informa
/
Operations
Commentary

The CIO's Shifting Role: Improving Security With Shared Responsibility

CIOs must create a culture centered around cybersecurity that is easily visible and manageable.

Once referred to as the "custodian of technology," today's CIO now serves as a critical bridge that helps connect IT, security, and business revenue. With rapid digitalization and skyrocketing cloud adoption, CIOs must ensure an organization's day-to-day operations, security systems, and cloud operating systems are all functioning smoothly.

Adopting a shared responsibility model, a security framework that balances security governance and clearly outlines the provider and security team's respective obligations, will provide CIOs with the proper insight into day-to-day security operations. As cloud adoptions, transitions, and expansions are expected at a breakneck pace, working together with CISOs, IT executives, and internal security experts will create a stronger security model as long as a clear point of view and intrinsic visibility are well maintained. 

Over the course of the COVID-19 pandemic, CIOs have had to wear more hats than ever. Yet while corporate responsibilities are widening to focus on areas such as business development, facilitating multicloud adoption, and product oversight, security is still the heart and soul of the role. To ensure a successful security approach, CIOs must enact a collective approach as the position and security demands transform. 

Security Is Still a Paramount Issue for Organizations and CIOs 
The number of cyberattacks and incidents dramatically spiked over the last year as organizations pivoted operations online. According to Harvey Nash/KPMG's 2020 CIO survey, 41% of organizations experienced more cybersecurity incidents during the pandemic. This trend is unlikely to subside in the future, as companies adapt to a hybrid office/work-from-home approach. Similarly, CIOs understand the importance of creating a strong foundation centered around security, as 61% reported an increase in investment in cyber/information security, ahead of bolstering data analytics (58%) and cloud services and solutions (53%). 

With the global cloud computing market expected to grow from $371.4 billion from 2020 to $832.1 billion in 2025, the critical issue is how CIOs can continue to prioritize security and IT governance while still leading business endeavors that are stretching into cloud expansion, data automation, business intelligence, and customer engagement. While CIOs may not actively oversee an organization's day-to-day security interface and infrastructure, fostering a clear and coherent shared responsibility model for security will be more important than ever to ensure they're properly defending the enterprise.

IT Growth Means More Responsibilities for CIOs 
IT budgets are steadily rising, and Gartner forecasts that global IT spend will grow 6.2% in 2021, with a 4.9% increase in remote work spending. Yet 95% of CIOs believe their responsibilities are expanding beyond areas of traditional IT, most commonly associated with revenue-generating initiatives. As organizations expand and invest digitally, CIOs are now heavily responsible for determining what technology and cloud solutions organizations should adopt to help grow business. 

Although today's buying process is much easier and faster to facilitate as new software supporting infrastructure and technology are constantly refreshed, it's also more difficult to decide the right solutions as the marketplace now features an abundance of options that are constantly evolving. Security still needs to be top of mind when selecting any cloud or infrastructure services, but CIOs must now also factor in how they're going to cultivate business, create additional revenue streams, and implement infrastructure changes that quickly improve business operations without stalling day-to-day proceedings. And as critical as it is to determine the appropriate provider and defense strategy, it's equally important for CIOs to lay the groundwork for policies and postures that are sufficiently designed with real-time threat detection, comprehensive visibility, and security analytics.

While this presents CIOs with the opportunity to become intimately involved in operational business decisions, it must not take attention away from imperative security responsibilities. Utilizing management platforms can also help shoulder the burden by actively monitoring threats, simplifying management and compliance, optimizing processes, and tracking critical assets. Ultimately, the provider and user are accountable for working together, and designating responsibility adds more clarity to every individual's responsibilities as the virtual workplace becomes the new normal.

Automation Is Key for Current and Future Security Management
Intelligent automation, while still being developed organizationally, is another useful technology that is being deployed by CIOs and organizations to build stronger network defenses and democratize responsibilities. According to a 2020 global security automation survey, 38.3% of surveyed organizations reported a medium level of automation last year, nearly a 5% increase. Seventy-one percent of CIOs also anticipate automation to increase and help make supply chain frictionless, increasing velocity and lowering costs as a result. 

As automation picks up steam, the complexity around managing security infrastructure is also increasing for IT departments. Cybersecurity skills are the most in-demand but scarcest for technology teams, with 35% of technology leaders advocating that these are the most sought-after skills. As automation technology continues to advance, they can help bridge the skills gap that IT teams are currently facing and fill vulnerable gaps that may arise from turnover and short-staffed teams. 

Currently, 84% of organizations are spending over 20% of their cybersecurity budgets on tools that utilize advanced technologies such as artificial intelligence, machine learning, and robotic process automation. CIOs need to strengthen these capabilities to improve decisions, keep up with infrastructure expansion, and actively survey security frameworks. 

Security Still Falls on the CIO
While a CIO's role has evolved to encompass a plethora of new responsibilities to accommodate for rapidly accelerating businesses and technology, cybersecurity is still the fundamental focal point. As demands both shift and increase, it's imperative for CIOs to actively observe and guide essential security elements by meeting or adhering to a shared responsibility model.  

An organization's safety protocols and measures are categorically imperative to protect, and it falls on the CIO's shoulders to ensure they are robustly defended. Ultimately, CIOs need to create a culture centered around cybersecurity that is easily visible and manageable to safeguard an enterprise's indispensable digital assets.

Recommended Reading: