Last month, I had the opportunity to address an audience of IT professionals at the Internet Summit 2012 in Raleigh, N.C., speaking alongside Curtis Brown (CTO at AOL), David Giambruno (CIO at Revlon) and Chad Smith (CTO at 3 Birds Marketing). We discussed a wide range of IT trends and, as might be expected given our diverse backgrounds, we often differed in our views but there was one thing we all fundamentally agreed on: the role of the IT department and the CIO is undergoing a dramatic shift.
Driving this shift is the rise of business without borders and the development of a richly connected economy. Increasingly, it’s the connections between businesses, partners and end customers that drive competitive advantage and differentiation in the marketplace. But these benefits are accompanied with risks that IT is struggling to address.
Tech-savvy employees, the upsurge of bring-your-own-device and bring-your-own-collaboration, and the openly integrated cloud have all offered ways for employees to adopt their own technology and collaborate more efficiently. These changes, however, have made it much harder for companies to protect their valuable IP and to meet even basic regulatory requirements. A firewall-only approach to protection of IP rights no longer works, and in any event smart CIOs want to leverage these new technologies, which foster stronger connections with their supply chain or business partners. The question becomes how to do this while still properly safeguarding a company’s intellectual property.
How to strike the right balance? First up on every CIO’s agenda should be a commitment to curbing the rise in “shadow IT” by getting a tighter handle on how the organization invests in new technology. In the last decade there has been a disturbing increase in the instances of individual lines of business buying software solutions directly from vendors, instead of strategizing in tandem with the larger organization’s IT department.
Ironically, the lack of collaboration between IT, vendors and lines of business puts the whole organization at risk. To ensure that proper security and governance policies are applied to all new software acquisitions, CIOs must establish standard operating procedures and governance policies around how to work with outside vendors and leverage economies of scale.
Another imperative that’s critical for CIOs to advance on in order to increase security is standardization of communication practices and protocols throughout the entire organization—no matter how large or how far abroad it extends. In other words, as CIOs we have to see our roles less as traditional service providers and more as strategic business partners. At IntraLinks, I oversee employees in multiple countries around the world. Even though we may speak different languages and embrace different cultural behaviors and workflows, I have found it crucial that we use standardized communication practice and protocols when working within our own organization, dealing with our technology partners or serving our clients. On a related note, it is crucial that IT departments speak their parent company’s language and understand the core competencies of the very business it supports.
One effective tactic I suggest is to create a single identity (owned by the organization) that is utilized by vendors and ensures identity management is owned by IT internally and shared in the cloud. Over on the Reality Check blog, Robert L. Mitchell wrote a round up of predictions from this year’s Gartner Symposium. One of his predictions caught my attention and aligns with the points I have been covering so far. According to Robert, "Identity and access management data will become strategic." He goes on to cite analyst Earl Perkins,"By 2015, 80% of successful identity and access management implementations will be not only process-driven, but the goal will be delivery of intelligence."
Monitoring where files are sent and who accesses them provides businesses with control and tracking logs that safeguard enterprises and minimize the burden in the event of an audit or government probe. In addition, they can help mitigate risks of data leakage going unnoticed and even happening in the first place. Recent news has shown that even those at the highest levels of government are subject to information probes.
Ultimately, while the security challenges resulting from BYOD, BYOC and other trends are highly complex, the solution is relatively straightforward. Companies of any size, in any industry, must institute guidelines to ensure that best practices for IT and data security are being effectively communicated, implemented and followed by both internal and external partners. By identifying where data might be at risk and mapping the movement of files across various networks, you can use a top line assessment to determine exposure levels, mitigate risks and standardize file-sharing practices, but I’ll touch on that more in a future post.