CFOs have long played a key role in making IT investments, and in recent years this influence has not only been maintained, but is growing, according to research from Gartner based on a survey of about 200 senior financial executives of all sizes from various industries.
Overall, the June 2014 survey found that 29% of CFOs made IT decisions, compared with 24% from 2013 and the same percentage from 2012 — more authority over IT than any other executive, including the CEO (23%) and the CIO (5%). But more significantly for small and medium-sized businesses (SMBs), the CFO’s rising influence is even more apparent in those organizations: Thirty-eight percent of CFOs authorized technology investments in small businesses (those with as much as $50 million in annual revenue), compared with 35% at midsize companies (more than $50 million to $1 billion) and 14% at large enterprises (more than $1 billion).
Another interesting finding is that in SMBs, there’s a higher occurrence of CIOs reporting to CFOs. The midsize-company group showed the highest occurrence, at 58%, followed by small organizations (49%) and large businesses (35%). The report does issue a caveat about the bias in the study — that technology-minded CFOs were more likely to respond than those with only a fleeting interest in IT. Given this pool of respondents, the number of occurrences of IT reporting to the CFO in the SMB group is substantially higher compared with other Gartner surveys, the report’s authors said.
SMBs lack CIO-CFO partnerships
However, despite CFOs’ growing IT decision making role, not many are partnering with their CIOs on those decisions, particularly in SMBs, the study found. Only 14% collaborated with IT on IT decision making in midsize companies, and a mere 11% work with their CIOs in small organizations (in large organizations, the number is slightly higher, at 16%). This data indicates that although these financial executives understand how crucial technology is to business success, quite a number of them see themselves as either directly responsible for IT or at least a major authority on IT decisions. These perceptions make sense, according to Gartner, because CFOs are generally tasked with controlling their organizations’ budgets and examining the highest-value items. But furthermore, the data seems to suggest a gap: Something is holding these executives back from consulting with CIOs when making these decisions.
While the Gartner report doesn’t offer any possible reasons for this gap, CIO analyst and ZDNet columnist Michael Krigsman believes that other recent survey reports that show similar results indicate that many CIOs still lack credibility and respect from their business peers, and points to three contributing factors in his column, including the persistence of old perceptions of IT as just about infrastructure and CIOs’ struggling to find their place in a digital world where IT expectations have shifted.
So what should SMB CIOs do to address this divide? The Gartner report’s authors strongly urge companies to make sure not only that their CFOs are educated about technology, but that CIOs and CFOs are speaking a common language when it comes to how to use this technology for competitive advantage. “CFOs and IT professionals need to understand how the CFO should be involved, to ensure that the right investments are selected in IT to deliver the right benefits based on the organization’s goals and strategies,” they write. Krigsman’s advice on how to start: “spending more time with business departments and leaders, learning nuances of their needs and goals.”
Graph analytics is not new, but it’s taken on a new life in the enterprise—partly due to better, faster and cheaper technology. Senior News Writer Nicole Laskowski explores the trend and lays out how Goldman Sachs is using a homegrown graph analytics platform for compliance, surveillance and fraud detection.
Want to get ahead? Partnering with your CFO might be the perfect next step. Following Google’s announcement that Wall Street bigwig Ruth Porat will be their new CFO, Site Editor Fran Sales discusses the growing CFO role in making technology investments and the benefits of a strong CIO-CFO relationship.
Post-Millennials—referred to as Gen Z—are set to shake up workplace culture. In a recent video interview, Tom Koulopoulos, co-author of The Gen Z Effect, spoke to SearchCIO about Gen Z-ers now entering the workplace in force and how CIOs can take advantage of that.
Business process management (BPM) systems can be great for your company—except when they’re being used to cover up bad workflow processes. SearchCIO expert Niel Nickolaisen talks about the appropriate use of BPM systems, and how using it as a replacement for process and system simplification can negatively affect your company.
Speaking of BPM, how has digitization affected traditional business process management? SearchCIO expert Harvey Koeppel argues that the BPM lifecycle hasn’t changed as much as you’d think.
Is your business set up to fail? If the leaders of a startup don’t share a common vision, the answer may be “yes.” Take this leadership survey, created by SearchCIO expert Bryan Barringer, to find out if your company is in trouble and what you can do to stop impending disaster.
Should you upgrade to the 802.11ac standard? SearchCIO expert Matthew Craig gives tips on conducting a formal evaluation and talking to network vendors about whether your core equipment can support it.
According to Forrester, CIOs will be the ones running the Internet of Things (IoT). But are they ready? Features Writer Kristen Lee outlines five IoT challenges and five steps that can help CIOs handle them.
