny objects, and then they embrace them that they haven't thought through the governance, and the risk, and the legal and the cyber.

And what happens is they implement it and after a regulator shows up at their doorstep and they're like, did I do that? And then they frantically go back. So I think one of the things that really needs to be put into this process is sort of a governance sort of perspective sitting in some of that table. Because transformation is great, but if you're not managing the governance risk and from the board to the regulators on down you really put your organization, especially when you have something like 5,000 people all operating in parallel.

Also Bruce-- to answer your question. The response will be yes and no. We are going to say how come up to me. It really depends on your current job. If your current job is for example, if you are an analyst you are downloading rates from Bloomberg terminal and calculating the fair value of some investment. But this very same job you are doing the same repetitive job over and over again.

That job is not going to exist, right? That's going to eliminate-- intelligent automation is going to eliminate that type of job that you are doing repetitive work, right? It's going to be we are going to replace it as some kind of a bot. But at the same time intelligent automation as my panelists suggested is going to open up new risk and you need to hire new talent. You need to retrain your talent. So, I think net and net-- I haven't seen a big impact of intelligence automation, this automation initiatives, or digital transformation to have a big impact on the staffing. Because what I've seen is-- the jobs that we have a repetitive job.

Basically you are being replaced by a bot. So it means that as an employee, you need to be on the watch out and get that new skill set that you can do something else. Exactly, it's a journey, right? So, if it's a three to five year journey then you have to take a subset of your current workforce, the talent and train them into the new skills.

And along the way, start bringing in your current employees into the fold as you get further along in the journey. And, you know, the part with the consulting organizations that you're partnered with to implement it. This way, you brace that knowledge gap along with you re- utilizing your current workforce.

Because as David mentioned-- the shortage is only going to grow in the digital, not just in security, but any aspect of digitization. And, also what I'm finding is that in many cases like for example in retail, when you digitize a whole host of new opportunities come about. And then you actually end up needing more people to take advantage of those opportunities. So, I would say you need more people in general. OK all right so that's why get it sometimes-- Go ahead. If I can follow the experience from the outsourcing of IT and business process back in the 90s, and I would say that digital transformation is a bad thing.

It is a bad thing for a lot of people. And-- you'd look at the report that McKinsey put out some time ago. Talking about the digital workforce 2030. So, digital transformation will basically eliminate 70% of the jobs today. Now, people who lost their job in the COVID Era-- the job is not going to come back.

Right, so basically that digital transformation is good for the business, but it's not really good for people in the long run, and the work of the workers-- the employees. What are your thoughts? You could make the same argument for when manufacturing went overseas, and the US economy became services economy a lot of jobs were lost but then they were re-created in some other form, right? It's the evolution of how people grow within the economies. And I would add to that I think part of it is at the essence of it is-- how effective are we at helping reskill our potential workforce or our existing workforce from that aspect of it. Then we already know there's-- I think close to three million unfilled information security jobs, there's tons of cloud related unfilled jobs from that aspect of it. So part of it is-- what responsibility is it of the employer of educational institutions? And what responsibilities do each individual need to take for their own professional development? So I think there is a distributed effect that everybody kind of needs to own their own personal development to in effect also, but we also need to provide opportunity for retraining and things like that as well. I'm going to agree on this-- just my own experience in my workplace.

They open at Amazon Golf Shop. Basically, there is no cashier in the store you walk in, you walk out. Right? So, if you are a cashier, like you if you see that as David mentioned-- you need to work on your own self- development on education. Because you know that this job-- the life of that position is going to exist.

So you need to get new skills. Of course, it's going to have an impact on the employees, and if I was one of those employees that lost my job because of automation-- it's bad for me, I wouldn't be in favor of it. But you cannot stop innovation-- innovation and the digital transformation is going to happen whether you like it or not. It's going to maybe happen three years, five years from now.

