Posts Tagged ‘business it alignment’

« Older Entries

Poisonous Snakes, Sharp Knives, And Angry Natives: How Much Risk Can You Handle?

Monday, October 19th, 2009
CIOs Know That Security Threats Can Strike At Any Time

CIOs Know That Security Threats Can Strike At Any Time

Ok CIO wannabe, we’re right in the middle of a global financial crisis and your IT budget has gotten slashed so much it looks like Freddie Krueger has come back and had his way with it. What are you going to do about your spending on security programs: cut ‘em, hold the line, or spend more. Whoops – that was a trick question: all of the answers will get you in trouble.

What The Other Guys Are Doing

Before making any big spending decision, any self-respecting CIO will do what all leaders do – try to find out what the other guys are doing in the hopes that you can just copy them. Well, in this case you’ll be getting mixed signals.

A survey done by Information Week magazine revealed that 19% of CIOs are cutting their security spending. On top of that, only 27% of the surveyed CIOs are planning on increasing their security budgets – that leaves roughly 50% doing the same old thing.

Its starting to look as though the final remaining sacred cow of IT budgets, spending on securing the enterprise’s IT assets, has finally fallen under the budget trimming axe. This is an excellent opportunity to learn how to be a better CIO: cut too little and the company goes under, cut too much and the company may get sued when your defenses are breached.

What’s Worse: Poisonous Snakes or Sharp Knives?

Here’s another part of your CIO quiz: when your security budget comes under fire and you know that you’re not going to be able to save the whole platoon, who do you pick to live and who do you let die? Tough call eh? That Information Week CIO survey revealed that most CIOs have decided that any security program that deals with compliance in some way, shape, or form needs to be saved.

In the end, CIOs are finally starting to realize that an effective corporate IT security policy consists of just two things:

  • Managing Risk
  • Protecting Data

Don’t Forget About The Angry Natives -
How CIOs Prioritize

If the job was easy, then anyone could be a CIO. The CIOs who get it, those who understand what effective IT security is really trying to do, know that the first thing that they have to do is to determine the company’s overall appetite for risk. If the company has an appetite for a lot of risk, then the CIO can trim the IT security budget to the bone. Otherwise, cut with care!

Successful CIOs realize that the right way to go about setting up an IT security program is to start by realizing that you can’t protect everything to the same level and so you need to identify what IT assets are the most valuable to the company. Once you know this, you need to take the next step and estimate the likelihood that those assets might be lost.

Only after you have both of these pieces of information can a CIO have the IT team start to create security programs and put systems of controls in place to protect what needs to be protected. Although compliance programs are on everyone’s minds in these tough economic times, CIOs need to keep in mind that such programs are not always in line with security best practices.

Final Thoughts

If you want to have any hope of ever being a successful CIO, you’ve got to learn to be able to make the tough calls when it comes to funding corporate IT security programs. Although putting measures in place in order to make sure that the company remains complaint with regulations is good, it’s not nearly enough.

Taking the time to properly value your corporate IT assets and identifying what kinds of risks this data faces is the critical first step that too many CIOs skip over. Take the time to do this correctly and you’ll be well positioned to deal with poisonous snakes, sharp knives, and angry natives. Now if we could just find some way to deal with those pesky rampaging elephants…

What do you think should be a CIO’s #1 security concern: remaining in compliance or dealing with the security threat that comes from outside?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Ok all you CIOs wannabes, guess what one of your first problems is going to be once you assume control of the IT department? No, not that innovation thing. Nor will it be finding new ways to cut costs. Somewhat amazingly considering that we are living in the enlightened 21st Century — you will need to find more women

http://www.theaccidentalsuccessfulcio.com/wp-admin/

Tags: , , , , , , , , , , , ,
Posted in security | 2 Comments »

Lab Rats Invade A CIO’s World

Wednesday, October 14th, 2009
What Is A CIO To Do With An R&D Lab?

What Is A CIO To Do With An R&D Lab?

I work in the telecommunications field a lot and the gold standard of corporate R&D labs has always been Bell Labs. These guys have created amazing things that we all take for granted today: transistors, fiber optics, etc.

