Security breaches put the value of corporate IT front and center. For instance, high-profile hacks may shift the balance of IT power back to CIOs.
The past several years have marked a significant evolution in how corporate IT is procured, deployed, and managed. A long recession cut many IT budgets to the bare minimum, forcing IT leaders to maintain critical systems and services rather than focusing on end-user "nice to haves."
While struggling to keep the lights on, cloud-based software and services simultaneously commoditized many expensive IT functions, and lowered the price of entry for everything from email to Customer Relationship Management (CRM) from months of implementation time and heavy IT involvement to a few minutes and a credit card.
An increase in IT spend from nontraditional sources, particularly marketing, further shifted the balance of IT power away from IT leaders, causing many to conclude that the CIO and similar positions were consigned to irrelevance at best, and doomed to be removed from the executive suite at worst.
2015 changes the game
IT security in particular was a tough sell, with the concept of malicious actors' — ranging from organized crime to government actors to militant groups — seemingly senseless fearmongering rather than an emerging reality. Just as many were ready to relegate IT to a utility player in the enterprise, a series of IT-related news stories hit, detailing high-profile hacks that affected everything from employee salaries and communications to government social media accounts.
IT leaders, particularly those with security expertise, are suddenly in demand once again. Now, some are calling for a return to tightly controlled, centrally managed IT.
An opportunity for IT
These events have likely caught many IT leaders flat-footed, and many will struggle to invest limited resources into highly specialized areas like IT security, caught in a reactionary mode. It may even be tempting to take advantage of security worries to sow fear in the hopes for more money and staff. However, while you may be faced with a scramble to secure your infrastructure, conversations around these areas can be used to discuss the role of corporate IT going forward. Like most areas of IT, security is a constant trade-off between providing access to useful services, and opening the door too much and allowing malicious actors into your corporate resources.
IT security can serve as a springboard for discussions around everything from accommodating a growing pool of mobile devices that users want to connect to corporate resources, to an overarching strategy for what corporate IT looks like in the coming 18 months. These discussions may seem like taking advantage of a crisis, but coming to the table with well-considered plans and strategies and initiatives that seek to accommodate a strong user focus while protecting company assets, presents IT leaders as trusted advisors who want to help the company succeed, rather than policy-obsessed control freaks.
Security breaches will likely continue to the point that addressing them will almost become routine. Before that occurs, CIOs should use the recent events of 2015 to demonstrate the value that corporate IT brings to the table. This just might be the "year of the CIO," rather than another year when control of IT is outsourced, sent to the cloud, or co-opted by marketing and sales.