Are we going to see pilots in the domestic planes five years from now? But are we going to see truck drivers-- 10 years from now. I think you know that it is coming. It is a little bit-- as an individual person you need to have some awareness. You need to see what is coming, and you need to as David mentioned-- it's just a self accountability. You need to develop additional skill sets to be prepared for that. Innovation is going to take your job.

So you need to be ready for it. Meet us halfway. The companies have to provide these training opportunities but the employees need to developed a passion for this and really take those training opportunities to upskill themselves.

I think it's fair to say that it depends on a lot on the studies that you look at and there's all sorts of studies. And for example, the work of the future they might be, they've come up with a bunch of data. For example, in factories in the US-- robots are replacing humans but not at the speed of retirement. So there is still a need for new manufacturing jobs.

And it's just very confusing. I think where we're all moving as an economy as a whole is very difficult. You see pockets of unemployment, you see pockets of missing jobs. So, I think it's fascinating. Theoretically, it sounds like one day machines will do everything but I don't think that's anywhere near. I think we'll be busy for a long time.

And if you look at the world-- the world is sort of broken. There's a lot of people that need help. The environment needs help, and that's going to be done by humans. I don't see machines taking care of all of those issues-- huge issues we have.

Health care, epidemics, et cetera. So I think humans will be busy for a while. Well, to build on that-- a company that's truly dynamic and using innovation properly will plan and manage that sort.

It's very expensive to acquire new talent. Like it's very expensive to train talent-- there's a cultural cost, right? You just usually don't hire somebody and stick them in to an insurance company or to an agricultural company. And they understand how it all works.

So I think the smarter, more dynamic companies are properly planning for this innovation. Amazon Go being a great example. I mean it takes years, as we said earlier to deploy the technology-- to manage the risks. And over those years the smarter companies that are more efficient and effective, are planning to upscale those employees.

Because the idea of going to market, hiring new employees, introducing them to the culture, getting them on board, having them show up, you know? And so-- I think the more efficient organizations are planning ahead. Because they hopefully-- Bruce did learn from the lessons of the 90s. And didn't wholesale like-- scanning all the paperwork and then eliminate the records department. So, I mean-- hopefully we've learned from some of the mistakes in the past. And I do agree with Brian that we are-- humans are inherently good at making new problems. Inherent in that it becomes the reality that robots will solve-- we'll solve x for robots, and then we'll make y for humans.

It just seems to be inherently in the way we behave, right? Solve one thing and create another problem. So but that from where I'm sitting I'll defer back to you, Bruce. So, this is very interesting, right? And so if you look at automation-- you look at robots. And it is in jobs that we never thought was possible.

Daniel-- and that is actually a lawyer by career. And, so today that you hear people that using robots and using machine learning actually for judges to leverage and to sentence people. And to decide that whether they should grant opportunities or not. Right? And that we think about economists. Economists or some phase that we don't need economists anymore.

Because all the forecasting can be done very nicely with machine learning. And, so obviously, that we did not do a good job during the 90s when we started that whole outsourcing initiative. And we did not do a good job retraining people. So, in this case-- what is your recommendation? Is retraining a responsibility of the employer, or of the individuals? So I mean I would say that there's a certain level of mutual responsibility there. I mean an individual has to want to be retrained, you know-- from that aspect of it. But also, as Daniel mentioned-- once you've had employees understand the culture, understand the business-- that has value, from that point of view.

So that there should be a willingness on the employer to retrain. With the expectation that not everybody is going to be able to be retrained, not everybody will be interested in it. But there still needs to be a pathway for it from that aspect of it. And then, interesting discussion-- I'm sure we'll discuss later with the AI and ML.

That AI and ML is still bad at certain things when you have very unexpected events. Like, look at what happened to a lot of traditional models. As soon as you went into COVID, there were some unexpected deviations-- business models weren't used to that type of an event. So, there's still a lot to be done from a-- how do you manage AI and ML from an appropriate kind of safety and soundness perspective before letting it engage in certain decision making. To build on David's point-- you know, especially when you're with this whole work from home situation. I think employees and employers have to do a spectacular job of informing the workforce where the new opportunities are coming, and how the organization is progressing into the new ventures, right? So that they can decide what direction they want to take in the future.

