It is well known that COVID-19 pandemic rapidly sent millions of people to work from home (WFH), which created an immediate challenge for many organizations – providing secure system access to employees. However, the less visible and more challenging transformation that also occurred was the sudden requirement to digitize processes, including previously paper-based transactions, in-person meetings, business travel, and other “normal” day-to-day operations.
Rapid digital transformation has enabled organizations to respond and thrive during the pandemic. A May 2020 blog post by the World Economic Forum stated “the transition to a new model for supply chains will be underpinned by a rapid and wholesale digitization of the paperwork that accompanies global trade.” However, this transformation has also introduced new risk into business operations – and it is important for organizations to understand and mitigate those risk as we enter into the “Next Normal.”
The Impact of Digitization in COVID-19 response
Some organizations had already begun the digitization journey before the pandemic hit, providing them with a head start. For example, companies that were already focused on collaboration technologies before COVID-19 were in the strongest position to maintain steady business operations when social separation and work-from-home (WFH) became new realities. Likewise, those with robust security mechanisms in place, such as sufficient VPN licenses and multifactor authentication, were better positioned to transition to virtual working while protecting sensitive information. And organizations that increased their internet and network capacity before the pandemic found it easier to connect to remote employees, customers, suppliers, partners and other stakeholders.
As one might expect, companies with bandwidth constraints prior to the coronavirus pandemic had a difficult time in the WFH environment, as did those with inflexible legacy systems and processes that could not keep up with user demand. For example, old government systems running COBOL had severe capacity problems as millions of citizens filed claims for social assistance. These older systems can’t be migrated to the cloud quickly, so IT departments were stressed finding “workarounds” to the problem. Other problems arose in cases where there was no pre-existing mobile strategy. For example, most call centers operate out of a central location with employees using desktop computers. Due to a shortage of available laptops, some call centers had no choice but to send desktop computers home with employees so they could work remotely, which led to implementation delays and interrupted operations.
Digitization Focus Areas that were critical to COVID-19 response
Companies that fared better in the pandemic had a few consistent attributes:
Technology Preparedness - This includes the adoption of virtualization and cloud technology. Whether it’s servers, networks or desktops, virtualization enables organizations to dynamically scale their IT resources up or down as needed, while also providing centralized management and control. Virtualization can also enable more efficient use of existing IT resources, which generates greater return on investment.
While this has been an IT trend for several years, the increasingly widespread adoption of cloud continues to generate strong results. Migrating data to the cloud gives companies the scale, flexibility and redundancy to keep IT systems running effectively, even during massively disruptive events like a pandemic. It helps reduce the costs of hardware, power, firmware upgrades and on-site support, because these become the responsibility of the cloud provider. Software-as-a-Service (SaaS) is a great example of how moving applications to the cloud gives simplified, scalable and more reliable access.
Improved Cyber Security including Identity and Access Management (IAM) – WFH has obliterated many remnants of the traditional network perimeter, and with it the concept of perimeter security, where virtual “fences” keep the bad guys out. Identity has become the new paradigm of enterprise security – if you can ensure that only the right resources are accessed by the right people doing the right things, then you have a more secure environment. Modern IAM systems provide flexible authentication that enables people to work from home or anywhere else. And, with many companies announcing they plan to maintain expanded WFH policies beyond the pandemic, IAM has become the foundation in the modern secure working environment.
COVID-19 can be thought of as a harbinger indicating where organizations need to focus in order to thrive in the future with far more agile and resilient business processes.
What is Needed to Maintain the Momentum?
Technologists alone cannot make digitization initiatives successful. Organizations can take a holistic view and consider many aspects of digitization, including:
Finally, to thrive in the Next Normal, organizations should consider conducting risk assessments of digitized processes and take appropriate actions to remediate any identified security gaps. These assessments should also be a foundational element of future digital transformation initiatives, so the proper controls can be implemented from the beginning.
Digitization is Upon Us
COVID-19 has turned digitization from a “nice to have” to a “must have” for many organizations, forcing them to adapt and modernize quickly in order to keep their operations running. While digitization may seem like a daunting task for some organizations, the pandemic has made it clear that sound business strategy demands identifying digital transformation opportunities and getting those initiatives underway quickly.
However, speed of transformation cannot come at the expense of risk, or the entire initiative can cause more harm than good. It is critical that cybersecurity and other risk factors be considered in the design stage of digital transformation initiatives, so the new digitized process does not weaken the overall risk profile of the organization. The good news is, all of this is readily achievable, and when done properly, it will make organizations much better positioned to thrive as they emerge from the pandemic into the Next Normal.
JH, a partner at Deloitte Risk & Financial Advisory, Deloitte & Touche LLP, as well as Global Risk Advisory leader for the Financial Services Industry, has more than 25 years of risk management experience within the sector. He has deep experience with the complete credit lifecycle, enterprise risk management, operational risk, and integrated compliance risk management. His extensive experience in the area of credit includes quantitative methodology, portfolio analytics, process, and controls, integrating risk management practices, and addressing and resolving the Options Clearing Corporation (OCC) and other regulatory issues. JH has worked with seven of the top 10 credit card providers, four of the top five mortgage originators and servicers, two of the top three student lending organizations, and three of the top five auto loan financing companies. In addition, he has performed training sessions for the American Institute of Certified Public Accountants (AICPA) and the Federal Financial Institutions Examination Council (FFIEC) regulatory round table on accounting issues and pronouncements facing retail credit organizations.
Dilip is a Managing Director in Deloitte & Touché LLP and a leader in the Risk Technology practice. He primarily advises financial services clients on topics such as digital transformation and the adoption of technology across a wide range of business functions, including compliance, reporting, risk management, risk analytics and fraud management. Dilip has over 25 years of consulting and industry experience, with a primary focus on helping clients effectively apply new and disruptive technology to effect transformative business changes using big data and advanced analytics, cloud and cyber security, artificial intelligence (AI) and robotics. Prior to joining Deloitte, Dilip served as a partner and leader at Teradata Corporation, where he oversaw the Professional Services practice in financial services. He worked closely with large banking clients to implement some of the largest analytics systems. He has worked with government agencies in regulation and transparency, including being called upon to offer expert testimony to the United States Congress. Additionally, Dilip has been widely published and quoted in the areas of robotics, AI, risk information and risk architecture. He is a senior editor and contributing author of the Handbook of Financial Data and Risk Information (Cambridge University Press).