Subscribe to Disclose
Yan Borboën
Partner Digital Assurance and Cybersecurity & Privacy, PwC Switzerland
New requirements from the workforce such as home office and remote working push companies to accelerate their digital transformation and move to the cloud. While the necessary technologies exist, there is still a trade-off between user experience and security. PwC has identified four key factors for a successful cloud transformation – starting with the principle that the transformation is not classified as an IT project but must be embedded in the overall business strategy.
COVID-19 has given a new meaning to the concept of home office, and remote working is here to stay. Despite the loosening of many pandemic-related restrictions, even large traditional companies such as financial institutions are allowing (parts of) their workforce to perform their jobs from home one or several days a week. Management and employees have realised that home office has many benefits.
Furthermore, to attract and retain the best talents, companies need to reinvent their digital workplace with a focus on people’s preferences and expectations. They need to put increased focus on flexible working methods, trust, communication, and an inclusive workplace. Above all, the younger generations indicate a desire to balance their work and private time with the help of flexible working hours.
However, this transition comes with challenges, as companies must ensure safe and secure workplaces, no matter where they are located. While many companies have reacted to the lockdowns in the first half of 2020 with quick, but often with uncoordinated solutions, it is now time to develop a sound long-term strategy. This includes collaborative cloud platforms, the handling and securing of sensitive customer and company data, and adhering to legal and compliance requirements. Thereby, we often see the need for support in defining such a strategy and choosing the right technology and tools.
As multi-channel collaboration and access from any device and anywhere becomes the new normal, cloud solutions need to be upgraded from purely technical IT projects to the business strategy level. Cloud security needs to move to the top of the agenda. In the past, many Swiss companies were reluctant to move their data and processes to the cloud for fear of cyberattacks – historically driven by concerns related to the banking secrecy and data protection. The recent PwC study “2022 Global Digital Trust Insights Survey” shows that 35 percent of Swiss executives say they have little or no understanding of cloud risks (compared to 21 percent at global level). Only two percent of Swiss respondents state that they are realising benefits from investments in cloud security (globally 16 percent). Recently, however, even financial institutions have started to move their data into the cloud, encouraged by state-of-the art cloud (security) technologies and the possibility offered by some cloud providers which provide swiss data residency solutions.
Cloud projects and security, however, are not only a technological topic. Cloud solutions are also about change management – about clients, the firm’s culture, awareness upskilling, using data analytics to make more out of the usage of a cloud system, and more. Cloud projects need to be aligned with a change in mindset and mentality which provide trust in cloud solutions and the modern workplace. As such, the mindset for any cloud transformation must be led from the top – as it is the case for any transformation initiative.
There are several factors that typically are responsible for many cloud projects not being successful or not delivering the expected results. Too often, cloud transformation is relegated to IT or classified as a technology project. The technology, frameworks, and blueprints are there, but they should not be the starting point. Successful cloud projects are embedded in the business strategy, supported by management, and involve all business units and capabilities.
Some companies do not pay enough attention to compliance requirements. Both general compliance aspects and considerations – such as regulatory and legal requirements concerning data protection and security – as well as company-specific regulations must be considered. The technical implementation of any cloud solution needs to be derived from those regulations.
For a successful and sustainable cloud transformation, many stakeholders across the company and the various business functions need to be involved. This might be challenging, as HR and IT, for example, often speak different languages. A common ground and understanding must be developed, and common goals set.
PwC Switzerland works in a highly regulated business environment, dealing with very sensitive client data. As a first mover, after a project of 12 months, we completely converted the digital workplace of 4’500 employees to the cloud in summer of 2020. Our employees now have a completely new and modern workplace, we have trained them to become digital champions and established new forms of collaborative work. At the same time, we were able to ensure compliance with regulatory requirements and increase data protection – including an improvement in monitoring cyberattacks. Other benefits include enhanced productivity through more efficient collaboration, easier cooperation with our clients and PwC's global network.
There is no blueprint on how to make a cloud project successful and each company needs to find its own balance and make a trade-off between user experience and security considerations, while meeting all regulatory requirements. Nevertheless, our own transformation and numerous client projects allowed us to identify four key factors for a promising cloud transformation:
1. Embed your cloud strategy in your overall business strategy
Organisations need a clear understanding of what they expect from a cloud transformation project. Saving money is often the wrong motivation and can only be achieved over time. The cloud strategy must be embedded in the overall business strategy and is a fundamental element of the digitalisation strategy and transformation.
2. Include all stakeholders
Derived from the strategy, a defined plan on how to achieve the goals is needed. The inclusion of all divisions (e.g. technology, security, data protection, architecture, legal services, HR, communication) is crucial for success. Clear, proactive communication accompanies the projects and creates the necessary proximity and understanding from management to employees.
3. User experience
A business often has just one chance to introduce significant technological change. Therefore, the process of change is fundamental. Users must be at the centre of change, and technology must bring them real added value. A pilot phase with key users including management is important and interactive trainings should be organised. Involving leadership in the pilot phase of the cloud transformation promotes change and facilitates the success of the project.
4. Do it right
COVID-19 has pushed many companies to digitise quickly and not always well, especially regarding governance and regulatory requirements (compliance). These companies must review their environment and ensure that the changes made have not created security vulnerabilities. Legal advice and security validation are needed from the start of the project.
Companies planning to move to the cloud and to implement a modern workplace must ensure that security and compliance are addressed right at the beginning of the project. Most cloud solutions available on the market are mature enough and offer many security measures such as Swiss data residency and third-party encryption to satisfy the risk appetite of companies. It is always a trade-off between user experience and security.
For example, one of the biggest challenges for financial institutions is the US Cloud Act. Affected banks might see this as a key risk and implement double-key encryption (DKE) and avoid their US-based cloud provider having access to their data. However, such solutions will prevent users to perform document searches, or banks won’t be able to perform investigations on their data. Companies will have to find the right balance between security measures and usability.
Unfortunately, as the COVID-19 pandemic is continuing to dictate how we work in the long term, companies need to completely rethink their IT environment and offer a work environment that enables better collaboration and user experience.
Against the backdrop of COVID-19, home office and new requirements from the workforce, especially from younger generations, companies must accelerate their digital transformation and move towards collaborative platforms and the cloud. However, this is not just a question of implementing the necessary technologies, it also involves many other challenges. There is always a trade-off between user experience and security – and these issues must be addressed from the start of the project. For a successful and sustainable cloud transformation, many actors across the company and the various business functions need to be involved. Furthermore, the transformation should not be classified as an IT project but must be embedded in the overall business strategy and be supported by top management. PwC has identified four key factors for a successful cloud transformation that help companies rethink their IT environment to create a new, modern, and secure work environment.
Partner, Leader Digital Assurance and Cybersecurity & Privacy, PwC Switzerland
Tel: +41 58 792 84 59