Over on the IT Compliance Advisor blog, Sales runs down the latest security and compliance headlines—including the FBI’s quest to expand its hacking authority, the Pentagon’s new program to protect personal data, and a new report that finds most companies fail PCI compliance tests.
Looking to deal with the issue of shadow IT? Then it’s time to rebuild the relationship between embedded IT and central IT. According to ITSM expert George Spalding, the key to solving problems both company-wide and between the two groups hinges on bringing them together and establishing a common language centered on services rather than technology components.
As Site Editor Fran Sales writes, you can now send instant messages and money transfers in the same Facebook conversation. Why does this matter to CIOs? In the latest Searchlight, Sales talks to an IT expert to find out whether this Facebook Messenger feature is the next possible mobile payments disruptor.
BYOD, IoT and mobile devices — how are these impacting wireless networks? In this Q&A, Editorial Director Sue Troy talks with networking expert Craig Mathias to find out how disruptive technologies and devices are shaking up wireless protocols and networks.
How familiar are you with Regulation Systems Compliance and Integrity (Regulation SCI)? In this Q&A, SearchCompliance expert Jeffrey Ritter discusses how SEC oversight expands under Regulation SCI, and how the new rule could mean big changes for IT compliance.
In the latest TotalCIO blog post, Features Writer Kristen Lee explores Gartner’s recent statements about the need for IT departments to be open to and aware of startup-like entities — a trend known as bimodal IT — within your IT organization.
What does the FCC ruling mean for innovation and privacy? Read this #GRCChat recap to get SearchCompliance editors’ and followers’ take on the new net neutrality norm.
Are you properly managing renegade IT at your organization? Assess your IT management skills with this CIO quiz.
Speaking of shadow IT, join SearchCIO editors, fellow tweeters and guest expert Derek Lonsdale on Wednesday, March 25, at 3 p.m. EST for our #CIOChat to talk about dealing with shadow IT and effectively managing IT services. We’ll also be discussing the difference between healthy and unhealthy shadow IT.
But that’s not the only chat happening this week! On Thursday, March 26, at 12 p.m. EST, SearchCompliance editors and followers will be talking GRC management in the digital age in the next #GRCChat. Discussion may include how to avoid both regulatory and consumer risk, the risks created by customer-centric technology, and the lack of business incentives. See you there!
Are CIOs being seduced by digital eye candy instead of thinking about profitability? In the latest Data Mill, Mark McDonald, managing director at Accenture, gives tips on how CIOs can maximize profit and avoid relying on the old way of doing things when forging a new digital strategy.
PayPal’s is buying mobile wallet startup, Paydiant, for about $300 million. Features Writer Kristen Lee talks to market analysts and gets their take on the acquisition and its implications.
The highly anticipated Apple Watch has arrived. Will it be the enterprise’s next big device? In this week’s Searchlight, Associate Editor Fran Sales discusses the Apple Watch and investigates how it could affect the enterprise.
As mobile computing technology evolves and data proliferates at an increasing rate, how can business make the most of the situation? In this feature story, Senior News Writer Nicole Laskowski explains that companies need to join the two forces—mobile computing and data–in order to compete effectively.
How can CIOs best manage cloud data and applications while mitigating risk? In this SearchCIO Essential Guide, we explore cloud risk management best practices that can help your company master the private, hybrid and public cloud and maximize business value.
Think your cloud governance strategy is on point? Take our quiz to test your knowledge of cloud computing management essentials that can make for a smooth cloud transition and help your business avoid IT risks.
Staff shortages in the current threat-laden environment can be dangerous to a company’s security and compliance strategies. How can you satisfy the need for talent and keep your business’ security practices on track? SearchCompliance expert Jeff Jenkins shares his experience with staff shortages and gives tips on how to deal with the situation and find the right employees.
On the IT Compliance blog, Sales discusses private companies’ surprising lack of motivation when it comes to strengthening cybersecurity, recent legislation around consumer data processing and the corporate failures predicted for 2015.
Meanwhile, over on the TotalCIO blog, Laskowski explores the benefits of reverse mentoring in helping older workers stay up to date on the latest technology through Millenials’ assistance.
Knowledge workers might soon be competing with machines for jobs. In this week’s Data Mill, analytics thought leader and author Tom Davenport explains the business benefits of computer augmentation and lays out five strategies for surviving rising automation.
What happened at this year’s Mobile World Congress in Barcelona? In this week’s Searchlight, Fran Sales presents highlights from the event, including mobile payment breakthroughs, the push for global Internet access and Blackberry’s transition into a software company. Also in Searchlight: Apple Pay fraudulent activity and Hilary Clinton’s use of personal email.