And in the bias, and the I would never go away. I think that will probably be the ethics and bias and the I would probably be a problem for the future to solve. I mean it's inherent in it's very definition of how it's made and sort of like when you look at the law, right? Or you look at anything, right? There's a lot of interesting training on judicial bias that's starting to come in and other things, right? I think bias is inherent in its being aware and cognizant of it-- trying to come up with a way to balance it. I think one of the most tricky things about these transformation projects is to be aware that I call this self-fulfilling prophecy of greatness. Right? Inherently, and everybody is focused in the same direction and isn't always cognitively aware that in itself is becoming its own risk.

When everybody sees it as a certain way there's a failure to account for the other perspectives and risks that come with AI, ML, frankly-- any sort of technology. It will be a tricky path forward but I think it's one that has to be navigated. Because you're not going to stop it. And to Bruce to come back to your question of do the employees have responsibility, and the answer is yes. The company should be providing the training opportunities, but it's not going to be a one time event. They've got to develop a passion for this and keep up as the technology's moving so fast.

They'll never be done trying to keep up, but they've got to keep that effort up, and they've got to develop that commitment, that passion. I agree with everything being said. Everybody has individual responsibility as your employer has also needs to have an environment that you are supported.

Both financially because of this training school is a bit expensive. They need to be supportive and help you to-- help you to support your journey of self-improvement. It's part of a leadership and cultural view but if the company is not supporting the employees to be trained. It is very challenging in this environment because everybody-- it's really become self determination because everybody has a full time job. Families, and on top of it you are going to pay out of your own pocket to get trained. It makes it difficult. So it is as a firm needs

to have employees-- your employer needs to have a vision, a plan. And they need to support their employees. As far as the data bias. But bias in AI and ML.

There are two types of bias. One is hidden bias in your data. , Basically your bias in your own processes.

What AI and ML is doing is replicating what you are doing and now you are seeing this and you are seeing that AI and ML is bad because there's a bias. No, because there was a bias in your data. You were biased, now you have scientifically seen the evidence of it.

There's a second type of bias is caused by AI--ML. We don't call it bias-- we call it over fitting. But again-- other traditional models also all fit in, too.

But again what it comes down to here is that-- AI and ML, you are able to process immense of amounts of data very quickly and which help you to make decisions be more efficient. Yes, there is a downside of it, which I'm going to talk about in my talk tomorrow a little bit. The bias but with the traditional statistical approaches, you cannot process that immense of amounts of data.

And make-- like you cannot compete with AI--ML because of the algorithms and technologies are different. So in digital transformation, and so we touch on the workforce and we touch on the AI bias, right? And that now one of the things that really stands out during this whole pandemic that when businesses move online and which is part of the digital transformation. Is a cyber security and security issue and privacy issue.

And you can see more and more like every single week that you see something. And it's not the small threat-- is a huge threat and threaten to company's financial structure, it's going to impact the economy and et cetera. So, that is a huge downside of digital transformation. What are your thoughts and what can we do about it? I would just say, Bruce that I would want to echo your thoughts and say that I think cybersecurity is one technology where we are going backwards. Every year is getting worse-- we're almost getting better as a human race in everything except with this. So I really look-- I'm looking forward to see what the other panelists have to say on this.

I definitely say that's an interesting way to phrase it from that aspect. I think one of the challenges to information security in general is they don't always reassess themselves as quickly as the technology changes. Because now when you look at it from the perspective of with the newer technologies that we talk about, whether it's AI--ML. Whether it's cloud, whether it's a distributed ledger technologies. You have to periodically re-evaluate your information security program to make a determination-- are you equipped to deal with that new technology? And how does the threat landscape change? You know-- just to even touch on it from a reskilling point of view.

Even after we still intersect people because when you look at traditional models of infrastructure security where that team is usually very strong with appliances, setting rules, setting things like that for firewalls. Now, all of a sudden you move to cloud or you adopt some of these other technologies and it's essentially infrastructure as code. So now you have to help them reskill to learn things like JSON, Python other so they can get the intelligence they need.

So, I think part of it is information security can't become complacent and there's a huge entropy where it does. Just like networks tend to get flat over time-- information security have an up and running program. And it's kind of treated like a utility-- everything is going until the lights go out now from that aspect.

Just to building-- And I would say there's a lot of bad news out there but it's easy to miss the good news in all that noise, you know? The threats are bad, and the world's a dangerous place but I see lots of positive trends. Industry is much more engaged in security than they were 10 years ago. The big players at the top of the ecosphere like Google and Microsoft are making contributions to security. I think that makes a tide that raises all the boats. Just look at Google project zero and the resources Google is bringing to that project. For example, to increase our security and making it easier for the folks that do pay attention and do develop the resources to make their networks more secure.

You're right Tom, but I think the problem really stays with a mid-sized business and smaller business where the innovation needs to happen. And that's where the security is not part of the design process. And it's not embedded in change management. Then you will start to see what Brian said and what David mentioned you know. The retooling and reassessing would not happen and you continue to see problems.

Which could have a larger impact on the economy, such as colonial pipeline or meat-packing. Steaks were not being delivered, so-- it could be a problem. And I think to build on that, I think people simplify cybersecurity's impact. You have vehicles, you have medical devices, you have infrastructure, you have computers, you have mobile phones. And I think that-- cybersecurity as a whole-- 10 years ago or 15 years ago if I told you someone was going to wait in line for two days, and say rain or shine to get a device that's about this big that will control your entire life and make everything go boom.

You'd tell me that I'm nuts and I tell you, hey, look, that's what we call the iPhone. Right and/or the Android device. I think that technology has increased its footprint into everything much quicker, and I think that the truth be told that the laws, the technology, the people, the complacency, right? A mid-sized business doesn't have the capital resources to hire the crack commandos, and unfortunately the top tier talent does. And so you have to start to rethink and retrench the way you approach security as well as privacy, right? Privacy is now become front and center, right? And privacy was not front and center 15 or 20 years ago. Privacy was an afterthought-- look at the Double Click decisions.

Look at a litany of court cases that in the United States that have relegated privacy. And now, it's taken on CCPA, GDPR and all these things. And I think that security has to not only train and focus on it but it's become much more complicated. Plus the fact that all of a lot of the private-- public infrastructure has shifted. Right? Pipelines, meat production, right? I mean-- steak, whatever you want to call it, right? That is now sitting in the private sector, and you have to look at how legal structure operates, right? In each country-- and how is the state allowed to help secure private industry, and where are those lines drawn, and how do they operate? So all of these things have become a much more complicated web-- in trying to actually execute and secure something, right? So, you don't have to be the tech wizard to be a cybersecurity specialist.

You can be somebody who works in policy and privacy and government. You can be someone that helps in managing incident response, project planning-- there's a lot of different roles that don't require technology versus skills but require human skills. And I think that's the other part of that cybersecurity standard is how do you secure a human from themselves? You know, how do you stop the person that clicked on the email that may or may not have gotten that ended up and taking? There's a lot of other issues that need to be addressed because technology wasn't built like that to-- most technology you say pointed out is not built with security and privacy at the forefront of what they're doing-- until of late. And I think Solar Winds really drives that home from a lot of different players.

So we could like just to build on what Danielle said just a couple of very simple trade models. One, is something that brings up your Siri or Google Home and it's inaudible. And it can search for your contacts-- one that has the word password in it and send it somewhere else, right? Or another trade model-- imagine something that starts all over in the country and starts creating fire. And so I think a big thing with IOD is retrofit and coming up with updating infrastructure that's maybe old and that won't be updated. So I think there is room to believe that this is a problem that's going to be with us for a long time.

