Guiding Tech Strategy and Innovation
While highly dependent on the organization that employs the CIO, there are certain responsibilities that surface more often than not. Those include:
- managing technology infrastructure,
- overseeing IT security,
- managing data,
- and collaborating with other executives to align IT strategy with overall business objectives.
Managing Technology Infrastructure
My favorite phrase uttered by IT Leadership is, “we’ve spent hundreds of thousands of dollars on this infrastructure and it works for us.” While there are budgetary constraints that do affect those decisions, most of the time the reasoning is a lot simpler: they just don’t want to do the extra work.
Infrastructure is ever-changing. Any time that new additions are added to the network, you need to worry about security and overall usefulness of the product. If it’s not working as intended, why not start browsing for something else? Having the status-quo mindset tends to lead to technical debt. Everyone talks about it, but most don’t reflect on it truthfully. Does technical debt plague your organization?
Even if everything is running smoothly, is there anything new in the market? Does it increase productivity? Is it cheaper? A simple, personal example is the organization’s phone system, particularly the 800 numbers. While the company was paying $500/month/location for standard lines, it could have been significantly cheaper. We contacted AT&T and switched the lines to our VoIP system bringing the bill down to $2.00/month/location. That’s not a typo: it really was a saving of $498.00/month/location on the low end (some locations were using the 800 numbers substantially more).
Thinking about how to save the company money by simply modifying existing services is a key responsibility of any CIO.
Overseeing IT Security
Be careful with introducing new software and hardware into your infrastructure. The more you have, the higher the chance of something going wrong. While basic Cybersecurity practices cover your organization from majority of the threats, sometimes you have to worry outside of the basics.
Remember Log4J? With this vulnerability, it was a race against the clock. Everyone was trying to patch the software they were actively working on. Have off-the-shelf products? You’re at the mercy of the vendor for those updates. Pretty much anything that was connected to the internet was vulnerable, like VoIP phones for example. We had to request for a patch and load it ourselves in order to secure our systems.
You’ve also heard that the biggest weakness in any organization is the user. That’s right. Regular education is crucial through SAT (Security Awareness Training) and Phishing tests.
Another Security Risk scenario that often gets bundled with the CIO’s team is the one that hasn’t occurred yet. You might have guesses what those exercises are: tabletop exercises for business continuity planning.
The CIO leads tabletop exercises with the organization and incorporates the necessary teams. They don’t always need to be compromised emails. What happens, for example, if the power goes out to the data-center? What happens if the VPN crashes? Tabletop exercises help poke holes in Standard Operating Procedures (SOPs), so make sure to update those as you’re performing them.
Managing Data
Anything that deals with data falls under the CIO’s jurisdiction, especially when it’s concerning with the flow of data, the confidentiality of data, the integrity of data, and the availability of data. If you’re seasoned, you should know that I’m referencing the CIA triad.
This is a lot easier than it sounds. When data is corrupted, it doesn’t matter which department it affects, the CIO is the first person on the call. You need to make sure that the data is available and backups are performed routinely.
One way that businesses often overlook data management is with expansion. The individuals believe that the size of the business will always remain the same. Mergers and Acquisitions occur all the time, so there’s a chance that your company will acquire another one. Bringing data from that company and merging it with yours can be significantly less painful if proper planning was put into place beforehand.
Aligning IT Strategy with Corporate Strategy
Most companies will either hire a CIO that’s too business focused or too IT focused. Neither are particularly great for the company for the obvious reasons: IT focuses too much on IT and business focuses too much on business.
If your organization has a board, that board will bring in the C-Suite that will help manage the company. A corporate strategy is developed and approved by the board.
A subset of that corporate strategy is the IT strategy. It’s not enough to have email functioning without any issues. The question becomes, how does the IT strategy align with the corporate strategy? In other words, how does IT provide value to the organization instead of just a service?
Any new projects that IT brings into the company should be justifiable through the IT-Corporate strategy. For example, having individuals on multiple email systems doesn’t hurt anyone, right? Some can be on Gmail, others can be on Microsoft 365, who cares if everyone is on the same system?
Well, the CIO should. Think about the amount of time wasted when individuals can’t send a direct message to someone through software like Teams. How about scheduling meetings? What happens when you need to add 10 individuals to a call and you can’t see anyone’s calendar?
Think about how merging those tenants increases the overall communication and collaboration internally. Increased communication can mean a difference between a sale and a wasted opportunity, and when you start expanding that, it could mean a difference between a successful and an unsuccessful business.
Summary
While there are countless responsibilities that fall on the CIO’s shoulders, these are some of the key ones. Whether you’re a CIO or employ one, have a discussion related to the key responsibilities. Missing any of these will likely lead to a company that’s not performing at its best.