In the latest CIO Decisions e-zine, SearchCIO experts address a now-timeless quandary: cutting versus keeping legacy IT systems. Find out how to decide which systems are worth keeping and hear legacy systems management success stories.
Are CIOs ideal picks for next-generation CEOs? Some IT leaders think so. In this TotalCIO blog post, Executive Editor Linda Tucci talks to experts and outlines the trending CIO-to-CEO discussion. Also on the TotalCIO blog, Features Writer Kristen Lee covers the Fusion 2015 conference by discussing the Internet of Right Things and the three phases of cybersecurity maturity. The Fusion conference also addressed how entrepreneurs can construct a successful company culture, as Senior News Writer Nicole Laskowski writes in her blog post.
For private sector companies struggling with high-tech compliance, the U.S. Securities and Exchange Commission’s new Regulation SCI could be the answer. SearchCompliance expert Jeffrey Ritter highlights five things all IT teams should know about Regulation SCI.
What are the biggest IoT security challenges facing the enterprise? In this #CIOChat recap, participants list the top IoT security risks and share their lessons learned from BYOD policies.
Think that because your business is not the size of a Target, JPMorgan Chase or Sony means that you’re immune from today’s breed of cyberthreats? Think again. Just because small and medium-sized businesses (SMBs) don’t have the financial resources or the brand reputation many enterprises do doesn’t mean hackers aren’t targeting them, recent studies show.
Why exactly are SMB organizations in these hackers’ crosshairs? It isn’t so much as what’s on their networks, but how attackers can use those networks. “The hackers are looking at that network as another means, as another jump-off point, to go out and get some other networks. They want to turn your network into basically a botnet,” said Page Moon, CIO of Focus Data Solutions, an IT and Web hosting firm, at an IT Nation 2014 session in Orlando, Fla., last year. In other words, SMBs’ systems are a potential entry point into other, larger networks.
And what do SMB IT pros believe is their top cybersecurity vulnerability? Employees. According to a 2014 study by digital security firm Gemalto, which surveyed 438 IT professionals who work in SMB organizations, 77% of these IT pros believe employees to be the single weakest link in their security infrastructure, and a similar percentage — 75% — say that employees, particularly the risk of them unintentionally leaking data, are their top cloud security concern. And there might be a reason for these fears. According to the findings, the two security challenges that top the IT pros’ lists are social engineering (48%) and BYOD management (42%), which both involve employees.
Social engineering threats expected to rise
The first of these security hurdles, social engineering, is a particularly devious form of cyberthreat because it exploits the fact that many SMBs — their employees and IT pros alike — are lacking in security education; for instance, many believe that only back-end operations are vulnerable to the latest cyberattacks, said Moon. And this security gap has a wider scope, according to the authors of Symantec’s 2014 Internet Security Threat Report (ISTR), which examined trends in 2013. “While the ease of installation and cost of maintenance may have decreased, many new administrators are perhaps not familiar with how to secure their servers against attacks from the latest Web attack toolkits,” the authors write. SMB IT admins also aren’t necessarily diligent about security, such as staying up to date with the latest patches, they said.
Social engineering is lucrative for hackers. For example, 62,000 attacks of one common type of social engineering, spear phishing, raked in $233 million in October 2013 alone. Not a shabby profit, considering that one can buy a spam service to send out half a million phishing emails for only $75, according to RSA, the security division of EMC Corp. And spear phishing aimed at SMBs has been on the rise in recent years: In the Symantec study, 41% of the IT pros who work in companies with 1 to 500 employees reported this type of attack in 2013 — a 5% increase from the previous year. And according to Angel Grant, senior manager for anti-fraud solutions at RSA, social engineering attacks are poised to increase this year.
Employee education reduces risks
It’s clear that it’s not just Fortune 500 companies that are the targets. So how can SMBs arm themselves with the limited resources that they have? For starters, implementing the best security tools and technologies you can afford, perhaps cloud-based security apps, is certainly critical. But you also need to educate your employees. The benefits that come with equipping employees with the knowledge of how to effectively deal with threats are quantifiable — doing so can reduce security risks by up to 70%, according to companies surveyed by the Aberdeen Group recently.
It’s important to note, however, that training employees doesn’t just mean teaching them best practices on creating complex passwords or how to spot suspicious emails, but also changing how they approach their interactions online in general, said Chris Hadnagy, founder of security training company Social-Engineer. “If you just want people to follow the rules — don’t think, just do — you create an easy environment for [hackers],” he told Inc.
