CIO Symmetry


March 14, 2014  5:19 PM

Careers in IT, rogue technology and a contextual computing love affair

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

As the workweek winds down, catch up on all of the news, tips, guides and videos you might have missed this week on SearchCIO and SearchCompliance.

Is your CIO career in tip-top shape, or do you have a lot to learn about the CIO role? In our latest Essential Guide, we look at how to achieve a high-level career in information technology. Learn about the management techniques that work, the tools and technologies available to you and the real-life case studies of CIOs who have gotten ahead by, well, getting ahead of their peers.

We’re on the verge of St. Patrick’s Day, not Valentine’s Day, and yet, love is in the air. In her weekly Searchlight column, Senior News Writer Nicole Laskowski asks whether contextual computing is the love child of big data, mobility and the Internet of Things. It’s a love triangle only likely to grow as our digital and physical lives become more intertwined, so be sure you’re ready to pounce on the enterprise applications of ubiquitous computing.

Editorial Director Christina Torode rolled out a two-part podcast interview with Derek Lonsdale, an IT transformation leader, Lean expert and CIO advisor of global management and IT strategy with consulting firm PA Consulting. The topic at hand? Configuration and IT asset management, and why it’s important that the two processes be sympatico. In the first part, find out why these systems need to be integrated. In part two, listen to the case for merging asset and configuration management systems.

Our March issue of CIO Decisions e-zine tells a whale of a tale about rogue IT — those technology set-ups that lurk under the surface of your enterprise, enabling ability while also putting your information at risk. Are you prepared to take on — and make the most of — these rogue technology arrangements?

Our latest SearchCIO handbook asks the question, “What’s mobility got to do with it?” As the bring-your-own-device movement expands, it’s up to the CIO to enable a mobile workforce, one that thrives off the latest portable tools in order to achieve business results. This handbook provides advice on how to propel your mobile program forward.

This week’s CIO Searchlight kicks off with a witty look at the effects of the appification trend through the lens of some classic 1990s slacker movies. Read the full column for info on the Web’s 25th birthday, Edward Snowden at SXSW and more.

On SearchCompliance…

We shared two more video interviews from the Governance, Risk and Compliance Summit held last week in Boston, Mass. In the first one, Duke Alden, vice president of global information governance at risk-management firm Aon plc, spoke with Editor Ben Cole about how companies can build a converged approach to data governance and the risk management processes that go along with it. The second video, featuring Gretchen Herault, vice president of site standards and user safety and deputy chief privacy officer at Monster, examines the numerous security risks that exist around BYOD and explains how companies can protect corporate information. (And, if you missed last week’s video with keynote speaker Brian Barnier about proactive risk assessment, catch up here.)

Finally: It’s listicle time. SearchCompliance contributor Jeffrey Ritter weighs in on the four rules of mobile information management you don’t want to neglect. Designing your governance program is only the first step.

Th-th-th-th-that’s all, folks! Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get news as it’s posted.

March 7, 2014  6:46 PM

Conferences upon conferences: GRC Summit, RSA, BYOE and more

Emily McLaughlin Emily McLaughlin Profile: Emily McLaughlin

It’s conference season for the CIO/IT Strategy Media Group! With one group in San Francisco, another in Wisconsin and a third at a local show in Boston during the past two weeks, our brains (and recorders) are packed with CIO content to share.

Coming out of the Fusion 2014 CEO-CIO Symposium this week in Madison, Wis., Karen Goulart’s weekly Searchlight looks at what dooms a digital strategy – and apparently, if your business is diving right into digital, you’re doing it wrong. Also from Fusion: Nicole Laskowski shares tips about forming partnerships in the C-suite between CIOs, chief marketing officers and even chief financial officers.

On our blog, Goulart discusses gauging the benefits of cloud ERP and why it’s a more talked-about topic among small-business IT leaders than enterprise CIOs. And speaking of the cloud, in an Ask the Expert tip, Forrester Research Inc. analyst James Staten shares why bring your own encryption (BYOE) — a cloud computing security model that allows cloud services customers to use their own encryption software and manage their own encryption keys — is an important model for enterprises today.

