When it comes to cybersecurity breaches, we have seen the enemy, and the enemy is you. More specifically, it’s your fellow members of senior management. In three separate midmarket studies released this month, the majority of participants pointed the finger of blame squarely at themselves when asked to identify their company’s biggest data security risk.
With so much news about large-scale data security breaches at major companies — including Target and Neiman Marcus, just in recent weeks — there’s been a lot of focus on the outsiders who are finding their way in. Who are these super-hackers, able to burrow into data these big companies have paid millions to protect? Of course it’s important to identify the perpetrators, but there’s also something to that whole ounce of protection being worth a pound of cure.
In the largest of the three studies, a Stroz Friedberg online survey of about 700 information workers, more than half graded the response of American companies to cybersecurity threats a “C” or lower. Almost three-quarters said they were concerned that hackers “could break into their employers’ computer networks and steal their personal information.”
The biggest perpetrators in this survey were those in top leadership positions. Call it carelessness, call it hubris, whatever you call it, it puts a company’s assets at risk. A majority of senior management respondents — 58% — said they’d accidentally sent sensitive information to the wrong person via digital means. Another scary number: Nine in 10 senior managers copped to uploading work files to personal email and cloud-based accounts, potentially opening their companies to data theft and network attacks.
So what’s a CIO to do, in addition to keeping his or her own behavior in check, that is? The experts seem to agree on three steps: education, education and more education. In the Stroz Friedberg survey, respondents who said they avoided risky digital behavior pointed to strict company policy as the reason. That’s great, but there’s probably a little more to it. A company can have the tightest security policies in corporate America, but if no one reads them, they’re worthless. These policy-abiding employees likely come from companies where leaders take the time to make sure the rules are fully understood. Former White House CIO Theresa Payton put it well in a conversation with SearchCIO about cybersecurity:
“It needs to not be that thing the security group does; it needs to be something that’s seen as a part of the corporate culture — not a once-a-year ‘check it off the list,’” Payton said. “It’s posters, it’s conversations, it’s case studies, it’s healthy competitions where you’re playing Internet safety games, it’s a variety of different things. In the beginning, it’s got to focus on the individual, because that’s how they’re going to remember it. ”
As for getting the data security risk message to fellow executives and senior management, Payton had some helpful tips for that as well. Even if you regularly provide them with security briefs and information, they may not be reading/remembering that information — so find ways to make it stick:
- Communicate in their terms, according to their goals and directives. Connect your security information to their important business initiatives.
- Look at the company strategy. Tie your security conversation to individual company objectives.
- When new projects are announced, talk about the changes you’ll be making to security to accommodate that project.
What are your best tips for curbing data security risk? Drop us a note in the comments.
This week, SearchCIO and SearchCompliance shared a slew of content covering a wide variety of IT hot-button issues. On Monday, the Data Mill was all about Hadoop – Hadoop 2.0, to be specific. In her weekly column, Senior News Writer Nicole Laskowski talked to Merv Adrian and Nick Heudecker, both analysts at Gartner Inc., to get the skinny on how Hadoop 2.0 will impact big data and big data technologies.
Our longtime expert contributor Niel Nickolaisen has taken on a new role as chief technology officer at O.C. Tanner Co., a Salt Lake City-based human resource consulting company focused on designing and implementing employee recognition programs. Lucky for us, his new role hasn’t slowed him down. In this week’s CIO Matters column, Nickolaisen examined how ITSM principles boost service levels and free up IT resource capacity in a fast-paced IT environment.
TechTarget’s senior VP of editorial Mark Schlack tackled a two-part overview of TechTarget’s annual survey of IT priorities, which drew 5,241 worldwide respondents, including 1,368 in the U.S. and Canada. In his first recap, Schlack observed that the IT master plan for 2014 includes a lot of business intelligence, mobility and Windows 8. In the second part, Schlack analyzed 2014′s enterprise IT blueprint. Looking to read more about IT salaries in the year ahead? Check out our IT Salary Survey guide.