And the potential worst case scenario, I think is getting worse and worse, not better and better. Even though we are improving. So one of the advice that someone gave it to me a long time ago was that if you are online if you connect yourself on the network, then you are exposed. You are exposed. And so with that theory, if you are giving advice if you look at recommendation to companies, right? Large or small companies-- the rule of thumb is that if it is a mission critical system, it is a mission critical application, don't put it online.

Don't think it'll transform it, right? And, so you only digitally transform things that is not mission critical. If it's absolutely mission critical-- live it out. A great comment-- Yeah so, it's an interesting comment but if you are a B to C type of a online retailer and your entire business model is to take orders over online-- how do you not expose that application to the web so that people can quickly order and receive just in time updates of the progress of that order? But you're right, you know? Again going back to the design issue-- everything can be secured by design.

There are some things that need to be taken to build it right. And then continually manage it or govern it, along, to make sure that as the emerging threats are coming along, you know that the system is retrofitted to make sure that it's not vulnerable to those exploitations. Humans developed software-- so naturally there is going to be a gap in how they develop it and where it changes. Functionality changes-- you know develops where they have [INAUDIBLE] is an ongoing conversation. But I tell you with 5G and everything else coming along, you know? It is going to be a new world in terms of how mobility is used in conducting business.

And one thing, sorry, go ahead Brian-- apologies. No, I know, I just was going to say very briefly that I would pick up on what Tom said that I think what you need to do is hire very good people because there's technology out there. And if you're not going to put your needs and critical things online your competition is going to do it. So, I think it's a matter of hiring good people, training your people, and it's really a people problem at the end. The other thing is-- you can't not put like if you look at the pandemic, all right? You might not have had certain applications online, and then you might not have had done any work. Right? I mean, at the end of the day, there are constant problems that employers are facing that we're putting something online or making it accessible is great, right? But how do you secure someone's home? How do you secure the home where a kid is playing or not playing studying online at high school, another kid is learning in elementary school, and the other kid-- your third kids decided, hey, I'm going to go play at Fortnight for the day instead of go to school.

And they're all using the same network that you're trying to do work on, and your computers and all of these devices. So I think you can't just-- but your business still needs to operate. A business still needs to make money, and you need the right people, but you need the right-- and look at vehicles, look at other things, right? You need to literally start at the top and move all the way to the bottom to get this button, right? I mean-- it needs to be a focus at the board level of the C-suite to really drive the conversation. Because, at the end of the day, a car shouldn't become a missile system because somebody decided something, right? A vehicle should be a secure operational thing. But for that to happen it's got to start all the way to the top with the senior leadership of an OEM saying, hey, look this is a priority. Right? It's got to be bought in and pushed whether it's consumer B2C B2B or whatever.

And I think that's a large piece of the puzzle, right? Is understanding and having that adoption by the business recognition that security is inherently tied to the value of the business. Also it is partly related with the risk acceptance, right? Because when every day you are making a decision we are taking a risk. But, another downside of the digital transformation is to make negative comments spirals, right? As my panelists mentioned, you have to compete with your competitors. Suddenly, people are online making negative comments about it's taken so long for certain things to order your side. That you are going to see immediate impact, but it comes down to, right? As [INAUDIBLE] mentioned governors process-- risk acceptance.

If something high to deemed critical for the company, and you are putting it online-- you don't drive like other miles without your wearing seat belts, right? You need to have some brakes and suspensions. You need to put governance framework around this control, based on the rigor-- risk falls in the company. So you have to watch it closely.

As my panelists mentioned-- if you need to hire talented people different new skill set you hire, and you built your controls around that system. But, again if you have to compete with online-- the way that we have everybody is going is one platform, one click so you will access everything, right? So you have to compete with that-- whether right or wrong? But it also goes to your business plan, too? What is your business plan? Do you believe in that view that you are going to make it transform everything, make it easier for your customers? Or, do you are going to stick with your own [INAUDIBLE] business plan. I think this is, as Daniel mentioned, it goes into C-level executive company's decision-- everything.