In other SearchCIO news…

Take it from Ann Mei Chang, CIO at global aid agency Mercy Corps: IT could be wasting an immense amount of money and resources in deploying technology without a clear understanding of its value and value to end users, Linda Tucci reports from MIT’s Disrupting Life! event.

This week also brought us the latest issue of CIO Decisions e-zine, focusing on rogue IT. CIOs are often unaware of these technology deployments, but IT leaders bear responsibility for managing security and data on these devices, services and apps — and could grow their careers by squeezing additional agility and value out of them.

Over on SearchCompliance…

Coming out of the RSA Conference in San Francisco, Calif., last week, Christina Torode pulled together a quick read featuring four luminaries’ POVs on underestimated security threats. In this blog post, hear from Marcus Ranum, Howard Schmidt, Dave Cullinane and Eugene Spafford.

SearchCompliance also hit the 2014 Governance, Risk Management and Compliance Summit in Boston, Mass., Wednesday to learn about emerging trends in risk management from leaders in the field. Ben Cole caught up with Brian Barnier, principal analyst and advisor at ValueBridge Advisors LLC, after his morning keynote to ask more about his proactive approach to enterprise risk management in this on-camera interview.

Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get news as it’s posted.


March 1, 2014  9:35 PM

Gauging the benefit of cloud ERP for SMBs

Karen Goulart Karen Goulart Profile: Karen Goulart

The ERP system is the workhorse of the business, housing critical information — from human resources to finances. Ideally, it’s the silent backbone, working in the background of the business. But for SMBs, where the IT department could very well be a party of one, upkeep and troubleshooting could become an all-consuming, overwhelming task. Add to that cost and security considerations, and cloud ERP can seem quite alluring.

In fact, in a recent web presentation, Gartner analyst Nigel Montgomery said cloud ERP is a hot topic for SMBs — even more popular than among enterprises. This is due in large part to the fact that cloud ERP offerings for SMBs are maturing at a faster rate.

But whether cloud is right for a particular small business depends on several factors. For example, whether you’re self-contained, a satellite office or on the small side of “small business” will factor in to what your company should consider when it comes to cloud ERP. The decision also hinges on whether ERP is viewed by the organization as a value or simply a cost. More often than not, ERP is viewed as the latter because its value goes unmeasured. In a recent Gartner poll, only 37% of SMB respondents said they actually calculated the value of their ERP. You can’t expect to get budget approval for cloud acquisitions without providing information about the value of traditional ERP, Montgomery said.

Cloud shouldn’t be seen as an all or nothing proposition, especially for SMBs that have been doing ERP on premises for years Montgomery pointed out. For some companies, yes, cloud could come in as a wholesale replacement. But for businesses with years of legacy add-ons, this all-in approach is neither reasonable nor particularly wise. That doesn’t mean counting out cloud. As Montgomery noted, there are a myriad of ways cloud can be used to aid or augment on-premises systems, either for the long-term or as part of a gradual, calculated move away from a legacy system.

It’s also important to evaluate business goals and priorities you’re hoping an investment in cloud ERP will achieve before you or your IT organization starts considering cloud vendors. Decide what exactly you want to do:

• Leverage existing investments

• Deliver new capabilities/application modernization

• Deliver rapid time to market

• Avoid operating expenses, preserve capital

• Support scalability requirements more cost effectively

• Provide access to all users, all customers, all devices

• Free-up data center space

• Improve operational efficiencies

• Develop easier integrations with other web and cloud apps

As with any major change or acquisition in IT, it can’t — or at least shouldn’t — be done without a clear strategy. If you organization is lacking an ERP strategy, build one. Without that strategy and how it serves the business, the desired benefits will never be achieved, Montgomery said. These are some of his recommendations for those considering cloud ERP:

• Do not seek cloud solutions unless there are clear business objectives. Cloud is not one-dimensional, it involves significant business

• Understand the continuing development of cloud and its potential impact. Even within a domain, there are different levels of adoption and benefits for SaaS, PaaS and IaaS.

