Security

Top CIO distractions (and how to avoid them)

The average CIO is expected to understand diverse topics ranging from networking to the latest malicious software that might come knocking. Here are some of the top distractions facing today's CIO.

The CIO's job description is a bit mercurial compared to other C-level positions. It's clear what the CFO, CMO, and COO are responsible for, yet the average CIO might be tasked with anything from deeply understanding a marketing strategy and determining how to best manage complex customer data, to being summoned to the boardroom to fix a broken projector when the directors are in town. The average CIO is expected to understand diverse and complex topics ranging from modern networking to the latest malicious software and criminal hacker groups that might come knocking. With this diverse and nebulous body of content, it's easy to get distracted. Here are some of the top distractions facing today's CIO.

Shiny new devices

Most CIOs I've worked with have had an "Apple moment," when some executive rushes into your office with a gleam in her eye and begins to breathlessly recount their trip to an Apple store. They'll quickly ask why the company doesn't have a tablet in every briefcase, handheld devices in every pocket, and an array of sleek devices perched upon post-modern Swedish furniture in every corner.

While this can seem frustrating, the silver lining is that executives outside IT are starting to see creative applications of technology, and it's getting their juices flowing. While their excitement might be misdirected, it presents a perfect opportunity to talk about the business problems your company might solve through some of these new technologies, as well as the risks and cost.

Hackers and crackers and malware (oh my!)

The press loves a good crime story, and it takes little to spark readers' imaginations with tales of pimply-faced ne'er-do-wells or nefarious government agents oiling their digital "muskets" and preparing for "cyber warfare." IT security is like insurance: no one wants to pay for it until it's too late. While it may be tempting to leverage fear-driven panic into a fat security budget, you'll be more respected in the long run for presenting a cool head and using these discussions to spark talk about a comprehensive risk-management strategy for your IT assets.

It might not be as sexy as hiring a crack team of security experts or installing some complex vendor-provided "solution," but security should be one piece of a puzzle that includes disaster recovery and risk mitigation. Make it clear that unlimited security is too expensive in terms of money and usability, and drive the discussion toward measuring the financial impact of a disaster (security or otherwise) and using that knowledge to determine how much to spend on countermeasures.

The Cloud

Cloud computing is a great arrow in the CIO's quiver, essentially allowing technology services to be purchased as needed from a third party. The problem with cloud is that it's morphed into a technology snake oil of sorts, able to solve any and all problems and immediately fingered as the best solution to all problems.

Help your peers understand that cloud is like third party manufacturing for IT, with all the associated benefits and risks that entails. I see article after article expressing shock when cloud providers fail, maintain inadequate security, or don't meet their service agreements. This is exactly what can happen with any third party relationship, and "the cloud" does not magically excuse you from doing appropriate due diligence and vetting of your potential vendor.

Help your peers avoid being caught up in the "magic" of the cloud, and you can use it as an appropriate tool, rather than magic pixie dust that is sure to eventually disappoint.

While it's tempting to roll your eyes and hide behind your desk when you hear footsteps headed your way to discuss one of these topics, remember that in the long run, keeping technology visible in the minds of your peers is always a good thing. Keep your eyes on the business press, and as potential distractions emerge have thoughtful comments about how these concerns apply to your business. Being dismissive or haughty in your comments only makes you appear out of touch.

In all cases, bone up on your business knowledge, and when you present thoughtful, considered commentary about how each distraction might affect your business, or could be relevant or irrelevant, you'll move the CIO role closer to a clear definition: a trusted advisor who can apply technology to solve business problems.

About

Patrick Gray works for a global Fortune 500 consulting and IT services company and is the author of Breakthrough IT: Supercharging Organizational Value through Technology as well as the companion e-book The Breakthrough CIO's Companion. He has spent ...

3 comments
the_tech_mule
the_tech_mule

The CIO at my former company fancied himself a technologist but didn't really understand how technology worked in the deeper layers. He was just as fascinated about the cloud and shiny new toys as any other executive and because he was "IT", the rest of the C-levels follow like lemmings.

TooOldToRemember
TooOldToRemember

the content. Each of the areas discussed are closed with the observation/recommendation to use them as starters for directed conversations and education. Could also see a much longer list that covers multiple columns.

Odipides
Odipides

Unless you're doing something illegal, proper DRP is more important than security. Virtualisation and a good backup procedure probably provides more real benefit than most 'so-called' security tools.