Disruptive CIOs Focus On Business Outcomes

The Renaissance was possible because of dissemination of ideas from the later 15th century. The availability of paper and the subsequent invention of the printing press in 1445 forever changed the lives of people in Europe and, eventually, all over the world. Previously, bookmaking entailed copying all the words and illustrations by hand, often onto parchment or animal skin. The labor that went into creating books made each one very expensive to make and acquire. The advent of the printing press helped produce books better, faster, and cheaper and led to disruptive cultural revolution.

We are experiencing a very similar phenomenon today. We are in the midst of digital disruption. The printing press of our time is platforms such as social, mobile, cloud and analytics that help propagate value to our customers better, faster and more cheaply than previously available options. So whether you are on board or not, this disruption is taking place; the two choices you have are: become a disruptive CIO or be disrupted.

Read more

Three Barriers Holding Back CIOs

Today, with technology embedded in virtually every business process and market dynamics changing at a mind-boggling pace, the role of CIO is rapidly changing from a technology manager to a business executive. CIOs need to be influential business partners that are not just collaborating with the business but co-creating solutions for the organization. But many CIOs are struggling to get there. In a recent Forrester survey, 54% of business decision-makers said that IT does not understand the business issues and priorities to tackle them. Business decision-makers also recognize the importance of technology to their business models: 75% said technology is too important to them not to get involved in. So the message is clear: if the CIOs don’t step up, businesses will find ways to source technology through other means — and many already have. 

Forrester has identified three key barriers to CIO success:

  • Brittle processes and legacy systems. Brittle processes are created when you have technologists thinking in binary terms while developing business solutions. Compounding the problem is the fact that these processes are embedded (in many cases hard coded) into legacy systems.
  • Victim mentality. This is probably the most common one on both sides of the aisle. Business folks often love bashing IT on their speed and responsiveness, while IT often feels they are asked to do the impossible. Many CIOs feel that they could be real business partners only if the business considered them an equal and gave them an opportunity to be so.
  • Bulletproof solutions. Often the need for agility and speed outweigh performance requirements, yet IT processes are not built to be agile. Anything coming out of the IT shop has to be bulletproof, scalable, integrated and highly redundant.
Read more

CIOs: Collaborate With Your Peers And Forrester Analysts To Discuss, Debate And Shape Your Ideas

Last week, Forrester launched its CIO Role Community, a place for CIOs (and other IT leaders) exclusively to engage in conversations and discussions with their peers. This community will also provide you an opportunity to continue the conversations on existing content and highlight future areas of interest. You are invited to post your questions, comments, thoughts and ideas and have other CIOs and Forrester analysts to chime in with their opinions, best practices and lessons learned on these areas.

Forrester analysts will be actively participating in communities by responding to your questions, adding their insights to existing conversations and asking questions of you, the CIO, to create a more precise purview, and drive our research agenda — ultimately making it more timely and relevant to you.

Already, a wide range of topics are being actively discussed, from the criticalness of operating in the Asia Pacific region and other emerging economies, to setting clear business priorities without a PMO.

Head over to the CIO Community, browse the discussions, and let your voice be heard. Respond to an existing post, or post your own discussion!

(Also, be sure to follow @Forr_CIO for timely updates about the CIO Community activity.)

We’re waiting to hear from you!

The New CIO — Embrace The Empowered Era Or Step Aside


Today, 22% of employees say that they have used a non-IT-provisioned service over the Web to perform their job function —not to update their Facebook accounts, but to do real work.[i] Many employees are no longer relying on IT to provision, manage, and run their technology because they feel IT is too slow and puts unnecessary restrictions on their use of technology. Many customers expect on-demand information, customized user experiences, and mobile apps that IT is expected to deliver quickly, cheaply, and reliably. Some CIOs have reacted to this shift by vigorously defending their turf from these encroachments. Others have ceded control to third-party service providers and business managers who now make their own technology decisions.

Read more

Empowered BT: A Road Map For CIOs

As you may know, I recently was named the Research Director for our CIO team — a team of highly accomplished and experienced analysts at Forrester. One of our first tasks as a team was to define the current changes in the technology and business landscape and develop a cohesive view of what this means for the role of CIO. What will it mean to be a CIO in the “empowered” world? As you can imagine, this led to a healthy debate and many different perspectives on what the future CIO role would look like. Here are some highlights from our discussion so far.

What is changing for the CIO?

