Archive for October, 2009

Newer Entries »

The Insider Threat: What CIOs Need To Know

Monday, October 12th, 2009
CIOs Know That Insiders Represent The Biggest Threat (c) - 2004

CIOs Know That Insiders Represent The Biggest Threat (c) - 2004

When you think about someone trying to make off with your company’s private data, what comes to mind? Some wily Russian hacker who sneaks into your company’s network through the backdoor? Perhaps you need to update your thinking. A recent report from Cisco revealed that the real threat is coming from insiders. What’s a CIO to do?

Identifying The Threat

By now all CIOs realize that their corporate networks and data are under almost constant assault. However, most of the steps that CIOs have taken to secure their networks have been designed to defend themselves against the attacker who comes from the outside.

Information that was revealed in the Cisco report included that workers are sharing corporate information with outsiders for a variety of reasons. These include sharing data simply in order to get an outsider’s opinion on something, to show off work that they’ve done to others, etc.

On top of the active taking of corporate data, Cisco’s report revealed that some 66% of those who responded admitted to engaging in activities that would allow someone else to access corporate data (things like not logging off and then leaving their computers on at work overnight!)

Data Loss Prevention

If a CIO ever wants to get to sleep again, something has to be done to solve the data loss threat that insiders pose to the firm. There is no magic bullet, but one approach to dealing with this problem is to deploy a data loss prevention (DLP) suite of tools.

In true “big brother” fashion, a DLP suite generally consists of a network scanner coupled with multiple tools that allow an IT department to collect information on what data is being used and by whom.

Before moving forward with implementing a DLP solution, CIOs need to take the time to prepare to use this new set of tools. The steps involved include:

  • Secure The Important Stuff: before you go worrying about trying to secure how data is used throughout the enterprise, first identify the most important data and ensure that it is locked down.
  • Close Your (Network) Doors: before you can worry about insiders doing you harm, you need to make sure that outsiders can’t get in. This requires analyzing both your network ports and the protocols that the company’s network is using to make sure that they are secure.
  • Create A Baseline: in order to detect when the wrong things are being done, you need some way to detect them. Creating baselines such as point-in-time content signatures for sensitive data stores is a first step in doing this.
  • Start Inspecting Traffic: the way that you can prevent information from going to internal sources that don’t have a need to know is by installing automated network traffic inspectors. Setting parameters so that notifications of data breeches are flagged will do a great deal to prevent data loss by internal threats.

Final Thoughts

The value that a CIO brings to a firm is that he / she is able to harness IT resources in order to help the company succeed. As part of this task, the CIO is also responsible to make sure that sensitive corporate data remains secure from both external and internal threats.

CIOs that learn how to deploy DLP solutions in order to protect against the data loss threat from insiders will be better at finding ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Since most firms have no idea about what to do with their corporate research facilities, responsibility for the labs often falls under the control of the CIO (because most firms don’t know what to do with IT either). Great. So what’s a CIO to do when he/she is responsible for a corporate R&D lab?

Tags: , , , , , , , , , , ,
Posted in security | 1 Comment »

Who Should A CIO’s BFF Be: The CEO or The CFO?

Wednesday, October 7th, 2009
Worldcom's Bernard Ebbers Would Have Been A Bad Friend For CIOs To Have

Worldcom's Bernard Ebbers Would Have Been A Bad Friend For CIOs To Have

The times they are changing. Let’s take a moment and have a talk about one of a CIO’s key survival skills: the ability to successfully negotiate office politics. Specifically, if you could only have one best friend, who should it be: the CEO or the CFO?

Changes In The Workplace

The workplace that a CIO works in looks nothing like it did as little as 10 years ago. The changes that have happened have reshaped the boundaries of power. The CEO used to be the rock star who acted as a visionary leader. Think of Bill Gates, Tom Siebel, and Larry Ellison. However, the corporate scandals that rocked the business world at the start of the new millennium (i.e. Worldcom, Enron, etc.) has created the need for a change at the top.

Philip Tulimieri and Moshe Banai have taken a look at the that changes that have been taking place in the C-suites of major firms. They believe that a new focus on ensuring accountability by the senior executives, especially the CEO, plus the arrival of new regulations such as the Sarbanes-Oxley Act have changed who investors want to have running the company.

In the past, CFO were generally in the shadows of the CEOs – simply acting as mangers of the company’s money and trying to make sure that the company didn’t do anything too wild that they couldn’t pay for. This is all changing now.

The Arrival Of Co-Leaders Of A Company

In today’s corporate world, the balance of power is shifting. No longer is the CEO the only person running the show. Instead, the CFO is now playing a larger role – sorta a co-leader if you will.