But, if you identify your critical processes-- you should, you need, you are expected to build appropriate level of controls around this. So you will enable transformation in a controlled manner that you are not putting the company at risk. You're right-- we used to say business process re-engineering. At one time where the processes need to be re-engineered to adapt to the new models, and we're changing the paradigm. I think that's where it's critical to reinforce those controls. Whether it be cybersecurity controls or audit controls, or what are needed to make sure that we're not introducing risks along the way.

And adding multiple risks can actually lead to a critical risk. If somebody in three different business units is accepting medium level risks, cumulatively they will become a critical risk. And unbeknownst to all three, they are only accepting a medium level risk. Where the cost of that now risk has surpassed the revenue model of that organization.

Yeah I definitely concur with what he's been saying, and that kind of you guys probably already touched on it why I had my technical issue. Is, when you revisit governance for your organization. Now it's about, as Daniel mentioned as well, having the right players at the table for governance. And having right measures for risk management. So you can possibly see when maybe your mid-level managers are taking on too much risk or see the direction before you get in front of your skis.

So one of the-- go ahead Daniel. I was going to say just look at cryptocurrency in the banks, right? You know that's going to train wreck somewhere along the line. As it's the pushing, and pushing, and pushing everybody to get into this new technology.

And crypto custodial services, and so on and so forth. And as, [? Hakaan ?] pointed out, you saying it well pointed out, right? A lot of medium sized risks that everybody's OK with-- amalgamates to a very large risk. And I think that the controls of the design-- and I think you just need to look at the new technologies that are coming, that have a lot of value, that are really sexy. But as Brian pointed out, right? If you don't do it-- your competitors going to do it. And then it becomes, OK.

How long am I going to sit on the sidelines testing something letting these IT wonks who are just talking about hypothetical problems while I'm watching Wall Street Journal for being a digital innovator and banking or whatever it is. And I think that it's a balancing act, and it's about accepting the risks. I mean, at the end of the day, do you have the right risk metrics at your business? To c-level leadership and everybody in between is comfortable with? But I think that inevitably-- there are problems along the way or hiccups or bumps on the road, right? And, you'll learn from your mistakes. The real issue is not-- for me, I look at cybersecurity incidents. And I see them in the news, and the thing that I'm always hoping is that people are always looking to do better.

Because bad guys are innovators, too, right? They're big, they're bad the criminal innovators. But, they are always working ahead, and they don't have any rules or constraints to limit their harm. So they're always going to be able-- when you can take and, you know? And so cyber will never be a perfect exercise but it's about managing that risk and learning from your mistakes. I'm sorry, Bruce, I apologize.

Oh no, thank you-- you actually touched on what I wanted to touch on. And, so let's close this with one more thought, right? And then we're going to move to the Q&A. So, one of the technologies that help with managing all this privacy and security is the Blockchain. The Blockchain has not been ticking off that massively. So, what's wrong? What's the problem? So, I mean one of it is trying to think of what problem are you trying to solve? So, Blockchain does offer a lot of opportunity for a lot of potential things.

But when you look at it in the construct of financial institutions, where you're looking at distributed ledger type technology. So, it's great that there is that level of visibility and the capability for immutable records, but depending upon the size and scale of the institution, you don't just rip and replace that kind of technology. There's lots of integrated dependencies, and that's one of the reasons why you see so many, I guess, financial kind of startups in that space where they're developing on this new technology.

So, that offers a lot. And when you think about it from a Blockchain point of view what's potentially the future of digital identity? You know? Is digital identity something that's going to be possible on the Blockchain? I think so, from that aspect of it. And, you have to think about it-- OK.

So, how would that transfer risk to the individual? I guess owner of that digital identity from that perspective? And, is society potentially ready to be able to manage their own digital identity? And I feel like I'm potentially ready for it, I don't know so much that my mom might be ready to manage her digital identity. So, part of it is looking at where is the future of this technology really going from the capabilities? But, then also looking at-- as we kind of touched on earlier constructs. What's the societal impact, and how do we get society ready for this? You touch a good point David.

