Digitalization and IT security:
How to solve the paradox
The higher the level of digitalization, the greater the potential attack surfaces. Our columnist Siegfried Müller explains how you can resolve the paradox.
In my penultimate column, I announced that I would take a closer look at the digitalization paradox and what I think needs to be considered in the overall context of digitalization.
But, as it sometimes happens, during the last preparations for the SPS, I thought at some point that it would make sense to reschedule – for this reason, I then preferred a topic that was more dedicated to the trade fair. But now – directly after the Digital Summit – it makes sense to pick up the thread again. Of course, the digitalization paradox has nothing to do with the Digital Summit. After all, the current focus in Berlin was on the data economy – in other words, that it is data that is “at the heart of the digital transformation”. The focus makes it clear: in principle, these determine everything, both our consumption and our way of life, as well as our production processes and supply chains.
In theory, this all sounds very good, but what does it look like in practice – specifically, how savvy can manufacturing SMEs in particular actually be in terms of digitalization by now?
Digitalization did not always go down well
A brief look back might possibly provide a clue in this regard: Not so long ago, perhaps four years ago now, many companies were by no means entirely in favor of digitalization – in some cases, there was even derogatory talk of “digitalization hype” and corresponding horror scenarios were drawn up, for example, that digital job destruction was to be expected as a result because IT was becoming ever simpler and this would destroy jobs en masse.
Almost three years ago (and to some extent still today), the assessment of digitalization successes was not entirely positive – the question of how stagnating productivity could be explained despite technological progress was often provocatively raised first.
But can this be the overall reason why digitalization – especially in small and medium-sized enterprises – is still faltering? Above all, since – as everyone knows – there is a certain necessity for it, because high-quality (German) products have to be manufactured at competitive costs, and meeting this requirement presupposes a high level of efficiency in the production processes.
Digitalization: There is a lack of application scenarios
In my opinion, there are two relevant factors that need to be considered in this context:
First factor: There is a lack of good application and deployment scenarios.
Since the need for digitalization did not exist in this form until two years ago, there was no immediate need for action here to deal with new technologies in more detail. The crux of the matter is that those responsible now have to decide on projects even though the only thing that is transparent to them is the required investment in digitalization – but they have little or no practical experience of the suitability of a technology for a specific application, for example in the production environment.
But this is not the only sticking point: it is often not immediately clear to those responsible, and sometimes not at all, what benefits the use of new technologies could even bring. In my opinion, there are still too few approaches here to promote a constructive exchange between companies and definitely not enough concrete, vivid application scenarios.
In addition, there is too often a discrepancy between real problems in companies and what is postulated as a ‘must have’ in the sense of progressive technologization. Because apart from the often missing interoperability – no, not every technology can be implemented without barriers, even if this is almost universally circulated as a standard promise – which can then prove to be more of a brake on digitalization, a project can only be considered a success if it has solved an existing problem.
Last but not least in this context, of course, the monetary aspect also counts – i.e., whether the investment is actually profitable. In this point, there is also often a lack of support for the companies: Although there are classic sample calculations, they are not applicable to every company due to their intended general validity and are therefore unsuitable as a basis for decision-making.
The more digitalization, the more potential attack surface
Second factor: There is a digitalization paradox with regard to IT security.
There is a logical contradiction that obviously cannot (yet) be easily resolved, although the effects of this can be described as extremely serious: the security dilemma that accompanies digitalization and at the same time inhibits it.
This is because the higher the degree of digitalization and the more digital assets it creates, the greater the potential attack surfaces. As a result, there is a latent fear among companies: on the one hand, this results in more gateways for criminal attacks and, on the other hand, additional negative effects are to be expected due to the fact that – as a result of the transparency that has arisen – sensitive data can be leaked to the outside.
Consequently, this should lead to an increase in the level of protection – in other words, it should prompt companies to invest more in IT security measures. But this is not happening to the necessary extent, and at the same time this fear is inhibiting motivation to tackle digitalization projects at all, so as not to increase vulnerability.
My recommendation for resolving the paradox
Even though this sentence likes to be presented as a commonplace, it does not lose its relevance – because the statement has proven true again and again in recent months: Digitalization cannot proceed successfully if cyber/IT security is not included from the outset as an integral part of planned in from the outset.
In terms of concrete implementation, my experience in recent years has shown that it is best to tackle compact and thus manageable digitalization projects – always with a view to ensuring that they are suitable for solving an existing problem in the company. The advantage of this approach is that the necessary cyber/IT security measures can be designed in parallel.
Last but not least: Yes – also in 2022 there were some challenges regarding cyber/IT security and especially in December this might have spoiled the mood a bit for one or the other.
I hope you had a great holiday season and wish you a happy new year!
___
The column was published in its original German version on produktion.de.