In a CIO Snapshot feature by Karen Goulart, four executive-level IT leaders share what they see as the biggest CIO challenges today and in the immediate future. Leaders spotlighted include University of Miami Deputy CIO Brad Rohrer, Institute of Electrical and Electronics Engineers CIO Alexander Pasik, TopGolf International Inc. CIO Tom LaPlante and Boston Celtics Vice President of Technology Jay Wessel. Learn why keeping up to speed and embracing the cloud top their lists.
In Goulart’s weekly SearchCIO Searchlight column (fresh off the press today!), she looked at how the NSA surveillance fallout could result in a data collection policy for all. Read on to learn some not-so-good news for HP and BlackBerry.
In Compliance news…
On Jan. 16, SearchCompliance hosted its inaugural #GRCchat tweet jam. Participants logged on to Twitter to answer a series of questions following an information governance theme. In our first recap, tweet jammers highlighted the importance of streamline management. Other #GRCchat recaps reviewed how to craft a complete info governance structure, who and when to train staff in info governance, and which departments or roles should be responsible for championing risk management.
Our next #GRCchat will take place Feb. 20 at 12 p.m. EST. In the meantime, join SearchCIO’s #CIOChat Jan. 29, at 3 p.m. EST, where the topic du jour is wearable technology.
In light of the recent data breaches at a major retailer (cough, cough, Target), credit card anti-fraud efforts are taking the data-privacy spotlight. Fraud certainly causes headaches for all involved — for starters, the organization that allowed the breach and is suffering financial and reputational damage, and of course the individuals whose information has been stolen. In SearchCIO Data Mill last week, Nicole Laskowski visited the concept of credit card bust-out fraud, a scam causing not just headaches, but migraines, for financial institutions.
As we gear up for a “wearables”-themed #CIOChat, read our recent consumer tech coverage from the 2014 Consumer Electronics Show in Las Vegas. We didn’t attend, but Twitter was buzzing with live updates and a constant stream of news-worthy content, and Senior Features Writer Karen Goulart rounded up some of the best CES coverage from the Web.
Speaking of Searchlight, Goulart’s most recent Searchlight piece was all about why CIOs need to up their cyberthreat defenses, how Google is getting more connected and what the net neutrality ruling means for the average American.
Executive Editor Linda Tucci rolled out a two-part feature story featuring Wade Miquelon, CFO of Walgreens. In part one, Miquelon discussed the tug of war between IT legacy systems and technology that could reinvent the business. The second part looked at the costs of strategic technology and the benefit of new-age supply chains.
In small-business news, Jenny Laurello, SearchCIO’s senior community manager, sat down with American Society for Association Executives (ASAE) CIO Reggie Henry at the organization’s recent technology conference to learn why IT executives should continually recalibrate their IT roadmap in 2014.
Over on SearchCompliance.com, we rolled out two videos, one from the 2013 ISSA International Conference and another from the ARMA 2013 International Conference and Expo. In the first video, Professor Glenn Harlan Reynolds shared how whistleblower protection could benefit public and private sectors. In the second video, Barry Murphy, principal analyst and co-founder of eDJ Group Inc., discussed why data profiling is key to a successful information management strategy.
Of course, don’t forget to browse through our Essential Guide for news and tip covering the latest trends in IT executive compensation, employee satisfaction and the evolution of IT careers. Stay tuned for our next weekly roundup here on CIO Symmetry and follow @SearchCIO, @SearchCIOSMB and @ITCompliance to read stories as soon as they’re posted.
Alongside our New Year’s coverage of TechTarget’s 2013 IT Salary and Careers Survey, SearchCIO, SearchCIO-Midmarket and SearchCompliance have been pouncing on the hot topics of 2014: IT transformation, customer engagement and what’s next in tech — i.e. wearables, cloud computing and big data tools.
If you’re following consumer technology news, odds are you’ve heard a lot about the 2014 International Consumer Electronics Show (CES). Techies and leaders in information technology flocked to Las Vegas last week (Jan. 7-10) to preview the year’s new gadgets and talk topics like the Internet of Things (IoT) and wearable technology.
Senior Features Writer Karen Goulart ended the week, per usual, with her SearchCIO Searchlight column, and the main topic of her weekly recap was CES and wearable technology. There was a similar theme in Goulart’s first Searchlight of 2014, a list of lists that predicted what’s next in technology.