• Keep pushing established on-premises vendors for their road maps, proofs of viability and case studies.

• Use pace layers to structure the discussion with the business and adjust your application strategy as needed.

• Fuse pace layers with the cloud options available today and in the next three to five years. Generate a workable road map.


February 28, 2014  5:04 PM

Good vs. bad data, Mobile World Congress 2014 and CIO career advice

Emily McLaughlin Emily McLaughlin Profile: Emily McLaughlin

As a short (and chilly!) month rounds to a close, SearchCIO is stuffing our coverage with a range of hot topics to leave readers feeling satisfied (and toasty).

“One man’s gold is another man’s garbage,” says Ken Gleason, director of electronic trading product development at New York City-based Deutsche Bank Securities, in this week’s Data Mill column by Nicole Laskowski. Gleason shares his framework to help CIOs separate the good data from the bad data with his four C’s of data quality.

Think you’ve got what it takes to get ahead? This information technology careers quiz draws advice from TechTarget’s recent IT Salary and Careers Survey coverage and feature stories highlighting influential leaders in the IT space. Find out: Do you have what it takes to climb the IT career ladder?

After learning how to lead, be the best innovator you can be. In this feature, Gartner analyst Leigh McMullen talks catch-22s, City of Palo Alto CIO Jonathan Reichental discusses lean IT and MetLife CIO Gary Hoberman shares his thoughts on IT startup culture.

News out of MIT…

Ann Mei Chang is chief innovation officer at Mercy Corps, a global aid agency using mobile technology and the Internet to improve the lives of people, particularly populations affected by flood, famine, political persecution or genocide. Last week, Executive Editor Linda Tucci attended Chang’s keynote at MIT’s “Disrupting Life!” conference and examined methods of using disruptive technology to change the way people live.

In today’s news…

Privacy is the new black… or is it the other way around? In today’s Searchlight column, Karen Goulart follows talk at the Mobile World Congress 2014 in Barcelona, where the world was introduced to Blackphone, “the world’s first smartphone which places privacy and control directly in the hands of its users.” And speaking of Searchlight, check out last week’s column on wearable technology, where “it’s all about the work, stupid.”

Over on SearchCompliance…

Site editor Ben Cole and editorial director Christina Torode just returned to (frigid) Boston from RSA’s 2014 conference in San Francisco. Here Torode shares some of her discussions with Information Systems Security Association (ISSA) members and industry VIPs regarding threats those in the security profession need to pay more attention to.

In this recap of last week’s #GRCchat, learn why remote device wipe could be the best option for IT departments looking to safeguard data — both corporate and personal. Another way to feel at ease is to keep tabs on new access points that continue to complicate data protection strategies. Finally, expert Ed Moyle instructs enterprises on how to stay compliant when faced with shadow IT.

Keep an eye on SearchCIO for recaps of this week’s #CIOChat tweet jam on new-wave security technologies. Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get news as it’s posted.


February 21, 2014  5:12 PM

The difference between a CIO and CTO; plus WhatsApp, Facebook and more

Emily McLaughlin Emily McLaughlin Profile: Emily McLaughlin

Hot off the press! Senior Features Writer Karen Goulart hits on three big questions in her weekly column: Should CIOs focus on the potential, not just the problems, of wearable technology? What’s in store for WhatsApp and Facebook? Why all these big hacks? Get it all in today’s Searchlight.

Another burning question: What’s in a title? In this CIO Snapshot, Goulart talks to Bart Murphy, the CIO and CTO at the CareWorks Family of Companies. Murphy was hired as vice president of shared services, tasked with building a shared services framework for the company and lending a hand in their massive insourcing project. In this Q&A, Murphy dishes about what it’s like to hold two critical titles.

This wasn’t all Murphy had to share with our readers this week. In the first installment of a two-part CIO Innovator feature, Murphy explained his shared services strategy and how he puts the fun into IT service management. In part two, Murphy explains how a flexible ITSM platform can make a difference.

