I recently attended the MIT Sloan CIO Symposium, a kind of meeting of the minds for leading CIOs and senior IT executives, who gathered this year to discuss the strategy and execution of digital transformation goals. Throughout the event, experts outlined frameworks for intelligent modernization, like integrating AI into development processes, taking proactive steps to improve cybersecurity postures, practical uses for blockchain, what’s next in cloud computing, and more. All about creating a more sophisticated digital sphere.
The goal is clear, but realizing digital success remains challenging. Leaders must address business complexity to reconfigure their organization’s digital landscape and operating models by navigating ethical and economic issues, developing and re-developing agile software platforms, managing IT costs and talent acquisition, establishing cross-functional partnerships internally and externally, all the while capitalizing on Agile and DevOps for speed of delivery.
It’s just this simple.
Keynote speaker, Fredric Veron, CIO and Head of Safety and Soundness at Deutsche Bank delineated a three-pronged approach for successful digital transformation in his presentation, Safe and Sound Software for Digital Execution. In his talk he described:
- The importance of being hyper-aware and knowing your software and how it is used.
- How to create “Readiness Gates,” or mandatory checkpoints, for security, resiliency, structural quality and risk.
- Implementing DevOps to shift from “Fail Fast” to “Learn Fast.”
Veron also stressed the need for companies to understand their software inside and out as software vulnerabilities threaten the functionality of applications.
At the heart of this change in mindset and process lays Software Intelligence.
According to Veron, “Software flaws are the root cause for about 20% of incidents. The other 80% come from testing, hardware, human errors and infrastructure. But all of this is still related to software.”
Shifting application security left is integral to producing safe and sound applications. Veron urges companies to utilize an intelligent approach to ensure software integrity stating, “In the early days of software, it was acceptable not to understand it beyond the surface. But now, when the cars we drive have more software than the planes we fly or the first rockets that went to the moon. And software is critical to life, business and each one of us. And we are trying to handle entities much more complicated. We need better visibility and we need better intelligence about these systems.”
I also watched a panel titled Creating a Digital Culture with Tanguy Catlin, a Senior Partner at McKinsey who is helping companies build out their digital capabilities. He shared interesting points about the cultural aspects that increase a company’s ability to change, to speed up, to take calculated risks, and the ability to form partnerships with third parties to develop market leading solutions.
The latest point made me think about the importance of knowing your software supply chain, beyond just open source components. Your business depends on your vendors and your partners’ software. Transparency into any potential risks there is critical, if not mandatory for compliance.
Finally, I managed to see half of the panel about security where Lev Lesokhin, member of the CISQ board and SVP of Strategy at CAST, made a couple of excellent points regarding the way large IT organizations can leverage CISQ quality guidelines to Deliver Resilient, Secure, Efficient and Agile IT Systems in Line with CISQ Recommendations.