The role of the Chief Information Officer (CIO) has changed more in the past 20 years than perhaps any other executive function. During this period, CIOs have been elevated from junior leadership to a true member of the c-suite. Today, they are responsible for much more than the day-to-day operations of the company’s back office technology systems. In this week’s CIO Corner, CIOs on Twitter discuss how the CIO and IT are now the center of a company’s business success, how the security of cloud platforms compares with their own data centers, the human element of security, compliance in the cloud, and a creating a culture of security.
The CIO now leads initiatives to drive online revenue, creating a family of new titles like Chief Digital Officer and Chief Innovation Officer. IT can also aim to speed product velocity and efficiency as the vast majority of businesses transition to become software oriented.
New technologies bring new security challenges. Part of the CIO’s responsibility is to bridge the knowledge gap for the CEO by communicating risks and opportunities, which makes effective communication with non-technical executives essential to success. Being at the epicenter of operations, R&D, and even risk require a new skill set and a dynamic team. Those who do it well are able to provide more value from IT than ever before.
A1 : The ongoing digital revolution put IT at the center of everything. IT teams that get are more engaged than ever ! #CIOchat
— Laurent Maumet (@lmau) May 26, 2016
Traditionally, IT leaders have had a hard time trusting the cloud. But the rapid growth and development of cloud providers’ security capabilities have changed their perception. A recent survey conducted by the Cloud Security Alliance found 64.9% of IT leaders think the cloud is as secure or more secure than on-premises software.
A5: Cloud adds little extra risk. In fact, at the low levels, they are MUCH better than you are! Hard truth. #ciochat
— Glenn O'Donnell (@glennodonnell) May 12, 2016
A significant portion of breaches occur due to human mistakes rather than technology failures. Internal monitoring and employee education must accompany cloud adoption to attain real security benefits. Across enterprise users, 28.1% of employees have uploaded a file containing sensitive data to the cloud. Relying on manual monitoring to ensure the safety of sensitive data in the cloud is a fool’s errand considering an enterprise may have millions of cloud transactions per month. Automated monitoring and enforcement can keep security consistent across geographies, employee roles, and different cloud services.
.@glennodonnell If there's human involved, all possible mistakes will be done at 1 point. So more automation is better !
— Laurent Maumet (@lmau) May 12, 2016
Some of the concern around cloud is irrational, and some pertains to real but addressable risks. CEOs and the board may fear the cloud will violate compliance and regulations, yet leading cloud providers have made significant investments in helping customers achieve compliance with regulations like HIPAA and PCI. Moving data to the cloud without compromising security is very possible but requires coordination between the IT and audit teams.
A5: From a compliance perspective the cloud should not alter compliance. Possibly just add a layer of complexity #ciochat
— Stephen diFilipo (@S_dF) May 12, 2016
Few employees outside of IT security have adequate technical knowledge to understand the risks of joining public Wi-Fi or using a cloud service without evaluating the terms of service. One of the IT department’s top priorities needs to be instilling a security culture. Companies who create groundbreaking products are said to have a culture or “DNA” of innovation. Today, every employee is responsible for security. Turning employees from security liabilities into security allies not only offers possibly the greatest security ROI, but also provides unique protection against vectors like phishing emails and malvertising. Good old-fashioned education may not be the most high-tech weapon in an IT team’s arsenal, but it can be the most effective at preventing low hanging fruit and reducing exposure to advanced persistent threats.
And culture beats down strategy any day. Because it's the story. The vision. Tony Robbins #GartnerSYM
— Bill Marion (@Marion_CIO) May 12, 2016