The Chief Information Officer (CIO) is the person in charge of information processing in an organization. This mainly covers system architecture, development, database management and overall operational security.
The CIO plays an important role in allocating budgets for IT spending, to benefit from an efficient infrastructure and offer efficient services to employees. The CIO is also a key element in developing new business opportunities exploiting digital technology.
However, in the face of the upheavals of our modern society and the digital boom that has transformed businesses, CIOs must continually adapt the information system to changes in organisation and the development of new activities.
Indeed, the expansion of mobile technologies, the mass deployment of mobile devices, the explosion of social networks and behaviours, the arrival of IOT (Internet Of Things), as well as advances in data analysis and artificial intelligence or the adoption of Cloud computing, are among the major disruptions induced by digital.
Faced with these, the companies that will survive these profound changes will be those that have been able to adapt their information systems and their digital approach.
An information system that will become more of a multimodal and hybrid System of System.
Two issues then emerged:
Should we consider a loss of "power"?
Should the skills of the organisation chart be developed so that the CIO can play a more strategic role?
This is what we will try to figure out via analysis of four main axes: the impact of digital on business lines, the impact on the organization, the impact on the consulting and strategy dimension and finally the impact on security.
1. The impact on the business lines
Cloud and SaaS (Software As A Service) software are an integral part of the daily life of CIOs, especially since senior management and finance have fully understood the financial benefits of these solutions, which make it possible not to invest in IT expenses (CAPEX) but rather to establish operating expenses (OPEX).
However, whether it is outsourcing IT architecture or implementing SaaS solutions, the cloud fundamentally challenges the technical work that IT technicians can do. Effectively, the system administration part is handled by the cloud solution provider.
The CIO then is faced with his system and network administrators, who no longer wish for the company to occupy its initial position. It is therefore his duty to consider the evolution of these people towards new horizons, either through evolving their skills to take on a new position or through a new direction for their career.
By competency evolution, we mean different aspects resulting from the implementation of Cloud solutions. Effectively, application and technological building blocks are integrated into the IT architecture and require knowledge and mastery of the transverse vision as well as aspects of security, mobility, and processes.
An opportunity for the CIO and HR who can develop all or part of the system and network administrators for a position such as IT architect, increasingly sought after on the job market.
2. The impact on the organization
In 2005, the term BYOD first appeared in a document written by Rafael Ballagas, explaining the increase in the number of users interacting with screens at public events, using their own devices.
This phenomenon became widespread in 2009, when many employees used their private smartphones to check business emails. These days, more and more people are bringing their tablets, PCs, and other devices to use for work, or backing up corporate data on their personal Cloud storage such as Dropbox or Google Drive for example.
That's when the consumerization of IT appears, a term meaning the use of consumer products and software to do one's job. But it doesn't stop there.
Indeed, with the appearance of external SaaS solutions, employees are integrating new tools into their professional dimension, which have not been approved by the IT department, but which are seen as innovative solutions to work better.
We then speak of Shadow IT, which is a term used to describe phantom computing that raises new issues concerning the security and organisational aspects of the ISD.
This points to an upheaval in the organisation: employees are now actors in the digital revolution of the company and become stakeholders in the choice of collaborative and operational tools. Thus, the evolution of the information system will be initiated more by the business departments, leading to profound changes in the traditional pattern of IT evolution.
The ISD would then play a support role to help the business departments to successfully complete their project, as their function is the only one that can make the right decisions for security management and integration with existing tools.
The IT department organization traditionally structured on a pyramidal model will thus have to evolve towards an agile model with a star structure for optimal collaboration with project teams. Some will fear a loss of power for the IT department, while others will see it as an asset for involving business resources.
3. The impact on the consulting and strategy dimension
All companies have taken digital technology into account in their strategic thinking in order to digitize their organization as much as possible. Business strategy therefore takes precedence over IT strategy, provided that the IT architecture is optimal and efficient, and that it can accommodate this digitization of the business.
The IT department is then directly impacted, since it must reinforce its transverse vision of the company's business challenges and must be proactive in finding digital solutions that improve the organization's productivity and/or efficiency while being compatible with the systems in place.
The consulting and strategic dimension of the CIO's position is then enhanced, enabling him to better anticipate the evolution of business needs and improve the company's digital culture. Its role in company 3.0 is consolidated and justifies an increased presence on executive committees so that IT is integrated more upstream in the reflections on the evolution of the company's business models.
4. The impact on safety
The digitalization of organizations and businesses is paving the way for new security vulnerabilities, threats that CIOs are not always ready to face.
In fact, in a hybrid context (Cloud + site), more than a third of CIOs consider their skills in managing IT infrastructure security issues to be insufficient.
According to a Ponemon Institute survey for Gemalto, the world leader in digital security, securing data in the Cloud remains a challenge for businesses.
54% believe it is more difficult to protect sensitive information in the Cloud. Furthermore, controlling and restricting user access represents 67% of respondents' concerns. Another issue is the inability to ensure security compliance of cloud service providers.
Although CIOs are aware of the risks and potential problems for their infrastructure, if an attack does occur, the consequences will generally be significant, both financially and in terms of the company's reputation.
However, the majority of European companies are still knowingly using technology that is mainly designed to protect a perimeter in the traditional way, based on network monitoring.
Securing the network using security analysis or user behavioural analysis and anomaly detection to detect breaches before they enter the system is a low concern for the majority of these European companies. Only 15% have a strong interest in this area.
It is therefore necessary to review risk and security management in order to effectively protect corporate data, especially when it is hosted in the Cloud or in hybrid mode.
Finally, the Ponemon Institute's report concluded that it is essential for the IT department to define a global policy in terms of governance and compliance, as well as to establish rules for the data that would be in the Cloud.
Ensuring data protection by limiting "shadow IT" through encryption can be an effective method, as can further controlling user access, for example by incorporating multi-factor authentication (which has become commonplace with cloud solution providers such as Microsoft, Google, or Dropbox for example).
CIOs are therefore undergoing a real revolution in their profession as well as in the organization for which they are responsible. This represents a real opportunity to transform the ISD into a real accelerator of digital transformation and growth. The loss of power is not to be feared, but the revaluation and evolution of the organizational chart is becoming a priority.
Editor: David Pochet / Digital Project Manager / April 2017 / © Darest Informatic Ltd 2017
Comments are closed.