Since most firms have no idea about what to do with their corporate research facilities, responsibility for the labs often falls under the control of the CIO (because most firms don’t know what to do with IT either). Great. So what’s a CIO to do when he/she is responsible for a corporate R&D lab?

The Times They Are A Changing

So why did companies set up their research labs in the first place? Simple, they needed a source of innovation that they could harness in order to become more successful. Unfortunately, the Internet came along and the wheels have fallen off this truck.

In the old days (the early 90′s), researchers used social networks to exchange information and drive their research forward. No, not Facebook or Twitter – we’re talking about the early 90′s here. They used the REAL social networks that formed when researchers went to conferences or met in the lunchroom.

The arrival of the Internet has turned this world upside down. If you can connect with anyone over the Internet, then why would you even bother to have a corporate R&D lab?

It turns out that there is still a reason for corporate R&D lab, it’s just that they are going to be much smaller and the value of even having an R&D lab will go down.

CIO’s And The New Era Of R&D

Steve Lohr over at the New York Times has been talking with folks in the corporate R&D world to find out what the future of R&D Labs is going to look like.

Pull the cover off an R&D lab and you’ll discover a machine that can turn ideas into products. In the future, the ideas that a business can turn into a product (which is what a business is in business to do) won’t come from a lab, instead they will be coming from all over. Wow, what a mess.

In the future companies aren’t going to be able to afford to have the old style R&D labs. These labs were paid for by corporate profits. Once again, that dang Internet thing has come along and leveled the playing field and those corporate profits are now under pressure from everywhere. Now that they are gone, there’s no way to pay for old-style R&D.

The new way (practiced  by HP, GE, and IBM) is for CIOs to transform what a corporate R&D lab does. The new role for an R&D lab is for it to act as a communications hub between researchers who can all be located at remote locations.

The sources of new ideas can be universities, start-ups, other businesses, and even government labs. Researchers will have to start acting like human Googles and start sucking up all of the information that they need to create products that their firms can sell.

Final Thoughts

CIOs who find themselves in charge of a company’s R&D labs have a delicate challenge on their hands. No matter how successful the labs have been in the past, the past is the past and what worked then will no longer work. CIOs need to move aggressively to transform how R&D research is done.

Realizing the Internet changes everything, CIOs will have to create an R&D “hub and spoke” logical design where the corporate R&D team funnels communications between multiple parties in order to move innovation along. Ultimately, when enough information has been gathered to allow a product to be created, then a CIO will know that his / her R&D lab is doing what it needs to do.

My question to you is do you think that today’s CIOs have the skill that is need to pull this kind of R&D lab transformation off?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Ok CIO wannabe, we’re right in the middle of a global financial crisis and your IT budget has gotten slashed so much it looks like Freddie Krueger has come back and had his way with it. What are you going to do about your spending on security programs: cut ‘em, hold the line, or spend more. Whoops – that was a trick question: all of the answers will get you in trouble…

Tags: , , , , , , , , , ,
Posted in innovation | No Comments »

The Insider Threat: What CIOs Need To Know

Monday, October 12th, 2009
CIOs Know That Insiders Represent The Biggest Threat (c) - 2004

CIOs Know That Insiders Represent The Biggest Threat (c) - 2004

When you think about someone trying to make off with your company’s private data, what comes to mind? Some wily Russian hacker who sneaks into your company’s network through the backdoor? Perhaps you need to update your thinking. A recent report from Cisco revealed that the real threat is coming from insiders. What’s a CIO to do?

Identifying The Threat

By now all CIOs realize that their corporate networks and data are under almost constant assault. However, most of the steps that CIOs have taken to secure their networks have been designed to defend themselves against the attacker who comes from the outside.

Information that was revealed in the Cisco report included that workers are sharing corporate information with outsiders for a variety of reasons. These include sharing data simply in order to get an outsider’s opinion on something, to show off work that they’ve done to others, etc.

On top of the active taking of corporate data, Cisco’s report revealed that some 66% of those who responded admitted to engaging in activities that would allow someone else to access corporate data (things like not logging off and then leaving their computers on at work overnight!)