Other news from SearchCIO
Among the 830 IT leaders who responded to the biannual TechTarget Cloud Pulse survey, 45% indicated “business needs” as their top reason for adopting public cloud technologies. Karen Goulart talked to Laura Patterson, CIO for the University of Michigan in Dearborn, Mich., about the results. Goulart delivered a whole slate of recent cloud computing reportage: check out how CIOs are using cloud toward an end-to-end implementation strategy and the importance of security in new cloud computing arrangements.
Since the calendar year turned, SearchCIO experts have shared important news and advice for CIOs and IT leaders. Peter Burris, vice president and research director in the CIO practice at Forrester Research Inc., highlighted three fronts where companies must engage with their customers in an expert tip. In addition, CIO Niel Nickolaisen outlined 10 steps guiding the CIO’s trek toward IT transformation in this column.
As the year wound down, SearchCIO hosted a tweet jam with an “IT resolutions and regrets” theme. In recaps from the #CIOChat, participants shared their project focus regrets and how to resolve IT issues in 2014. And speaking of IT resolutions, Senior News Writer Nicole Laskowski looks at big data/semantic analysis and other data-related IT resolutions in The Data Mill. In her latest Data Mill, Laskowski looks at how big data takes a big bite out of credit card fraud.
Finally, in a fun tip Jenny Laurello shares how the collaborative skills of Quincy Jones, longevity of the Rolling Stones and tenacity of Tina Turner are the makings of a potent digital strategy.
Coverage from SearchCIO-Midmarket
SearchCIO wasn’t the only site to report on CES 2014 and cloud trends. In this recap, take a look at how the Internet of Things (IoT) and wearables have enterprise CIOs envisioning a consumerized-tech future. Goulart talked to two in-the-know CIOS about advice for cloud computing novices in a CIO Symmetry blog post. Managing Editor Rachel Lebeaux also took to the blog to discuss Boston’s technology wish list.
There’s more: A panel of experts at the ASAE’s Technology Conference detailed how to create an enterprise MDM policy and ensure mobile device security, reported our community manager Jenny Laurello attended the event. And finally, readers can test their knowledge pertaining to project management practices by taking our quiz.
Updates from SearchCompliance
Looking to give compliance a boost in 2014? In this Q&A with Derek Gascon, executive director of the Compliance, Governance and Oversight Council, we look at how effective data management strategy can transform IT organizations.
Attention CCOs: What is Rule 38a-1(c) of the Investment Company Act of 1940 and how is it lowering liabilities for CCOs? Get answers in this FAQ by Caron Carlson, part of SearchCompliance’s IT Compliance FAQ series.
Site Editor Ben Cole took a trip to ARMA’s international conference and came back with a plethora of info for security and compliance professionals. To start, watch this video interview with Barry Murphy, principal analyst and co-founder of eDJ Group Inc., about profiling data as part of an information management strategy. Next, watch how certain unique business needs force information governance to adapt in this video Q&A with ARMA International Executive Director of Content Diane Carlisle.
Top stories across sites
Every fall, TechTarget polls the IT masses to find out which technology professionals have enough dough in which to roll. In addition to learning who the high earners are, TechTarget’s 2013 Annual Salary and Careers Survey asked participants (1,711 IT professionals in North America) about bonuses, pay cuts, IT budgets/staffing and overall job satisfaction.
Over the past couple weeks, the writers and editors at SearchCIO and its sister sites have sifted through the salary data, turning out story after story for your reading pleasure, plus another special treat.
Visual learners, rejoice! Take a look at our — if we do say so ourselves — visually appealing IT career salaries infographic, which depicts everything from 2013 salaries and expected compensation changes in 2014 to IT priorities and the mood within IT organizations.
Looking for a more detailed overview of our survey? Head over to our Essential Guide for the ultimate overview of our Salary and Careers Survey stories. Topics covered include:
The IT executive perspective
Three senior IT executives dish on their compensation and what keeps them engaged in the workplace. Read the full feature by SearchCIO Editorial Director Christina Torode to absorb their advice and learn about their top projects in the year ahead.
Senior IT execs’ increased earning potential
Could you be making more money? A senior IT executive’s earning power is contingent on industry, company size, company revenue and a number of other factors. Executive Editor Linda Tucci picks apart the salary data.
