From securing IoT to retraining IT talent to finding new revenue streams, CIOs have more than their share of concerns keeping them up at night. By Paul Heltzel.
Each year we talk with tech leaders about the biggest problems they’ll face in the near future, and we’re starting to see some subtle and not-so-subtle shifts from the worries of 2018.
Data overload, a major concern 12 months ago, has evolved as new data-hungry tools and AI help make sense of data and drive business decisions. This year CIOs say they’re more concerned with how to protect that data, as organizations grapple with new privacy regulations.
As the economy continues to improve, CIOs are less hampered in 2019 by tightening budgets. And worries about moving to the cloud are less of an issue, since many companies have already made the jump. Executives put more emphasis now on securing their cloud-based assets across multiple cloud environments.
Read on to see what experts from the C-suite, recruiters, and those in the trenches say are today’s top-of-mind concerns — and how to deal with them.
1. New security threats
Headline-grabbing recent events may spark surprising new security threats, says Rick Grinnell, founder and managing partner of Glasswing Ventures.
“The government shutdown helped contribute to a great cyber threat to the U.S. government, critical infrastructure and other public and private organizations,” Grinnell says. “With the shutdown, many of the security professionals watching for threats at a national level were not on duty, creating a bigger hole for attackers. Time will tell if a month of lowered defenses will have deeper repercussions in 2019 and beyond.”
Tech leaders are also gearing-up for next-generation, AI-driven cyber-attacks.
“Security professionals must be extra vigilant with detection and training against these threats,” says John Samuel, CIO at CGS. “This year, companies will need to introduce AI-based protection systems to be able to contain any such attacks introduced by this next-gen tech.”
Grinnell says AI wasn’t a factor in the most notable attacks of the last year, but he expects that to change.
“I believe 2019 will bring the first of many AI-driven attacks on U.S. companies, critical infrastructure and government agencies,” he says. “Let’s hope I’m wrong.”
2. Data protection
Forward-thinking organizations are now implementing privacy by design in their products, but making sure those efforts meet GDPR standards is an ongoing concern. Google, for example, just saw a record fine by French regulators over how the company collects data.
“U.S. businesses will need to consider a GDPR-type policy to protect citizens even before any regulations are enacted,” Samuel says. “Ultimately, there must be international guidelines to ensure customer privacy and protection on a global scale to allow for easier compliance.”
Jacob Ansari, senior manager of Schellman and Co., says IoT security got a lot of attention last year, but it led to little practical change in the industry.
“The makers of IoT devices still use vulnerable software components, poor network and communication security, and are unable to supply software updates in the field,” says Ansari. “They’re still making essentially all of the mistakes everyone else made in the late 1990s and early 2000s. Oh, and your voice-activated home device is spying on you and the company that makes it will give your data to the wrong person by accident with little oversight or accountability. This also suggests that better data privacy legislation — at least in the U.S. — is a potentially hot topic for 2019, particularly in light of the events of recent elections. Nobody loved implementing GDPR in Europe, but its protections for ordinary people are decent.”
3. Skills gap
More than one of our sources mentioned the much-discussed skills gap in IT, but with a twist — some tech leaders now see the problem more self-inflicted than intractable.
“If you’re only looking at college graduates with computer science or electrical engineering degrees from the top ten universities in the U.S. then yes, there are hardly any candidates, and most of them are going off to the five largest employers,” says Tod Beardsley, director of research at Rapid7. “But the potential talent pool is so, so much larger than this, and companies would do well to explore this space a little more liberally.”
Sandra Toms, vice president and curator of the RSA Conference, says IT departments would help themselves by “plugging their skills gap with more diverse employees, and not just in terms of race and gender. Most IT hiring groups fail to look at diversity in life experiences, religion, backgrounds, sexual orientation, and education. Viewing diversity in a more holistic manner should open up a broader field of candidates and lead to higher levels of productivity.”
4. Multi-cloud security
When exploring new cloud-based services, CIOs now need to ask about security across multiple platforms, says Laurent Gil, security product strategy architect at Oracle Cloud Infrastructure.
“Traditionally, multi-cloud leads the enterprise to manage many different, often incompatible and inconsistent security systems,” Gil says. “We think that selecting cross-cloud, cloud-agnostic security platforms is now fundamental in ensuring consistency, and most importantly completeness of securing enterprise-wide assets regardless of where these assets are living.”
5. Innovation and digital transformation
According to Gartner data, about two-thirds of business leaders think their companies need to speed up their digital transformation or face losing ground to competitors.