  • Technology plays an increasingly critical role in business success. In Forrester’s Forrsights Budgets And Priorities Tracker Survey, Q4 2010, 52% of the business decision-makers strongly agreed with the statement “Technology is fundamental element of our business model.” Many companies are starting to use technology as a business differentiator, and many businesses rely on technology to provide critical information for making strategic business decisions.
  • Empowered technologies make it easy to bypass IT. The empowered technologies — social, mobile, video, and cloud — are rapidly transforming the information landscape. Increasingly, these technologies are easy to acquire and bring into the corporate environment, and many can be sourced and managed outside of IT’s control — making it easy for the business and employees to bypass IT.
Read more

Dell To Acquire SecureWorks

Dell announced Tuesday its intent to acquire managed security services provider (MSSP) SecureWorks for an undisclosed amount. SecureWorks, which acquired VeriSign's Managed Security Services in July 2009, has been growing their business significantly over recent years. Dell on the other hand, has been strengthening its services arm and moving towards a more solutions-centric approach. SecureWorks will continue to act as a separate business unit and will maintain its offerings, keeping its consulting and services intact. This deal was surprising but not shocking. As information security becomes an integral part of the infrastructure, large system vendors strive to build or buy security capabilities into their products and services. Here are our initial thoughts on the acquisition:

  • Dell builds a security foundation through SecureWorks capabilities. Dell doesn’t have a strong security presence - And similar to the RSA/EMC acquisition, SecureWorks will become the security division of Dell. This acquisition will enrich Dell’s portfolio with a well-respected managed security services company with expertise in threat intelligence, infrastructure security, and strong customer service.
  • SecureWorks and Dell find new revenue streams through security offerings. Infrastructure security is becoming ever more important as organizations embrace data center consolidation and the cloud. SecureWorks offerings will strengthen the business case for Dell while keeping customers secure. On the other hand, SecureWorks will find new industries and geographies beyond government, utilities, and retail services.
Read more

WikiLeaks: Will The Lapses In Security Leading To Massive Data Breaches Serve As A Wakeup Call For Us?

In the past few days, almost every conversation I have had with a CISO has somehow stumbled onto the topic of the data breach at the US Department of Defense (DoD) and subsequent release of that information through WikiLeaks. Many CISOs have told us that their executives are asking for reassurances that this type of large-scale data disclosure is not possible in their organization. Some executives have even asked the security team to provide presentations to management educating them on their existing security controls against similar attacks. Responding to these questions is tricky: “It’s like treading on a thin ice,” commented one CISO. If you tell them everything is under control you may create a false sense of security. If you tell them that it is very likely that such an incident can happen within their organization – it may be a career limiting move.

I would recommend giving the executives a dose of reality. I do many security assessments for our clients and often find that many organizations are solely relying too much on technology and infrastructure protections they have. Today’s reality is very different. We often operate in a global context with large and complex IT environments making it hard to monitor and track data and we are sharing a tremendous amount of sensitive information with business partners and third parties. All of these realities were faced by the US government as well and probably all contributed to the circumstances that led to the disclosure of data.

 As many of you try to extract the lessons learned from this episode, here is my take on it – It is a failure of not a single security control but a set of multiple preventative and detective lapses.

Failure of preventative controls: Governance, Oversight and Access Control

Read more

AT&T acquires Verisign Security Consulting

Khalid Kark

AT&T recently announced it has acquired VeriSign's Global Security Consulting Services business for an undisclosed amount. The news was not shocking, since VeriSign had been shopping around for a buyer a few years now and AT&T had to acquire additional competencies in their security service portfolio to compete with other telcos – who have already acquired specialized security companies. Here are my initial thoughts on this acquisition.

Read more

The Trials And Tribulations Of Public Sector CISOs

Khalid Kark

Just the other day, I was speaking with a state CISO about the security challenges she's facing in today's environment. In many regards, she echoed what I've heard from other CISOs in the private sector -- the business (Govenor) is expecting us to do more with less, Web 2.0 bring along a whole new challenge in terms of security, etc. At the same time, she reminded me just how different things are for the public sector by articulating the extra challenges she has on top of all the usual ones:

Read more

Hathaway resigns … another one bites the dust

Khalid Kark

Hathaway joins a distinguished group of highly respected and accomplished people who have quit the position of Cybersecurity Czar. She wasn’t even the actual Cybersecurity Czar, she was just the acting one, but it appears even that was too much to take for her. She cited personal reasons for resigning, but media reports suggest a more plausible reason for resigning – frustration at “spinning her wheels” and not being able to accomplish anything. Sounds familiar, doesn’t it. Whether you are a Cybersecurity Czar or a CISO, the challenges for this position are very similar. 

Read more