Compensations on the rise
Senior IT executives responding to the survey reported an increase in compensation in 2013. Senior Features Writer Karen Goulart explains how those compensation numbers are expected to increase steadily through 2014.
Innovation and growth make IT do the happy dance
Just like Mom always told you, money doesn’t equate to happiness — so what does? Goulart weeded through the survey data on IT job satisfaction and the organizational mood and found that CIOs get excited when they see their company moving forward.
Cloud, cloud and more cloud
According to salary survey respondent David Girard, “Cloud is making a huge difference to IT careers.” Learn why cloud computing continues to loom large, plus more from Torode on career goals among IT professional.
Budgets and headcounts: Up or unchanged
Overall, IT leaders saw a stable or growing change in their IT department budgets and headcounts, according to survey results parsed by Senior News Writer Nicole Laskowski. Several executives weigh in on how they’ll direct IT resources in the year ahead.
BYOD continues to gain traction in IT
Outsourcing who? Bring your own device takes the spotlight in Laskowski’s roundup of top technology priorities, while only 2% of survey respondents said that outsourcing and privacy are their primary project areas.
The GRC salary
SearchCompliance Site Editor Ben Cole took a peek at salary trends amongst the governance, risk and compliance professionals who took our survey – turns out, as the demand for their skill increases, so do their salaries.
What do you think about all this salary mumbo-jumbo? Do these numbers and experiences match up with your own? Share your thoughts here or on the individual story pages.
As 2013 was coming to a close, SearchCIO took a look ahead to the new year and asked some CIOs and industry experts to weigh in on the shape of cloud strategies in 2014. It looks like we’ll be seeing enterprises embrace new trends in security and a drive toward going data center free in the months to come. But what about the midsize companies? Those who fall between startups running entirely on cloud and enterprises with the staff and budget to put toward cloud directives? Some companies have only made baby steps — sometimes inadvertently, if at all — toward embracing the cloud. What should they be looking to do this year ?
Two of the CIOs we spoke to for the cloud strategies 2014 story were more than happy to share their advice. As much as one can be an old hand at a relatively new technology, these two gentlemen are it. Alexander Pasik is a former analyst with Stamford, Conn.-based Gartner Inc. who served as CIO for the Guggenheim (where he finished his tenure with 70% of applications being cloud based ) and is currently looking to go data center-free as CIO for the Institute for Electronics and Electrical Engineers (IEEE). Larry Bolick is CIO of Boston-based Aquent, where he started going all in on cloud back in 2008.
What advice would you give a CIO who is just starting to seek cloud solutions?
Alexander Pasik: As you go from infrastructure to platform to software as a service, the economic benefits increase. So if you can identify well defined point solutions for SaaS, like e-mail, contact and calendar or if , suppose you’re a small company and you haven’t invested a lot in a financials package, financials packages are pretty much consistent, you’re not going to get an advantage by using financial package over another so why not use a cloud based one? So it’s a matter of identifying the things that are as boiler plate as possible, that you’re not going to want to make changes to, that you can just use out of the box. Like an e-mail system, like a financial system, etcetera.
Should they be worried about the maturity of solutions at this point?
Pasik: That’s the thing, right now it’s so hyped up that there’s a lot of vendors providing solutions in the cloud, but many of these vendors might be very small and might have very limited sustainability. You might be tempted to go with a cloud vendor who has some interesting, unique solution that you can just plug and play. But if these guys are a start-up that may not be around in a year then you’re stuck because you just put all your data in their systems. So you do have to make sure that you are working with reputable vendors that you know you can rely on.
What advice would you give a CIO who is just starting to look at using cloud?
Larry Bolick: I think the logical starting points are still where they were when I started. If you haven’t used cloud to begin with, you’re probably going to start thinking about an application that hosted in the cloud like with a Google or a Salesforce or something like that. But to use clouds as a kind of the PaaS or IaaS you’re probably going to start through your software development organization or your IT organization. Just to get them familiar with it. Because you need the systems administration ability anyway from that organization to get familiar with the cloud to support all that stuff. So that’s the logical place to start. Within that organization, everyone needs and extra server now and then to scale or everyone needs a test environment that’s not part of your production software environment – those are the areas that that traditional – if you can call three or four years a tradition - those are the areas that are have been the place where many folks have started getting familiar with cloud based services.
