Why IT needs to drive the risk conversation
No one is having an honest conversation about risk -- and that's putting IT between a rock and a hard place. Here are seven ways to change the dialogue.
Computerworld - It's a familiar complaint: Executives from a business department learn about a new, often cloud-based product and they want to try it. Only they can't, because IT has decreed that this wonderful new product creates too much risk. The frustrated business execs gripe that IT is standing in the way of progress. As one business executive said, IT is "where dreams go to die."
The problem might not lie in some stubborn dislike by technology professionals for innovative new products. The problem, CIOs and other experts agree, is that most organizations don't have a realistic, balanced or mature system for evaluating and making decisions about technology risk. Especially the risk that always comes with implementing something new.
"Somebody, typically in a line of business, has some SaaS product they want to use, and they provide a business case for it: 'Here's all the good stuff that can result from the use of this. It'll make my numbers. I can access it from anywhere,'" says Jay Heiser, an analyst at Gartner.
At that point, IT is asked to determine whether the software in question is safe to use. "Then starts a farcical attempt to prevent something bad from happening," says Heiser. Ensuring complete indemnification for any losses suffered in the event of a breach likely means inserting provisions into the vendor's standard contract. "These are cookie-cutter products; the company has 30,000 customers. They're not going to negotiate contracts," he says.
Next come questions about the cloud provider's security practices, but here again, Heiser says, it's difficult or impossible to construct a questionnaire that will fully determine that the provider will keep data secure. A site visit might be helpful, but the sheer volume of customers will make it impossible for the provider to welcome most of them. And even when you are standing at a provider's facility looking straight at its servers, that doesn't give you access to the person who wrote the code.
In short, there is no way to guarantee security, especially that of a cloud-based product, Heiser says. And therefore, IT professionals tend to take the simplest path and decline to give their approval, which in turn earns them a reputation as dream-killers. It's a setup that guarantees frustration on all sides, and one that's more than ripe for adjustment.
But changing it requires seriously rethinking how businesses work with IT to make technological decisions. That won't be easy, but here are some places to start.
1. Let CIOs Off the Hot Seat
Talk to any CIO long enough on the subject of technology risk, and one company name is likely to come up: Target. The retailer suffered a widely publicized data breach compromising a total of 110 million credit cards in December and January -- a number that's equivalent to more than one-third of the U.S. population, assuming all the cards belonged to different people. As the dust settled and lawsuits were filed, no one was surprised when Target CIO Beth Jacobs tendered her resignation.
Jacobs had been on the job about six years, putting her right at the average CIO tenure according to CIO magazine's 2014 State of the CIO survey. That's a fact worth noting because behind it lies a darker truth: Most CIOs assume they're always one big tech failure away from losing their jobs. "I don't know if she did a good job or not, but she got fired," Heiser says. "In practice, if something breaks, they'll go looking for a scapegoat." Because CIOs face that reality, he adds, it's easy to see why most of them are motivated to make "extremely conservative decisions."
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- The Next Generation Employee Experience This white paper from IBM, showcases five organizations that are strategically integrating emerging social software and tools with their existing investments and seeing...
- Jyske Bank extends brand message to more than one million visitors a month IBM WebSphere Portal software helps bank offer a clearly differentiated digital experience
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Management White Papers | Webcasts