The roles of a CEO and CFO are still different. A CEO has the responsibility of always being positive and working to move the company forward at all times. The CFO, on the other hand, is responsible for making sure that the company approaches every situation with caution and does its best to minimize the risk that it is being exposed to.

Tulimieri and Banai have made the interesting discovery that the rise of the CFO has meant that the role of the Chief Operating Officer (COO) has started to decline. The CIO is also responsible for this – that automation of much of a firm’s back office operations has reduced the need for the COO.

What’s A CIO To Do?

CIOs need to navigate these new corporate political waters very carefully. Yes, the CEO is still an important ally to have on your side; however, no longer is this enough – now you also have to be on good terms with the CFO.

One of the biggest challenges going forward will be keep both leaders happy. It’s important to realize that there will be disagreements between the CEO and CFO and that’s when the CIO needs to be most careful.

The challenge for any CIO is on which relationship should the most time should be spent. This will be different for every company. However, the CIO has the opportunity to show a great deal of value by facilitating communication between these two executives.

Final Thoughts

A CIO who can provide the information that a CEO needs in order to drive the company forward while at the same time providing the information that the CIO needs in order to measure the risk, will be seen as valuable.

The arrival of the CFO at the top of the company’s decision making structure means that being able to measure the financial value of every IT project will become even more critical. The world changes and CIOs need to make sure that they pick their corporate friends very carefully!

CIOs who can survive in the new world of company leadership and who can find a way to make friends with both the CEO and CFO will be better at finding ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

When you think about someone trying to make off with your company’s private data, what comes to mind? Some wily Russian hacker who sneaks into your company’s network through the backdoor? Perhaps you need to update your thinking. A recent report from Cisco revealed that the real threat is coming from insiders. What’s a CIO to do?

Tags: , , , , , , , , , , ,
Posted in leadership | 1 Comment »

Can CIOs Drive Innovation & Boost Quality At The Same Time?

Monday, October 5th, 2009
How To Capture Innovation Without Going Broke

How To Capture Innovation Without Going Broke

How are you at walking and chewing gum at the same time? It’s sorta a classic challenge – do two different things simultaneously and do them well. CIOs are facing the challenge today – cut costs and simultaneously use IT to make the business more competitive. How hard can that be?

Say Hello To Six Sigma

If you’ve been to a book store recently and looked at any of the books in the business section, you may have been overwhelmed by the number of titles that had the words “Six Sigma” in them. Six Sigma is an approach to business that makes use of constant measurement and analysis in order to continue to optimize business operations.

Dr. Sara Beckman has researched this technique and points out that Six Sigma was invented at Motorola and popularized by Jack Welch at GE. If you apply it to how an IT shop goes about doing its work, it can be a great way to drive out costs and boost quality. However, it will do nothing to drive innovation.

Say Hello To Design Thinking

Design thinking is a new set of skills that are designed to drive innovative thinking. The starting point for design thinking is for solution designers (who else?) to start by focusing on what problems their customers are having on a daily basis. Once they understand the problems, the next step is to consider the wide universe of possible ways to solve these problems.

The Problem

Here in lies the problem. If you go out and talk to today’s CIOs you’ll find that they have generally implemented one of these two different solutions (Six Sigma is more popular because it’s easier to understand and measure).

This causes problems. It is possible to focus too much on driving out costs and then lose your way and not be able to provide the innovation in IT that is needed to keep the business competitive – this is the problem that HP is currently facing.

Likewise, if an IT department is too innovative and doesn’t watch the bottom line closely enough, then they can quickly drive themselves and the company out of business. The dot.com fiasco was a great example of this.

What’s The Correct Solution To This Problem?

You may have already guessed it, but the right way to solve this challenge is for CIOs to take the time to find a way to incorporate both the design thinking and the Six Sigma approaches into their IT departments.

The design thinking technique allows an IT department to find ways to explore new approaches to solving the problems that the business is facing. Six Sigma techniques allow an IT department to find ways to improve how they are currently doing things.

Final Thoughts

CIOs can’t allow their IT departments to become too focused on just one approach or they risk failing. Design thinking tries to find out what a good solution to a problem is while Six Sigma assumes that a solution is good and then goes about trying to make it even better.

CIOs who can find a way to reduce costs while at the same time driving IT innovation will be better at finding ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

The times they are changing. Let’s take a moment and have a talk about one of a CIO’s key survival skills: the ability to successfully negotiate office politics. Specifically, if you could only have one best friend, who should it be: the CEO or the CFO?

Tags: , , , , , , , , , ,
Posted in innovation | 3 Comments »

Newer Entries »