Identity Governance is Critical Every Step of the Way

Learning from disruptive events like Covid in planning and proactively preparing corporations for similar events.

Consider being the CISO of a major global corporation, such as Dell or Lenovo. You start your working day and among the dozens of normal safety and efficiency responsibilities with its more than 100,000 employees (Dell) and 54,000 (Lenovo), you need to monitor the vulnerability levels of your value chain involving suppliers and other employees with diverse types of access to your network and primary applications.

According to surveys by international consultancy McKinsey, this ecosystem is composed (data for 2019) of 4,761 suppliers (Dell) and 3,968 (Lenovo). Of the many direct effects of Covid’s disruptive impact, it will certainly be to include in the agenda of priorities of CEO’s and CIOs a previous structure and ready to activate similar events that may cause a similar impact of the business operation.

This same survey accounts for the expected financial volumes since shocks causing losses in the hundreds of millions to trillions of dollars involving various types of events such as systemic cyber attacks, climate media from critical impacts, regionalized political conflicts, regulatory acts, new pandemic cycles derived from viruses, friction associated with trade disputes until finally a possible global war.

From the fateful 11 ​​March when WHO declared the Covid-19 virus pandemic to the world until this month of September, we have six (06) months of disruption with varying degrees of intensity in the most direct sectors of economic activity (see my previous article on Covid-19 winners and losers). We cannot avoid disruptive events, but we can anticipate them and devise strategies to respond to these incidents in order to obtain the shortest possible loss of operating activity and even to expand it, as we now clearly see.

We can statistically consider the following scales:

  • Disruptions between 1-2 weeks; Occurrence on average every 2 years;
  • Between 2-4 weeks; every 2.8 years;
  • Between 1-2 months; every 3.7 years;
  • Above 2 months; over 5 years.

The epicenter of the shocks could directly affect a significant number of suppliers as well as the necessary inputs, causing the disorganization of the final production. It is estimated that for manufactured products, companies can estimate losses of more than 40% of their profits on average each decade due to the events described above. However, a single disruptive event that exceeds 100 days may eliminate all profits for 1 year according to the economic sectors.

The main concepts of modeling production chains so complex and geographically dispersed have been expanded by the rapid acceleration of communications and the speed of the world internet, aiming to maximize profits and efficiency according to the relatively stable adjustments and reactions of consumers. In the pre-COVID world in particular, these ecosystems had greater predictability in response time in their favor, not requiring CISO’s ultra-fast updates of access to critical applications, profiles and synchronicity of daily changes by employees.

According to Fortune magazine, 75% of CEOs plan to substantially accelerate their digital transformation processes in a new environment where 54% of companies have decided to transform permanent remote work, with 61% in the financial market. I witness these trends in my practical day-to-day hearing from CISO’s how to implement changes in the value chains in the shortest possible time due to or one of the disruptive events described above or associated with digital transformation processes.

What was possible to do with a partial automation of the governance of identities became simply unfeasible to provide businesses with the technological response to new demands and even to respond to recurring demands of regulatory acts. In this context, migration to cloud environments has become a practical answer to the lack of technical resources and digital infrastructure to quickly activate, change and / or readjust the ecosystems of suppliers and employees.

It is estimated that the five value chains most exposed to the impacts of disruptive events involving products manufactured worldwide move about U $ 4.4 trillion dollars in exports. The most recent data show that 93% of the main suppliers plan to initiate projects in the short-medium term to increase their levels of resilience to these impacts.

It has become essential to use artificial intelligence algorithms to technologically materialize such changes in time, precision, safety, and in the new levels of operational efficiency for maintaining and expanding competitiveness.

Companies that have not realized this urgency and prefer to keep their projects at speeds before COVID will lose their market positions with direct competitors. Those that are more agile and dynamic will be part of the winners and will expand their leadership positions, opening a gap that will be too arduous to recover due to more conservative attitudes that current events have made evident.


Discussion