So, that brings up the subject of sovereign identity, right? I mean how does identity get managed and who controls the attributes of how do you prove identity proof-- a process or an individual or an organization? And that in itself creates other challenges. But going back to your argument about the Blockchain-- I think every innovation takes a little bit of time to get to a point where it actually becomes a value generator. I think that's where Blockchain needs to get to-- starts to show value to the mid to large size businesses, where they can actually now use that technology in processes where they're either displacing highly skilled workforce or low skilled workforce or manual processes that take much longer to execute. Fall detection, claims management, identity proofing or some of these things that take much longer to do manually but can easily be done very quickly through Blockchain. But if it's done right, right? If it's proven-- and the value is being generated by the investment organization and organization is making.

And a couple of things additional to all of the above. One, is that it's a very centralized technology when you think about potential security threats. There is a software-- somebody controls that software and [INAUDIBLE] it-- and that centralized. And, the second issue, I think, is what you do with those identities-- how do you manage them? How you do for example-- if you have a Bitcoin, where do you store those numbers? If you give them to someone, they can own it.

So there are some legal issues, and there's many more but we don't have time. Where we could just spend a day or two just on the these. One other interesting impact is there's simpler things and understanding them like using Blockchain and food.

The reach of blockchain-- it crosses so many verticals and sectors. And I think that a lot of people need-- it's really cool, it works really well. Whether my mom can manage her digital identity or not is the icing on the cake, right? Understanding whether the cow that gets killed at the farm that gets turned into meat that goes to the distributor that ends up at the Walmart that they then do a recall because there's E. Coli can they just recall the walk that specific pallet of meat? Or do they have to recall 2 million pounds of beef, right? I mean, the implications are huge and the risks are huge, right? But you need to understand and evaluate them and model them out, and do your best to figure it out because there's all these governance issues.

And all these legal risk issues. What happens if someone-- a bank actually offers crypto custodial services, and an employee gets out the bank the people behind the wall and the private key? There's a lot of issues there that need to be thought through from who's responsible and how does-- are there laws that allow for a transference? Can a bank be like-- their fault. We lost $100 million but they were the idiots that gave it away, you know? You know-- you have to really think about all of these risks and see if the legal systems-- and that's just the United States.

It is global-- people forget China, Chile, Brazil, Mexico Spain, Italy, Denmark, you know South Africa. All over the world they're integrating these technologies, and their local state laws govern how those transactions are treated. And you have to consider that.

Because you are subject to their sovereignty. A big task but just one point is also it really depends on where you are at the company. If you don't have a clear control of your data as it is today, so you don't know you cannot even attest that your data is accurate, there are no duplicative information-- your information is up to date.

It really prevents you building something more complicated on top of it. I think some of the issues is-- some companies organizations are really backward in terms of data governance and accuracy because they haven't got this right. So, how can they build something on top of it? I think it goes into some of the limitation or why it's not didn't grow. This I think, is one of the impact.

Other than as Daniel explained the legal and other impacts, I think that's also one of the main reason that companies did not progress quickly on the blockchain. Very good point, very good point. Thank you very much and that concludes our debate this morning. What we're going to do is that we're going to switch to the Q&A, for the next few minutes, and looks like we have a number of questions from the audience. Our colleague Crystal will be helping us with that.

Good morning, everyone. I just wanted to say-- thank you to everyone who has submitted questions throughout the session today. It's been great to see them all come in, and I love to see the engagement that we're having. But due to time will not get to all questions today. But for our first question, we have-- currently we have heard a lot about data driven digital transformation and data driven organizations. How does data enable or drive digital transformation? Anyone wants to take it? I'll go-- I mean when you look at your data is pivotal to every business decision made.

