Evolving Technology: A Challenge for CIOs
Role as a CIO
As CIO, I have seen my role continue to evolve as our business grows and changes and new technologies are introduced. There is continued pressure, due to agile business strategies and market conditions, to stay competitive and remain a leader in our industry. There is an increase in requests for IT systems from our business stakeholders, in-turn putting pressure on the CIO to evaluate products and roll out new technologies and applications with less time and money. This also puts pressure on staff to acquire new skill sets to manage multiple systems providing better support, a secure environment and faster access to applications without increasing our head count.
"As our company grows and we take on new and diverse acquisitions, the challenges will force us to look at more cloud and virtualized technology solutions"
In addition, we have been in a heavy acquisition mode for several years now and that has demanded that my team be very agile and flexible as we bring other companies on board. The companies we acquire are usually family owned businesses that have no IT staff and depend on local providers to help them. The systems of the acquired company are small business systems and the users can make changes and do just about anything they want. These small companies don’t typically have user access policies, security policies, data protection policies, mobile device management policies, regulatory policies or standards for acquiring software, hardware and networks as our company do.
Helena’s policy is to get the acquired businesses onto our network, hardware, and systems as soon as the sale closes. This takes a tremendous effort between the business leaders, Legal, Regulatory, Accounting, Credit, HR and IT to get networks in place, hardware ordered and systems configured so that the system is ready within days after close. Timing is critical to the success of these acquisitions.
Change is always hard, but these newly acquired employees are going from a business and system with very little, if no controls and policies, to a large corporate environment where controls and security are very strong to protect our company and data as well as meet our Regulatory reporting and J-SOX and Financial Statement audit requirements. The newly acquired employees have a difficult time accepting such strong policies, procedures and controls. It is the duty of the full acquisition team to help make this process go smoothly and lessen the pain for the acquired employees. Explaining why they cannot continue to run as they did before they were acquired has to be done in the right way so that they see the benefit to them. My team has to excel at customer service skills and be very patient while still being direct and moving toward the end result. We get them on our systems as quickly as possible and provide them all the training and support they need with the transition. Our goal is to welcome the new employees into our company and help them understand the advantages of our company and culture, even though we have a lot of controls, policies and procedures.
As our company grows and we take on new and diverse acquisitions, the challenges will force us to look at more cloud and virtualized technology solutions as well as our on-boarding process. This will allow us to roll out new systems quicker and set up new employees with less effort thus making change a bit easier for everyone.
Data Breaches Questioning IT Security
Today’s CIO faces tremendous challenges in the area of security with data breaches leading the concerns. The high level breaches such as the U.S. Government’s Office of Personnel Management – records of 22 million current and former federal employees, Health Insurers – Anthem and Premera, and of course the infamous social media site – Ashley Madison, tell all CIOs that it is not if our companies will get breached but when and how. External research and our own experiences tell us that internal users continue to be our biggest threat, both from innocent acts as well as malicious ones. Training our technology teams in all levels of preventing, monitoring and detecting breaches is not enough when the user offer the largest threats. We must focus on training the end users in all aspects of security and let them know that each person is responsible for the security of the company and that they can personally be affected if their information is breached.