Application security is becoming self-aware. A new tool called runtime application self-protection (RASP) could help CIOs boost their IT security, but some experts question whether it’s enterprise-ready.
What can you do to compete against service providers and take back control of your organization? SearchCIO expert Niel Nicholaisen offers a few tips on how to build a better IT service model.
This week, Google launched a set of business-focused technologies that allows employees to run their personal and corporate apps on their android device. Is Android for Work set to take the enterprise by storm and give Apple and Microsoft a run for their money? In this week’s Searchlight, Associate Editor Fran Sales discusses the program’s pros and cons. Plus, FCC ‘s net neutrality proposal passes and a sex bias lawsuit rocks Silicon Valley.
DevOps is a hot trend in IT that’s making companies more flexible and competitive. But, according to Gartner analyst David Cearley, the approach as it is typically practiced today doesn’t go far enough. Cearley explains why security needs to be included in DevOps models and gives tips on how to do it.
Speaking of security, SearchCIO expert Harvey Koeppel dishes on next-generation security risks and how to formulate a new strategy in a mobile culture where the number of mobile devices now outnumbers the number of people in the world.
New PCI DSS 3.0 requirements focus on making sure data security becomes a part of companies’ everyday business processes. But how will they affect your company? In this FAQ, SearchCompliance contributor Caron Carlson explains the changes to expect with the latest version of PCI DSS.
Also on SearchCompliance, learn why continuous monitoring, third-party vetting and other IT best practices are vital to long-term mobile compliance and security. Plus, the latest IT Compliance Advisor blog post broaches the subject of the extra privacy fee that comes with AT&T’s high-speed service as well as Google’s privacy inspections agreement with a European data privacy regulator.
Making the move to the cloud doesn’t need to be complicated. Over on the CIO Symmetry blog, Features Writer Kristen Lee gives expert tips on how to migrate to the cloud and mitigate risks, and what to do after migrating to the cloud.
As explained in my previous post, “Tips for a smooth cloud migration,” the first big hurdle in a cloud migration is figuring out how to get all your data over to the cloud safe and sound.
“Those are good things to worry about and good things to get through,” Lilac Schoenbeck, vice president of product marketing and product management for iLand, a cloud provider, said during a webinar on cloud migrations. But once all the data has been successfully moved to the cloud, more planning still needs to be done. Failing to do so could put an additional management burden on the IT team, Schoenbeck said.
Here is one cloud provider’s tips on how to prepare for and manage the day-to-day once you’ve migrated to the cloud.
Find a provider with a clear, straightforward management environment.
Cloud providers can put heavy demands on the IT team. For example, they can require the IT team to understand their particular kind of scripting, as well as configure their particular management tools, Schoenbeck said. It’s important for IT leaders to figure out what the day-to-day will look like and how much additional work will be put on your staff. “[There are] different types of clouds, different underlying hypervisors, different systems are going to throw off different kinds of metrics,” she said, adding that these conditions could mean that the successful cloud migration could in fact become “an ongoing burden on your team.”
A good strategy? Find a cloud service that has an environment close to your on-premises environment, so it will be easier to operate and easier to evaluate if something goes wrong, Schoenbeck said.
Don’t get stuck with an unexpected bill.
“We always want to know what our costs are going to be. One of the big concerns moving to the cloud is maybe these costs could be very variable, and I might be stuck with a bill I didn’t anticipate,” Schoenbeck said.
She outlined two ways to mitigate that risk.
First, an IT leader or company could go with a provider who uses a reservation pricing model, which means that your costs are fixed month-to-month and you’ve basically reserved a pool of resources in the same way that you might have an on-premises pool of resources to allocate however you like,” Schoenbeck said.
The second option is a pay-as-you-go or the bursting model. With this model Schoenbeck said it’s important “to look for [a provider] who’s going to be really transparent on what you’ve spent so far and, in fact, even predictive about what you will be spending if your behavior continues as it is.”
This visibility will also allow IT leaders to communicate with stakeholders, the procurement team, and whoever else might want or need to know what the bill will likely be at the end of the month, she said.
Look for a provider with a customer-driven roadmap.
Schoenbeck said that some cloud providers will invest very little in management support. As your company juggles more and more projects in the cloud, it then becomes “more and more difficult to operate [and] you don’t actually have anybody… to help ease the way.”
That’s why it’s always important to look at the support options that come with the cloud service you’re planning to migrate to, Schoenbeck advises. She suggests that IT leaders choose a cloud provider that is going to work with you and work with what you need so that the management burden is minimized.