Data Loss Prevention

If a CIO ever wants to get to sleep again, something has to be done to solve the data loss threat that insiders pose to the firm. There is no magic bullet, but one approach to dealing with this problem is to deploy a data loss prevention (DLP) suite of tools.

In true “big brother” fashion, a DLP suite generally consists of a network scanner coupled with multiple tools that allow an IT department to collect information on what data is being used and by whom.

Before moving forward with implementing a DLP solution, CIOs need to take the time to prepare to use this new set of tools. The steps involved include:

  • Secure The Important Stuff: before you go worrying about trying to secure how data is used throughout the enterprise, first identify the most important data and ensure that it is locked down.
  • Close Your (Network) Doors: before you can worry about insiders doing you harm, you need to make sure that outsiders can’t get in. This requires analyzing both your network ports and the protocols that the company’s network is using to make sure that they are secure.
  • Create A Baseline: in order to detect when the wrong things are being done, you need some way to detect them. Creating baselines such as point-in-time content signatures for sensitive data stores is a first step in doing this.
  • Start Inspecting Traffic: the way that you can prevent information from going to internal sources that don’t have a need to know is by installing automated network traffic inspectors. Setting parameters so that notifications of data breeches are flagged will do a great deal to prevent data loss by internal threats.

Final Thoughts

The value that a CIO brings to a firm is that he / she is able to harness IT resources in order to help the company succeed. As part of this task, the CIO is also responsible to make sure that sensitive corporate data remains secure from both external and internal threats.

CIOs that learn how to deploy DLP solutions in order to protect against the data loss threat from insiders will be better at finding ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Since most firms have no idea about what to do with their corporate research facilities, responsibility for the labs often falls under the control of the CIO (because most firms don’t know what to do with IT either). Great. So what’s a CIO to do when he/she is responsible for a corporate R&D lab?

Tags: , , , , , , , , , , ,
Posted in security | 1 Comment »

Who Should A CIO’s BFF Be: The CEO or The CFO?

Wednesday, October 7th, 2009
Worldcom's Bernard Ebbers Would Have Been A Bad Friend For CIOs To Have

Worldcom's Bernard Ebbers Would Have Been A Bad Friend For CIOs To Have

The times they are changing. Let’s take a moment and have a talk about one of a CIO’s key survival skills: the ability to successfully negotiate office politics. Specifically, if you could only have one best friend, who should it be: the CEO or the CFO?

Changes In The Workplace

The workplace that a CIO works in looks nothing like it did as little as 10 years ago. The changes that have happened have reshaped the boundaries of power. The CEO used to be the rock star who acted as a visionary leader. Think of Bill Gates, Tom Siebel, and Larry Ellison. However, the corporate scandals that rocked the business world at the start of the new millennium (i.e. Worldcom, Enron, etc.) has created the need for a change at the top.

Philip Tulimieri and Moshe Banai have taken a look at the that changes that have been taking place in the C-suites of major firms. They believe that a new focus on ensuring accountability by the senior executives, especially the CEO, plus the arrival of new regulations such as the Sarbanes-Oxley Act have changed who investors want to have running the company.

In the past, CFO were generally in the shadows of the CEOs – simply acting as mangers of the company’s money and trying to make sure that the company didn’t do anything too wild that they couldn’t pay for. This is all changing now.

The Arrival Of Co-Leaders Of A Company

In today’s corporate world, the balance of power is shifting. No longer is the CEO the only person running the show. Instead, the CFO is now playing a larger role – sorta a co-leader if you will.

The roles of a CEO and CFO are still different. A CEO has the responsibility of always being positive and working to move the company forward at all times. The CFO, on the other hand, is responsible for making sure that the company approaches every situation with caution and does its best to minimize the risk that it is being exposed to.

Tulimieri and Banai have made the interesting discovery that the rise of the CFO has meant that the role of the Chief Operating Officer (COO) has started to decline. The CIO is also responsible for this – that automation of much of a firm’s back office operations has reduced the need for the COO.

What’s A CIO To Do?

