Securing Digital Transformation for Legacy SystemsFormer City of Toronto's CISO on Integrating Technologies, Embedding Security
How does one begin to secure the digital transformation journey in two legacy enterprises? Kush Sharma, principal for Sharma and Company and former CISO for the city of Toronto, shares his experience and offers advice on investing in and integrating technologies.
See Also: A CISO's Guide to Communicating Risk
Sharma spoke about his experience in undergoing digital transformation journey in the city of Toronto. "For the systems that were not part of the digital transformation plan in the near future, we had to build custom applications to integrate with technologies that are in the cloud. We had to educate our DevOps teams on security as well as the Privacy by Design principle," says Sharma. "We also took our cyber people and embedded them into those projects with businesses so that they could educate the stakeholders from the beginning."
Sharma says the digital transformation journey is not about putting a process online. "If you take a process and put in online as the same process, that to me is not transformation. This education needs to be embedded in program management from the beginning," he notes.
Sharma had led a similar digital transformation journey at Saputo, a Montreal-based Canadian dairy company.
In a video interview with Information Security Media Group, Sharma also discusses:
- His thought process before investing in particular technologies;
- His concerns about digital transformation and rapid digitization;
- How to ensure seamless integration of technologies.
Sharma is principal at Sharma and Company and is the former CISO for the city of Toronto. As Toronto's first CISO, he was responsible for setting the city’s information security strategy, governance, risk, compliance and cyber functions, reporting functionally to the city manager. Sharma has more than 20 years of public and private sector experience.