The question is, are you using all the potential insights from the data that you have. So that's why we're seeing the increase in the AI and the ML to look at-- what insights were you potentially missing from that pool of data? And it also brings on other challenges as Daniel alluded to earlier of the right to collection and usage of that data from that aspect. But when you look at it-- every organization. If you're in business, you have data. So the question is, are you using it appropriately? And, are you gaining the proper level of insights from it? I will say that's the main reason is for intelligence information because you have data all over the place.

You have your personal data you have your behavior on the internet. What news you read, et cetera. What people are doing is like-- this is one side of it, right? They are collecting this information and use it, right? This is what-- from a company perspective, you have different databases sitting in there, right? You are connecting the dots. So that's the main reason that driving innovation. So connecting all the data. One of the interesting issues that has to be thought about is privacy in one's self identity isn't ubiquitous around the world.

And so what ends up happening is my definition of what my rights are-- privacy and digital identity are different than those of other individuals located elsewhere in the world. But when you start thinking about how all of this data becomes collected and aggregated, right? Think of your Android and you're driving through Europe. I can do forensics on that phone, and I simply can tell you where you were for how long and what city when you stop, if I get your phone, right? Did you consent to that? How did you consent to that? What were you OK with? Balancing those issues and risks as you know-- you can't stop, I don't want to say progress, but you're not going to stop this train-- it has clearly left the station. So, it's about putting the right governance and risk structures in place. There are certain places in the world where citizens own their data.

And they can demand from a company-- I want to whatever data you've got on me, and I want you to remove it. And I want it to be done within x amount of time. Versus other places where like-- go pound sand, thanks for asking. So, I think there's these things that are going to become much more complicated, as well as cybersecurity requirements. China has cybersecurity laws, the United States does, I think it's going to become a lot more complicated managing this process. The next question Sure thing-- what advice slash tips can you give in regards to change in culture within large organizations from seeing digital transformation from job loss to career opportunities? So, I say the first aspect of at least from dealing with the technical teams is getting them to understand that their job isn't necessarily going away.

That it's changing, and providing that support pathway forward for those that want to be re-educated. So when you take a look, when I first started helping organizations move to the cloud years ago-- a lot of opposition would come from the data center operations team. Of it's not secure if it's not a data center, it's not good unless it's privatized. So part of it is-- working with those data center teams.

Understand that you're still going to be part of a data center team, but you're going to be provisioning data centers in a new way from that aspect of it. So part of it is helping them re-educate, really, on the aspects of what's changing for them and how you're going to help them in that aspect of it. Rather than let them think the worst case scenario. Maybe that we take one more question. Crystal-- Sure thing, Bruce.

Are there any plans in academia to begin training developers at the Higher Ed level and security practices? I think that's you, Bruce. So at the higher level. And, so this is the word Harvard Extension School, and DCE come into place, right? And that this is the program that we are offering.

And when we touch on upskilling, and the retraining requirements. And, that is what we are trying to do. And, not just Harvard Extension School but many higher education institutions as well, right? And for us that through our IT programs, and that's what we are looking for. And that's why we actually-- when you come back on the networking session, on Friday at 3:00 PM, we will be sharing. And we will be officially announcing a new degree, and a new degree an ALM-- with a field of study-- a master degree. And a field of study in cybersecurity.

So, well thank you very much for the questions and thank you very much for the panelist. And this has been a session. Now, if you see the screen, you see that we have three more session today.

11:00 Eastern time, 1:00 PM Eastern time, and 3:00 PM Eastern time. And so, David will come back at 11:00 to talk to us about the journey to digital transformation here. And, that we also have 1:00 PM. That we have data science and AI in advertising. And by [INAUDIBLE] and he is the senior vise president. And for this AI company that actually focus on marketing and advertising.

And they just finished just closed a round of $60 million investment-- VC money. And then at 3:00, Eastern time and we're going to come back. And [? Jose ?] is going to share with us the threat of detections in intelligence.

Well, thank you everyone! And for spending the morning with us, and enjoy and we will see you in the next session. Thank you.

2021-07-05

Show video