“Often times that’s going to make a big difference in what this means for your team operationally,” Schoenbeck said.
Migrating to the cloud may be a top mandate for CIOs, but it is no easy feat. In fact, cloud migrations “are notoriously difficult” and about 80% of them fail, Mark Broghammer, director of solutions engineering at iLand, a cloud provider, said during a webinar about cloud migrations.
So how can you migrate to the cloud and mitigate risk?
Here are some suggestions Broghammer has for CIOs and companies to think about as they plot their cloud migration strategies.
Long term analysis, the method often used to try to gauge whether an application will work, doesn’t always help you predict whether an application or server will work well with the cloud service you are planning to migrate over to. “The fact is, you don’t know how an application’s going to work in the cloud,” Broghammer said.
This is where load testing, or performance testing, is helpful, Broghammer said. With load testing, a cloud testing provider can test an application or applications against the actual number of users expected. Based on the results of the test, a CIO or company can then gain better insight into how that cloud service will work for them and what the performance of their applications will look like when they actually migrate over to that cloud service.
Migrating physical vs. virtual workloads
We live in a hybrid IT world and companies aren’t uniform across the board when it comes to the type of technologies they’re using. Some companies have a mixture of legacy systems, on-premises, and off-premises services.
“The point is, how can you be cost efficient if you’re running many types of projects on systems being handled by different teams both internally and externally?” Broghammer said.
Different providers often have different systems in place and different processes. Therefore if you have a hybrid environment of different projects on different systems it can be difficult to coordinate everything. That’s why it’s important to make sure your providers have a single approach for the physical and virtual workloads that you are planning to migrate to the cloud, Broghammer said.
He added that now that there are multiple hypervisor program options out there, companies also need to make sure the same processes and systems are in place when choosing a hypervisor program to help them with their migration.
“When migrating, again, make sure the models of migrating different platforms follow the same technology set, or stack, that you’re using for those particular workloads,” he said.
Methods of sending data to the provider
There are several methods for getting your data over to your cloud provider, but the typical ways include physically shipping a drive with your data and/or replicating data.
When it comes to physically shipping a drive, it’s important to ask yourself: are you 100% comfortable with this method? Sure, you can send an encrypted drive, Broghammer said, but the fact is that that the drive and the data on it will pass through the hands of many people. “And the potential loss of that data could set you back in your timeframes,” Broghammer warned.
His suggestion? “I would tend to favor an over the wire approach” because the data would pass through fewer hands and there is added protection with service sockets layer (SSL) business process management (BPM).
Another option is replicating and colocating data.
“Where the data becomes a bit more stagnant (in other words, data that is just sort of sitting there and not much is being done with it) you need to have a multi-site or multi-location strategy with that,” Broghammer said. Even though you may be migrating certain pieces of your architecture into a cloud environment, Broghammer advises that you still may need to colocate and replicate the data.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
CIOs are at a critical point in their evolution, and they need to find a way to stay relevant in a corporate culture, according to author Jill Dyché. In part one of one of her two-part feature story, Senior News Writer Nicole Laskowski chats with Dyché about how to cure the CIO identity crisis. In part two, Dyché explains the key factors that kill innovation.
Is the connected car the next big step toward an IoT-dominated future? In her latest Searchlight entry, Associate Editor Fran Sales highlights the buzz around a possible Apple car and discusses how it can help CIOs drive the conversation around IoT security. Also in Searchlight: U.S. spyware in foreign networks and Snapchat’s big funding proposal.
Speaking of IoT security, check out this #CIOChat recap to hear what SearchCIO followers and guest expert Harvey Koeppel have to say about mitigating IoT security risks amid a notable lack of precedent.
Hadoop is a powerful technology, but is it secure? In the latest Data Mill, read why Hadoop security is a different beast from traditional security, see a list of current Hadoop security projects, and get the latest 2015 budget expectations.
Mobility’s disruptive forces are at it again! SearchCIO expert Niel Nickolaisen explains how mobile technology is shaking up next-generation information security and how CIOs can make the most of it.
Our new handbook has everything you need to know about application consolidation in one place. Learn from experts’ success stories and discover the best ways to consolidate your applications and maximize their business benefit.
Think you know what the future holds for mobile networking? Take our quiz to assess your knowledge and review recent mobility and networking content.
It’s almost time for the next #CIOChat! Join SearchCIO editors and fellow tweeters Wednesday, Feb. 25, at 2 p.m. EST to talk about the death of the CIO as we know it. We’ll be discussing the challenges of modern CIOs and how CIOs can stay relevant in a digital enterprise. See you there!