Most companies will continue on the same path until they’re forced to do otherwise, says Merrick Olives, managing partner at cloud consulting firm Candid Partners.
“Tying IT spend to strategic business capabilities and answering the question ‘How will this make us more competitive?’ is essential,” Olives says. “Value stream-based funding models as opposed to project-based funding are becoming more and more effective at tying board-level objectives to budgetary influences. The cost structures and process efficiencies of legacy vs. a nimble digital capability are much different — nimble is less expensive and much more efficient.”
6. Finding new revenue streams
Ian Murray, vice president of telecom expense management software firm Tangoe, says that while the business landscape is ever evolving, the basic premise of making a profit is the same.
“The process to finding and exploiting revenue opportunities hasn’t fundamentally changed — find a problem that we can solve that is common, prevalent and that people will pay to solve,” Murray says.
What has changed is the emphasis on direct revenue generation landing in the CIO’s lap, says Mike Fuhrman, chief product officer of hybrid IT infrastructure provider Peak 10 + ViaWest.
“Maybe I’m old school, but I don’t think the CIO should be worried about directly generating revenue,” Fuhrman says. “I’m starting to see this pop up more and more among my peers. To stay relevant as a CIO, many are working to try and productize themselves. While there are benefits to thinking that way, I think it can also be a recipe for defocusing the team and the boardroom. When it comes to revenue-generating opportunities, the place the CIO belongs is focusing on those projects and digitizing the business into an automated platform at scale. We need to stay focused on driving costs out of the business and scaling from a go-to-market perspective. That’s how a CIO should focus on revenue.”
7. Lack of agility
Organizations that aim to incorporate agile methods sometimes end up limping along in a sort of hybrid model that incorporates agile practices but also more linear “waterfall” methods. In short, the worst of both worlds.
Tangoe’s Murray lays it out: “Developers are coding to specific spec sheets with little conceptual understanding of how this button or feature fits within the overall user experience. A disciplined approach is needed to pull this off, where the solution to specific problems are addressed within a certain release. Each release is then coordinated for a set of sprints so that a comprehensive solution that adds to the UX is achieved with every release and not just a collection of requested features that may or may not support one another.”
8. Outsourcing risks
The skills gap will lead many organizations to seek outside help. But these sometimes-necessary solutions can lead to concerns with reliability and security.
“Our main focus is to deliver on the promises we make to each customer,” says Sanchez. “You build your reputation and business on this one critical thing. In outsourcing your work, the quality of the deliverable is sometimes at the mercy of the firm you outsourced to. Given the sensitive nature of the projects we manage, we utilize strict third-party vendor assessments to evaluate partners in the event a project requires us to consider outsourcing some or all of the required tasks.”
In addition to quality concerns, outsourcing opens up security threats that are well known. “The specific threats for CIOs that should be top of mind are the insider and the contractor,” says French Caldwell, chief evangelist with MetricStream and a former White House cybersecurity advisor. “Until we move away from passwords for credentials, humans will continue to be the biggest threat.”
9. Business results
Matt Wilson, chief information security advisor at BTB Security, says there’s a disconnect between what’s set aside for the IT budget and measurable results for the business.
“Most organizations haven’t taken a hard, brutally honest, look at their current spend,” Wilson says. “There’s often too much momentum behind the way things are currently done, the solutions already acquired, and the processes built over a decade to allow for any meaningful change. Instead, organizations may cobble together partial solutions that can’t ever fully address the root of the IT challenge — for example, Equifax not patching a known vulnerability. We live with IT pain. We waste dollars. We frustrate our talented resources with solvable problems that are rendered completely impossible in our companies by momentum. For 2019, we should refuse to be captive to history.”
10. Tools for a digital native workforce
Christian Teismann, SVP of global enterprise business at Lenovo, argues that a new workforce of employees who grew up with digital technology demands new ways of working that will boost the bottom line.
“Gen Z, for instance, expects control over the types of technology available to them,” Teismann says. “They favor the technology they grew up with and use in other spheres of their lives in the workplace — as well as a recognition of personal and cultural elements. Tech-enriched, assistive spaces that are configurable and flexible will continue to trend.”
11. Rebuilding trust
Isaac Wong, software engineering manager at Retriever Communications, calls 2018 a “bad year for IT publicity,” based on a number of well publicized hacks of large companies and questionable sharing of customers’ online habits.
“Issues such as privacy, security and device addiction must be addressed immediately by big and small players in the industry,” Wong says. “As a sector we have to be responsible corporate citizens. We need to show that we care about the people we claim to be serving and act in their best interest. People trusted us and we should be very respectful in honoring that.”