What about having the right skills?
Bolick: One nice thing now is it’s easier to find the system administration resources that are familiar with cloud services and virtualization that’s associated with it than it was a few years ago. A few years ago you basically had to grow those resources and now you can find them just as the market has got more legitimacy and more people have started using them.
SearchCIO and its sister sites certainly didn’t slow down during the holiday season. Across all three sites — SearchCIO, SearchCIO-Midmarket and SearchCompliance — we’ve been turning out year-end content to prep IT leaders for 2014, our major focus being our annual IT Salary and Careers Survey.
The first salary story to hit the Web, compliments of Editorial Director Christina Torode, looked at the IT executive salary as well as their career and project ambitions.
Over the next few weeks, writers and editors across the TechTarget network will share salary results and career trends. While you wait for those, read Linda Tucci’s take on CIO earning potential and Nicole Laskowski’s story on top projects in 2014.
Other trending stories:
Salary trends aren’t the only developments on our mind. This week’s Data Mill by Nicole Laskowski looked at the Bitcoin phenomenon and recapped her trip to the MIT VC conference.
In the first part of this feature by Karen Goulart, CIOs and cloud experts suggest that 2014 will be the year when cloud really matures as the focus turns toward end-to-end solutions rather than the disjointed use of cloud solutions and services. The second part of this story looks at the maturation of Infrastructure as a Service, the importance of IT service catalogs and why cloud is no longer driven by cost.
We continue to share stories from the Global Direction 2013 conference. In this two-part video, Tucci talks to AIIM president John Mancini about legacy IT systems. In the second part, Mancini shares his views on the future of big data in the enterprise.
Future State is back, and asking, “Can application performance monitoring tools improve regulatory compliance?” In this column, SearchCompliance Site Editor Ben Cole explored the emerging use of application performance monitoring as a tool for regulatory compliance.
On SearchCIO-Midmarket, we looked at Boston’s technology strategy and planning process in what Managing Editor Rachel Lebeaux tags “an easy-to-follow keep-implement-dream format.” Along similar lines, learn how Renato Sogueco, CIO of the Society of American Florists, chose a different path when creating his company’s mobile device management policy.
I was there as a resident, not as a technology editor, but as I settled into this past Saturday’s town hall-style forum led by Boston Mayor-elect Marty Walsh, it quickly became apparent that I’d be talking tech on my day off.
The mayor-elect and his staff are gathering feedback on all areas of city life as he prepares to take over the big job in Boston next month, and I chose to attend the breakout session on improving basic city services under the new administration. The session covered everything from providing more recycling bins where needed to improving communications in the business-permitting process.
But much of the conversation revolved around technology. SearchCIO has interviewed Boston CIO Bill Oates several times on such initiatives as the Citizens Connect app, creating mobile and online interfaces, gamification and more. I thought I’d share the relevant information from the session handout, which provides some nice insight into Boston’s technology strategy and planning process in an easy-to-follow keep-implement-dream format. Continued »
Did your kids experience their Hour of Code last week? In Friday’s CIO Searchlight column, Senior Features Writer Karen Goulart turned our attention to the timely Computer Science Education Week initiative, during which K-12 teachers were prompted to expose students to at least an hour of computer programming. But, as Harvard economist Edward L. Glaeser argued in The Boston Globe, an hour of programming work is not nearly enough to make an impact.
Getting tikes to tinker with Angry Birds wasn’t the only out-of-the-ordinary idea SearchCIO shared last week. How about a lesson in enterprise business value derived from an analysis of tweets? In this two-part CIO Trailblazer feature with Sherry Emery, senior research scientist at the University of Illinois at Chicago’s Institute for Health Research and Policy, Senior News Writer Nicole Laskowski writes about harvesting the potential and value of Twitter. In part one, Emery explains how her tweet analysis yielded unfiltered chatter on what teens are smoking. In part two, we delved into using tweet analysis to communicate in customer-approved lingo.
