Is The CEO Letting The CIO Off The Hook On Corporate Data?
A recent Symantec study found that 62 percent of employees believe it’s acceptable to send work documents to personal computers, tablets, smartphones or through online file sharing applications like Google Drive and Dropbox. Over half stated that their willingness to engage in such activities stems in part from their companies’ lax policies surrounding data protection.
What’s more, entire departments have begun turning to options outside of the corporate data center (think Amazon Web Services) without bothering to keep their IT staff in the loop. With so-called “shadow IT” creeping into every corner of the enterprise, some may wonder whether CEOs are turning a blind eye to the risk and letting their CIOs off the hook. After careful consideration, the answer may surprise you.
With a growing number of cloud and Software-as-a-Service (SaaS) apps available at their fingertips, employees and whole departments are taking the initiative to use these technologies to become more productive. And these tools are sticking. SaaS applications are becoming an increasingly important part of the way employees get work done. It’s not that workers are circumventing IT for malicious reasons. More often than not, routing through IT is simply viewed as a bottleneck to authorizing a solution that’s already proven successful.
This creates a twofold problem: a misconception around the IT department’s role and a lack of employee understanding when it comes to the potential security risks of their actions.
An IT paradigm shift
The solution? Executives—both CEOs and CIOs—must work on developing a vision for the new role of IT within their organizations. Instead of acting as gatekeepers that limit project turnarounds and data accessibility, IT must act as an enabler that’s pushing the business forward strategically. Building an environment where IT solves (rather than creates) business challenges will encourage business lines to establish a more open, honest dialogue with the IT department about their needs.
Morphing IT departments into these “service brokers” calls for direct intervention from upper management. Redefining processes to be more inclusive of IT in the corporate strategy is the fundamental shift and the most important move that corporations should make in the wake of trends like BYOC, mobility and cloud computing.
The role of the CEO
Through this shift, the CEO’s duty is to make sure the right strategy is in place to move IT forward, appease the demands of staff members and best serve customers’ expectations. This means:
- Giving IT a seat at the table when discussing corporate strategy and line of business goals.
- Having IT educate lines of business on new trends in technology through events like “lunch and learns” or their own internal blog.
- Raising awareness among various business lines’ awareness that IT is there to offer support and guidance.
- Evaluating whether you have the right partnerships in place to accomplish your goals, or whether you should invest in new partnerships.
The role of the CIO
Redefining IT’s role within a company sounds like an abstract task. It’s the CIO who must turn it into a tangible action. This includes:
- Acting as the liaison between the CEO, the IT department and the lines of business.
- Spending time outside of IT to understand departmental needs across the organization, and aligning those with IT’s security and governance concerns.
- Emphasizing shadow IT education and awareness, so all staff end-users become good corporate citizens.
- Establishing best practices around cloud use and corporate data.
With the CEO and CIO focusing on planning and strategy, it’s up to IT to actively reshape the way their department and the entire business functions by:
- Identifying current technologies (authorized and unsanctioned) being used within the business. Having this snapshot makes it easier to educate employees on the risks of using certain applications and determine where vulnerabilities need to be addressed.
- Compromising. If an app or service needs to be nixed due to a compliance or regulatory issue, IT should research and provide an alternative that meets business needs while still being corporately responsible.
Ultimately, the CEO isn’t letting anyone off the hook. The real opportunity is to change the perspective of IT and improve the relationship between IT and the lines of business. With a broader dialogue within the C-suite, and vertical collaboration between upper management, IT and general staff, organizations can unite under a new IT dawn – and today’s emerging business technologies can finally come out of the shadows.