Contributor Niel Nickolaisen — a CIO-turned-CTO — addresses disaster recover in his latest CIO Matters column, advising that it may be best to look outside your IT department when it comes to DR, and offering guidelines to determine what provider might work for your organization.

It’s no secret that big data is complicating information security, disaster recovery and business continuity efforts within enterprise organizations. Senior News Writer Nicole Laskowski’s weekly Data Mill column covers a recent talk by security technologist Bruce Schneier at the Massachusetts Institute of Technology. Turns out, CIOs have a lot to learn from the National Security Agency (NSA) data collection mission.

In another CIO Snapshot…

Finding and retaining top IT professionals is a major hurdle faced by today’s CIOs. In this CIO Snapshot by Laskowski, CIOs from Partners HealthCare and Harvard University discuss their talent retention strategies and offer advice for other IT organizations on identifying and managing good employees.

In tweet jam news…

Join our next SearchCIO #CIOChat this Wednesday, Feb. 26, at 3 p.m. EST. We’ll be discussing new security technologies and the need for similarly newfangled enterprise risk management plans.    

Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get news as it’s posted.


February 14, 2014  4:14 PM

Spreadsheet errors, the new Microsoft CEO and our award-winning pieces

Emily McLaughlin Emily McLaughlin Profile: Emily McLaughlin

If we may brag for a moment (and tip our cap to the Olympics): The SearchCIO team took gold in several categories in TechTarget’s internal editorial awards this week, which honored our work during the past year.

Senior News Writer Nicole Laskowski’s Data Mill series, which focuses on all things data, was among the honorees. In her most recent weekly column, Laskowski talked to Felienne Hermans, assistant professor at Delft University of Technology, and Steven Gustafson, R&D manager at the Knowledge Discovery Lab for Schenectady, N.Y.-based GE Global Research, about new visualization tools with the ability to spot weaknesses in error-prone spreadsheets.

Senior Features Writer Karen Goulart’s CIO Innovator profile of Bally Total Fitness CIO Guy Their also nabbed top honors. In this feature from last year, which appeared in our flagship CIO Decisions e-zine, Thier opened up to Goulart about managing his company’s total business transformation.

SearchCIO also won an award for our CIO Briefing on the evolution of big data. After you’ve checked out that guide, stop by this month’s edition, which looks at why traditional IT infrastructure is getting a little TLC — or, in some cases, being scrapped completely — as outsourcing, cloud technologies and hybrid IT take hold.

Awards aside…

The appointment of Microsoft CEO Satya Nadella is causing quite the stir in IT circles. Some of our expert CIO contributors — Harvey Koeppel, Niel Nickolaisen and Ravi Ravishanker — weigh in on the Microsoft landscape Nadella now faces.

In place of our regular Searchlight column, check out a recap from our latest SearchCIO tweet jam. Read why #CIOChat participants believe wearable devices will present CIOs with huge, expensive data challenges — but that shouldn’t deter them from finding ways to extract value for business.

Also on SearchCIO, Editorial Director Christina Torode talks to Baroness Pauline Neville-Jones, the U.K’s special representative to business on cybersecurity as appointed by the prime minister, about cybersecurity. In this video, filmed at ISSA’s International Conference, Neville-Jones discussed why mapping enterprise infrastructure should be a top concern for IT leaders looking to improve cybersecurity.

In SearchCompliance news…

Contributor Judith M. Myerson outlined three steps security professionals should take to implement defense in depth, mitigating risks stemming from mobile GRC application use. In another video with Neville-Jones, the Baroness talked about how companies are not necessarily looking in the right places to ensure information protection — something that will definitely hurt the business. Learn why what you don’t know will hurt you.

Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get news as it’s posted.


February 7, 2014  5:54 PM

Biometric technologies and an IT startup culture have CIOs buzzing

Emily McLaughlin Emily McLaughlin Profile: Emily McLaughlin

As innovative biometric technologies enter the corporate sphere, we expect to hear IT leaders and their users exhale a big, collective sigh of relief. Why? Startup companies specializing in biometric authentication are popping up all over the place, providing organizations with harder-to-hack password options for better security. In this Future State column, SearchCIO Senior News Writer Nicole Laskowski talks to Kansas City startup EyeVerify LLC about its technology that recognizes blood vessel patterns in the eye and uses that information to allow access to, say, mobile banking applications.