CIOs need to navigate these new corporate political waters very carefully. Yes, the CEO is still an important ally to have on your side; however, no longer is this enough – now you also have to be on good terms with the CFO.

One of the biggest challenges going forward will be keep both leaders happy. It’s important to realize that there will be disagreements between the CEO and CFO and that’s when the CIO needs to be most careful.

The challenge for any CIO is on which relationship should the most time should be spent. This will be different for every company. However, the CIO has the opportunity to show a great deal of value by facilitating communication between these two executives.

Final Thoughts

A CIO who can provide the information that a CEO needs in order to drive the company forward while at the same time providing the information that the CIO needs in order to measure the risk, will be seen as valuable.

The arrival of the CFO at the top of the company’s decision making structure means that being able to measure the financial value of every IT project will become even more critical. The world changes and CIOs need to make sure that they pick their corporate friends very carefully!

CIOs who can survive in the new world of company leadership and who can find a way to make friends with both the CEO and CFO will be better at finding ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

When you think about someone trying to make off with your company’s private data, what comes to mind? Some wily Russian hacker who sneaks into your company’s network through the backdoor? Perhaps you need to update your thinking. A recent report from Cisco revealed that the real threat is coming from insiders. What’s a CIO to do?

Tags: , , , , , , , , , , ,
Posted in leadership | 1 Comment »

Can CIOs Drive Innovation & Boost Quality At The Same Time?

Monday, October 5th, 2009
How To Capture Innovation Without Going Broke

How To Capture Innovation Without Going Broke

How are you at walking and chewing gum at the same time? It’s sorta a classic challenge – do two different things simultaneously and do them well. CIOs are facing the challenge today – cut costs and simultaneously use IT to make the business more competitive. How hard can that be?

Say Hello To Six Sigma

If you’ve been to a book store recently and looked at any of the books in the business section, you may have been overwhelmed by the number of titles that had the words “Six Sigma” in them. Six Sigma is an approach to business that makes use of constant measurement and analysis in order to continue to optimize business operations.

Dr. Sara Beckman has researched this technique and points out that Six Sigma was invented at Motorola and popularized by Jack Welch at GE. If you apply it to how an IT shop goes about doing its work, it can be a great way to drive out costs and boost quality. However, it will do nothing to drive innovation.

Say Hello To Design Thinking

Design thinking is a new set of skills that are designed to drive innovative thinking. The starting point for design thinking is for solution designers (who else?) to start by focusing on what problems their customers are having on a daily basis. Once they understand the problems, the next step is to consider the wide universe of possible ways to solve these problems.

The Problem

Here in lies the problem. If you go out and talk to today’s CIOs you’ll find that they have generally implemented one of these two different solutions (Six Sigma is more popular because it’s easier to understand and measure).

This causes problems. It is possible to focus too much on driving out costs and then lose your way and not be able to provide the innovation in IT that is needed to keep the business competitive – this is the problem that HP is currently facing.

Likewise, if an IT department is too innovative and doesn’t watch the bottom line closely enough, then they can quickly drive themselves and the company out of business. The dot.com fiasco was a great example of this.

What’s The Correct Solution To This Problem?

You may have already guessed it, but the right way to solve this challenge is for CIOs to take the time to find a way to incorporate both the design thinking and the Six Sigma approaches into their IT departments.

The design thinking technique allows an IT department to find ways to explore new approaches to solving the problems that the business is facing. Six Sigma techniques allow an IT department to find ways to improve how they are currently doing things.

Final Thoughts

CIOs can’t allow their IT departments to become too focused on just one approach or they risk failing. Design thinking tries to find out what a good solution to a problem is while Six Sigma assumes that a solution is good and then goes about trying to make it even better.

CIOs who can find a way to reduce costs while at the same time driving IT innovation will be better at finding ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

The times they are changing. Let’s take a moment and have a talk about one of a CIO’s key survival skills: the ability to successfully negotiate office politics. Specifically, if you could only have one best friend, who should it be: the CEO or the CFO?

Tags: , , , , , , , , , ,
Posted in innovation | 3 Comments »

« Older Entries