Boston Consulting Group: Transformers

View This Article in BOSS Magazine

An inside look at the digital transformation of Boston Consulting Group

To “unlock the potential of those who advance the world” takes boldness, creativity, and the fearless embrace of change. For thousands of the largest, global companies, Boston Consulting Group (BCG) is a trusted advisor.

With a focus on business transformation, finance, strategy, digital, and data transformations, BCG has atomized the typical approach to business advisory services, anchoring their business objectives to integrity, social impact, diversity, and respect for the individual. The value of that approach is evident in their many years of vigorous and ongoing growth, which has continued apace through good times and bad.

Founded in 1963 by Bruce Henderson, the advisory firm is made up of over 22,000 talented and dedicated staff across the globe who guide leaders through their most ambitious business transformations and help them to solve their toughest problems.

The firm operates four specialty business units: Digital Ventures, which builds and launches digital businesses; Expand, which does work in financial decision-making; Inverto, which works closely with procurement officers and supply chain people across the globe; and Gamma, its advanced analytics and data science practice.

At present, roughly 35% of its business is digital, a key differentiator in the consultancy space. Not only does BCG shepherd enterprises through their digital transformation journeys, but it is also taking its own journey in real time. Mark Connelly, BCG’s CISO, focuses on risk management and all things relating to security and safeguarding client information. We recently spoke with him about BCG’s approach to digital transformation and security, and what it means to undertake its own initiative while doing the same for clients.

“Digital transformations have become the norm and accelerated across all industries. At BCG we get to see what’s going on in manufacturing, energy, finance — everything,” he said.

Successful companies have embraced digital transformation and are working to change as quickly as possible.

“It has many challenges, and we advocate that it’s not just a technical solution you must consider the people delivering the work too.

“We’ve taken a bionic approach to our transformation that embraces both technical and human attributes, considering the skills that are necessary to deliver vital architecture and infrastructure.”

BCG’s digital transformation is rooted in three core principles of their bionic model: outcomes, people, and technology.

“Technology and business needs must be aligned: That’s core to a successful digital transformation,” Connelly added.

Getting that right involves several significant challenges. One such roadblock is business integration. Consider the issues faced by public companies composed of multiple businesses and brands united under one stock symbol. “You must integrate across all those businesses. If you are siloed, you are not getting all the benefits of them,” he explained.

Rationalizing resources and standardizing APIs and platforms is necessary for businesses to achieve the efficiency outcomes that successful integrations provide, but doing so can be difficult. The temptation to specialize platforms and APIs can undercut the efficiency gains a client is attempting to achieve.

Because people are the core experts in security and technology, building talent is critical. A staggering dearth of talent in those areas, particularly in cybersecurity, is a fundamental problem to overcome. Connelly estimated that there are more than 300,000 open cybersecurity positions to be filled in the US alone. “There aren’t enough of us to go around,” he noted.

Giving business and tech a seat at the table

“As a CISO, I’m invested in the security aspects of digital transformations to make sure they are designed, built, configured, and sustained with a security mindset and appropriate governance and monitoring in place,” Connelly stated. As such, his work touches every aspect of the business.

Aligning the requirements of the business is a key first step. From a financial angle, a primary concern for CEOs and CFOs considering transformations is return on investment. Such initiatives aren’t cheap, and they can take several years to complete.

“If you have models that deliver on dynamic platforms — providing those agile aspects that a lot of companies need — you can better assure firms that you’re constantly building while delivering. You can also evidence specific positive outcomes and show that the investments are worthwhile,” he said.

Processes and staff mindsets also must change. “People have to see the excitement of digital technologies and the challenges they help solve,” Connelly pointed out. “The people that do this well get products in the market faster, and speed to market is really key.” Also integral to success is top-down leadership and a solid ecosystem of high-tech partners.

Digital transformations are significant undertakings. The regulatory environment on the data, data handling, who has access to it, where it can be seen, and who can see it, are all geopolitical privacy concerns that must be entertained in any digital transformation.

No digital transformation can be made without third-party involvement, either. BCG puts third parties through a robust security review. They must also align with the company’s value propositions, code of conduct, and sustainability aspect. “If you’re not aligned there, there will be a break,” Connelly warned. “Your best partners become like family. They are critical to delivering these things and you will get mutual success.”

Ninety percent of companies have digital transformations as part of their set goal. Seventy percent of those are led by the business, rather than by IT or the CIO, which Connelly encourages. “There’s more than one seat at the table and that’s where the benefit lies,” he said. He advises businesses draw up a roadmap — including details of specific architecture — and stick to it. “The architectures imply a business layer: cross-channel content, customer journeys, business processes, web applications, social media, and the like.”

Many other components must be secure, including the data layer, master data, data governance, the enterprise level core platforms, infrastructure, legacy cloud, cloud orchestration, and API management. “My prime directive as CISO is to make sure that what we’re delivering is secure, satisfies our policies, and has all the particulars our clients expect.”

When security principles are baked into digital transformation programs, they produce impressive results, such as a minimum of 50% risk reduction and a 10 to 20% increase in the speed of delivery.

“You can actually go faster because you’ve got efficiency built in, you’ve got a design to follow, the security architectures incorporated based upon individual project requirements,” Connelly said. “By building a reusable set of components you’re getting the best security benefits.”

The teams at BCG practice what they preach, and their security mindset is no exception. “We’re doing the transformation for ourselves as well as for our clients, and we want to be the best reference account,” Connelly said. Their robust security protocols, requirements, and governance apply to suppliers, whose approach and values must align with theirs. “It takes a while to build those close relationships, and then it’s just a matter of sustaining and maintaining them. Having the right governance over them is important because the world changes constantly in the security space,” Connelly added.

Every CEO of every client company that Connelly has worked with agrees on one thing: security and risk management are their top priorities. “It is paramount that we do this right, for corporate benefit, staff, privacy, safety, security. Our customers, and the wider public, expect firms to implement appropriate due care,” Connelly said.

“We will never stop all security breaches/threats; we cannot protect ourselves completely. But having the right strategies, architecture, people, processes, support, and partners means we can assure our clients that we are doing everything possible to protect them — and we do just that.”