Much like biometric technologies, wearable devices are beginning to cause a stir among enterprise executives. During our most recent tweet jam, participants took to Twitter to discuss what to do with all that data, which tools are needed to make workplace wearables effective and how to improve customer interactions and increase business value.

In other news….

New year, new ‘zine! Our CIO Decisions e-zine got a facelift this month, and touched on some hard-hitting CIO topics from top dogs like MetLife, the University of Michigan and Purdue University. Topics covered in this issue include how to draw IT inspiration from startups, a CIO’s cloud conundrum and the ongoing battle against malware.

In addition to our info-packed e-zine, SearchCIO was bustling with valuable advice for CIOs, including how to rise through the leadership ranks and usher in corporate-wide cloud strategies. Learn what it takes to get ahead in this CIO Innovators feature of Allstate’s Pat Coffey, a programmer-turned-senior vice president. In our second CIO Innovators piece of the week, learn how Revlon CIO David Giambruno built a corporate cloud that transformed the department from a vertical organization into a horizontal one. For our small-business audience, contributor Christine Parizo assesses the ongoing presence of PCs in the workplace, even as Microsoft winds down Windows XP support.

Ponder this….

Have you ever gotten half way to your destination and realized you forgot your flash drive or external hard drive at home? Well, that’s exactly how Dropbox Inc. was born. Last week, Andrew Houston, Dropbox CEO and a former MIT student, returned to Cambridge, Mass., for a fireside chat on “The War for Talent.” Read Houston’s five tips for winning the tech talent war in Data Mill, then hop over to our TotalCIO blog to learn about Dropbox’s company culture philosophy.

Fresh off the press….

Karen Goulart’s weekly — and very timely — Searchlight column looks at the potential of Bill Gates’ new advisory role at Microsoft as the company welcomes new CEO Satya Nadella. After debating what Nadella should do first, take a look at other stories in Goulart’s round-up, including Facebook’s 10th anniversary and more.

Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get news as it’s posted.


January 31, 2014  5:20 PM

Technology of the future has CIOs and data scientists concerned

Emily McLaughlin Emily McLaughlin Profile: Emily McLaughlin

As January wound down, we had one heck of an exciting week on SearchCIO. For starters, Wednesday marked our first #CIOChat of the new year, and the wearable-tech theme attracted a huge (virtual) crowd. Expert Simon Jones, managing director at OnPR, a technology public relations and analyst firm, and a blogger at WearableTechWatch, bunkered down over in Munich and responded in real time to our followers’ tweets about this technology of the future — or is it now the present? In our first recap, tweet jam participants discussed how CIOs should prepare for bring your own wearables now. Stay tuned for more tweet roundups next week, which will all be found on SearchCIO.

Nicole Laskowski’s Data Mill column hit on another hot button topic: ethical dilemmas for data scientists. Columbia University challenges students to not just trust data-driven decisions, but also to think hard about ethics and data manipulation — especially as organizations try to monetize the data they collect. And speaking of the collection and storage of data, are you keeping up with all things data center? Take our CIO quiz on managing today’s data center to find out.

While CIOs wait for Columbia students bake and ripen, they’re plagued by the ongoing struggle to attract the right mix of IT talent within their organization — and there’s no time to dilly-dally. As new technologies like cloud, mobile computing and predictive analytics enter the enterprise, building teams quickly is important. Executive Editor Linda Tucci took notes at the Society for Information Management’s annual CIO gathering in Boston, sharing how four top-drawer business technologists are addressing the IT skills challenge.

Speaking of IT roles, how important is the CIO title? Senior Community Manager Jenny Laurello sat in on the recent “CEO/CIO Marriage Proposal” panel at the American Society of Association Executives (ASAE) Technology Conference in Washington, D.C. In other piece on the CIO role, Nigel Fenwick, a vice president and principal analyst at Forrester Research Inc., advised organizations to play to their digital strengths if they want to survive digital disruption — but is there a place for the CIO in all that?