Diving deeper into data analytics, Laskowski looked at the next stage in data analytics in last week’s Data Mill. When you think big data, General Electric Co. and Macy’s Inc. might not be the first organizations to come to mind, but big data is fast becoming central to their business models, according to Tom Davenport, president’s chair and distinguished professor of information technology and management at Babson College in Wellesley, Mass. Davenport’s recent research has led him to believe the industry has entered a new era, one he’s calling Analytics 3.0.
Other pieces from last week:
Chatter about big data among IT leaders at the recent SearchCIO360° breakfast revealed that IT self-service can be a gift for CIOs. According to the IBM Digital Analytics benchmark, mobile traffic has increased by 45% over last year and accounts for about one-third of all online traffic. In her CIO Matters column, Executive Editor Linda Tucci explains that we are more likely to use our phones for browsing and our tablets for closing the deal, and that we now prefer to buy via machine rather than face to face.
We rolled out our Essential Guide on data protection, providing CIOs with advice for guarding their organization’s information assets, addressing such areas as mobile, the cloud and data governance strategies.
And over on SearchCompliance: Contributor Ed Moyle explained how integrating data security continuous monitoring processes with regulatory controls provides big benefits for IT compliance; and a video from our ISSA International Conference coverage looked at the bleak future of IT security.
Thanks for catching up with us. Have a great week!
We’d like to think SearchCIO was sounding really intelligent last week with all of our “smart” talk.
For starters: In Senior Features Writer Karen Goulart’s weekly Searchlight roundup, which features top stories and blog posts from around the Web, she highlighted John Markoff’s New York Times article on Google’s plans to get into the robot biz. Robot discussions were already the talk of the Web following Amazon’s Prime Air reveal, and Goulart didn’t shy away from taking on smart machines and the attack of the drones. Also in Searchlight: Apple gets social with its purchase of Topsy Labs and users are outraged about their stolen-and-published Yahoo, Facebook and Google passwords.
Other “smart” talk focused on an emerging breed of apps, smart process applications, which are aimed at streamlining and optimizing human-based behaviors to increase productivity and improve business agility. For our CIO Citings piece on smart process apps, Agile and data, Managing Editor Rachel Lebeaux selected some of the best quotes from our recent CIO Decisions e-zine from Wellesley College CIO Ganesan “Ravi” Ravishanker, Yammer co-founder and CTO Adam Pisoni and other technology heads.
Moving away from smart machines and smart process apps, we also took a look at a smart CIO with a cloud-first vision. Two years ago, the University of Miami brought in CIO Steve Cawley to help centralize IT service management and transform the university’s IT to a cloud-first organization. In this CIO Innovators profile, our Goulart interviews the university’s deputy CIO, Brad Rohrer about its cloud-first philosophy (Part 1) and how Software as a Service got it there (Part 2).
Other news and tips from our sites last week:
SearchCIO contributor and December tweet jam expert Harvey Koeppel discusses how BPM and BPO practices are evolving, converging and changing the nature of work in his CIO Matters column.
In one of our weekly favorites, The Data Mill, Senior News Writer Nicole Laskowski asks readers, “Want better analytics?” The secret, according to John Lucker, a consultant with Deloitte Consulting LLP, is asking “crunchy” questions that align with strategic goals, relate to key performance indicators and are designed to be both actionable and informational.
Last week on CIO Symmetry, Laskowski blogged about a “technology obsessed” world. Read what she had to say, and then put down your handheld device and “be brave in the new world.”
We rolled out a lot of video coverage from the ISSA International Conference, where we sat down with a number of security professionals to discuss cybersecurity’s impact on IT. In this SearchCIO-Midmarket video, Christina Torode asks Randy Sabett, an attorney at ZwillGen PLLC, about the legal limitations of active cyberdefense. At the same show, SearchCompliance reports on predictive security intelligence, an information security plan for 2014 and leveraging free security tools.
Finally, we close out our weekly roundup with a Q&A from SearchCompliance that looks at techniques for adapting data governance strategies to the digital age. Information management expert Jeffrey Ritter, discusses how to improve the connection between modern data governance best practices and business success to boost a company’s overall management activities.
Thanks for catching up with us. Have a good week!