And hot off the press today, this week’s Searchlight explores how omnichannel strategy could to return location-based social networking website Foursquare to relevance.

On our blogs…

Whether intentionally or by mistake, humans account for most cybersecurity breaches. In three separate midmarket studies released this month, the majority of participants pointed the finger of blame squarely at themselves when asked to identify their company’s biggest data security risk, but they should also turn a watchful eye on fellow members of senior management, said Senior Features Writer Karen Goulart. Also on our blogs, Senior News Writer Nicole Laskowski discussed the move away from strategy models and governance toward experimentation and agility. Dave Aron, an analyst at Stamford, Conn.-based Gartner Research Inc., suggests IT start playing Go, the oldest board game in the world, to find some strategic inspiration.

On SearchCompliance…

Contributor Christine Parizo examined the difference between compliance and security — a distinction made evident by recent retail credit card fiascos at companies assumed to be compliant with industry standards and regulations. In another tip, Jeffrey Ritter discussed the often-overlooked digital information governance factors that are critical to maintaining records management compliance.

Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to read stories right after they’re posted.


January 30, 2014  6:14 PM

Stealing digital strategy ideas from the game Go

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

The digital business seems to have cast aside strategy models and governance — those old IT mainstays — in favor of experimentation and agility. And for good reason. “Old strategy models don’t capture new realities,” said Dave Aron, an analyst with Stamford, Conn.-based Gartner Research Inc., at Gartner Symposium last fall.

GoMost strategy models are about “the lefthand side of the value chain,” he said, focused on producers and distributors rather than end users. But digital opportunities are a much more customer-centric initiative, and traditional models just aren’t cutting it. The real challenge for IT departments isn’t kicking strategy models to the curb — it’s figuring out how to design new models for the digital world.

Aron’s suggestion on where to find a little inspiration? Start playing Go, the oldest board game in the world, and hugely popular in countries like Japan, Korea and China.

Here’s how the game works: Two players sit opposite each other. One has a bowl of black stones; the other a bowl of white stones. Players take turns placing stones on a board with a grid-like pattern. “You don’t move stones, you just place them,” Aron said. The goal is to surround a larger total area of the board than your opponent. But here’s where things get tricky and where a mix of offensive and defensive thinking is required: Players not only need to acquire new territory but they also have to protect the territory they already acquired. If a player’s stones are surrounded by his opponents’, he loses control of the territory.

There are no dice to roll, no cards to turn over, no time limitation to adhere to. This is a game that requires strategic and tactical thinking, not unlike chess. But, whereas chess is one big battle, Go “is a war with multiple battles,” Aron said. Need more convincing that Go could influence digital business strategy? Consider this: IBM’s Deep Blue famously beat Garry Kasparov at chess in 1996 and again in 1997, but “no Go software can come anywhere near beating the best Go player in the world,” he said.

During his “maverick” session at Gartner Symposium, Aron explained how the game of Go could be applied to digital leadership and digital strategy. Here’s a handful of ideas to get you started:

1. Consider the corner. In Go, the most powerful spots on the board, and the first areas often occupied, are the corners — not the center. “Two walls of the house are already built, in a sense,” Aron said. Growing a digital business doesn’t have to mean building something shiny and brand new. Instead, figure out how to extend what you’re already doing into the digital space. “Look at the way GE talks about the industrial Internet,” he said.

2. Build a solid framework. The opening moves of Go are called fuseki. Players lay out their intentions, many times selecting a couple of different areas on the board they could develop, Aron said. Likewise, a business’ digital strategy should include more than, say, social media. “You want to adapt and explore and set up a big framework that’s loosely connected,” Aron said. Developing that framework will take time but should not be rushed. If you do hurry, “no matter how well you execute, you’re going to limit the value you create,” he said.

3. Be flexible. One of the strategic plays in Go is called sabaki , or “play lightly,” a technique once defined as “fancy footwork” utilized when conditions become hazardous or dangerous, Aron said. CIOs, take note: Especially during times of uncertainty (economic or otherwise), a little ducking and weaving may be in order. Don’t let certain assets or technologies that aren’t passing muster hold you back. Instead, be flexible. “We must be willing to cannibalize,” Aron said.

4. Nurture potential. In Japanese, agi loosely translates to taste; in the game of Go, it loosely translates to potential – both good and bad. Either can be undone in the long term, which means players have to think about their next move, as well as how each move, cumulatively, could impact their standing. CIOs, think of it as a reminder that sometimes it’s best to think long term rather than focus on immediate business outcomes, especially “in uncertain times, when we don’t know how cloud or social will play out in industries,” Aron said.

5. Listen to observers. There is an expression in Japanese Go that states, “Those who observe the game have an eight-point advantage over those who play the game,” according to Aron. “The observer has advantage of neutrality,” he said. When building a digital strategy, include digital nonexecutives and create positions on project/governance boards for people outside of the organization who have credibility but don’t have any skin in the game. They can provide a powerful perspective and ask the taboo or “stupid” questions without fear of judgment. Roles like these are traditionally used at the top of companies, but Aron suggests using them at lower levels as well, especially in digital-related initiatives.


January 29, 2014  5:21 PM

Data security risk: What to do when the enemy is you

Karen Goulart Karen Goulart Profile: Karen Goulart

When it comes to cybersecurity breaches, we have seen the enemy, and the enemy is you. More specifically, it’s your fellow members of senior management. In three separate midmarket studies released this month, the majority of participants pointed the finger of blame squarely at themselves when asked to identify their company’s biggest data security risk.

With so much news about large-scale data security breaches at major companies — including Target and Neiman Marcus, just in recent weeks — there’s been a lot of focus on the outsiders who are finding their way in. Who are these super-hackers, able to burrow into data these big companies have paid millions to protect? Of course it’s important to identify the perpetrators, but there’s also something to that whole ounce of protection being worth a pound of cure.

In the largest of the three studies, a Stroz Friedberg online survey of about 700 information workers, more than half graded the response of American companies to cybersecurity threats a “C” or lower.  Almost three-quarters said they were concerned that hackers “could break into their employers’ computer networks and steal their personal information.”

The biggest perpetrators in this survey were those in top leadership positions. Call it carelessness, call it hubris, whatever you call it, it puts a company’s assets at risk. A majority of senior management respondents — 58% — said they’d accidentally sent sensitive information to the wrong person via digital means. Another scary number: Nine in 10 senior managers copped to uploading work files to personal email and cloud-based accounts, potentially opening their companies to data theft and network attacks.

So what’s a CIO to do, in addition to keeping his or her own behavior in check, that is? The experts seem to agree on three steps: education, education and more education. In the Stroz Friedberg survey, respondents who said they avoided risky digital behavior pointed to strict company policy as the reason. That’s great, but there’s probably a little more to it. A company can have the tightest security policies in corporate America, but if no one reads them, they’re worthless. These policy-abiding employees likely come from companies where leaders take the time to make sure the rules are fully understood. Former White House CIO Theresa Payton put it well in a conversation with SearchCIO about cybersecurity:

“It needs to not be that thing the security group does; it needs to be something that’s seen as a part of the corporate culture — not a once-a-year ‘check it off the list,’” Payton said. “It’s posters, it’s conversations, it’s case studies, it’s healthy competitions where you’re playing Internet safety games, it’s a variety of different things. In the beginning, it’s got to focus on the individual, because that’s how they’re going to remember it. ”

As for getting the data security risk message to fellow executives and senior management, Payton had some helpful tips for that as well. Even if you regularly provide them with security briefs and information, they may not be reading/remembering that information — so find ways to make it stick:

  • Communicate in their terms, according to their goals and directives. Connect your security information to their important business initiatives.
  • Look at the company strategy. Tie your security conversation to individual company objectives.
  • When new projects are announced, talk about the changes you’ll be making to security to accommodate that project.

What are your best tips for curbing data security risk? Drop us a note in the comments.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: