Prioritization at Core of CIOs’ Survival Strategies

It can be a scary world out there. Phishers, hackers, crackers and the like are determined to wreak havoc on network security — and a firm’s Chief Information Officer is smack dab in the middle of it all.

The CIO establishes and directs the strategic long-term goals, policies and procedures for an IT department. This professional determines an organization’s long-term system needs and hardware acquisitions to accomplish business objectives.

What the CIO needs most, perhaps, is a clear organization and action strategy. His or her survival kit would include critical tools, important tasks, and maybe a few aspirin. The question is, what are those critical tools and important tasks? That seems to depend on whom you ask.

Some may look to budget management tools, security systems and data backup, while others are more focused on Sarbanes-Oxley compliance and political savvy. Regardless of a company’s specific needs, the common ground is the need to devise an action plan and execute it.

Two Types of CIOs

“There are two basic types of CIOs,” said Patrick Gray, president of Prevoyance Group, a project performance consulting group with clients that include Gillette, Pitney Bowes and CA. “Those who are able to think strategically and apply a company’s strategy through technology; [and] those who are solely ‘operational’ managers, whose primary goal is to keep the network running and the servers serving.”

To survive, CIOs need to be members of the latter group. An increasing number of issues are currently jumping onto CIOs’ radar screens, including a growing emphasis on network security and globalization.

Gray, though, argues that automatically zeroing in on compliance, data backup and other headline-making issues is the wrong approach for the CIO. Rather, says Gray, he or she should determine the key strategic threats and opportunities to his/her particular organization by talking it through with the CEO and CFO, and develop a technology plan around those concerns.

Gray’s point is this: no two organizations are alike. While some threats are common to any company using the Internet, more often each company will have unique IT priorities that should be addressed individually as an investment, not merely an expense.

From the CIO’s Mouth

If Gray’s theory holds true, then the CIO’s ability to survive — and help the corporation survive — depends on his ability to communicate the organization’s IT needs to key audiences at the boardroom table.

For Pierre Vedel, senior vice president and CIO of ELM Resources, the most important components of his organization and action strategy are what he calls “managing up,” or being able to articulate his business case.

“This requires written, verbal and presentation skills,” Vedel told the E-Commerce Times. “BPM tools, like IDS Scheer’s ARIS Platform, can help sell your message across the enterprise. By using tools that require all business units to participate in design — most of the work is done when I present my proposal.”

Pushing With Political Savvy

Some might describe Vedel’s concept of “managing up” as political savvy. This savvy begins with understanding the technology as it relates to business, and continues with communicating to other C-level executives what the organization’s technology needs are in light of its objectives.

“CIOs have to discuss technology with people who don’t understand technology very deeply to determine what they want to do and translate that into a technology capability,” said Abbe Lundberg, senior vice president and editor in chief of CIO magazine.

The Givens

Of course, budget management is one of Vedel’s main concerns. He considers it a critical part of both project management and maintaining shareholder value. Other areas, like data backup and network security, are merely standard tools in any CIO’s lineup.

From where he sits, Chaz Popovich, CIO of OSI Technologies, believes the threat of the lone, remote hacker breaking into a network and getting away with critical information is overblown.

“A more imminent threat is the constant stream of automated scripts that probe servers connected to the Internet for known vulnerabilities,” Popovich told the E-Commerce Times. “Perhaps the ultimate basic requirement for all privacy and security solutions is that they must be adapted to the unique aspects of your business staff, operation and data.”

In this action plan, the most important way to ensure data security is to have knowledgeable and engaged IT staff paying attention to these basics and to the unique aspects of your business. “Auditing software will let you know how well you are doing and identify areas for improvement,” Popovich noted.

Out With the Old

When it comes to replacing and upgrading security systems, today’s CIO has to be thinking not only about keeping active equipment from viruses, hackers, and theft, he or she also has to think about long-term data security and environmental compliance, according to Chip Slack, CEO of Intechra.

This year millions of PCs will become obsolete, as will as many servers and routers. Many of these machines, however, will still contain data that a company wouldn’t want released “into the wild.” Putting all this outdated electronic equipment in storage is not a secure or cost effective solution, Slack told the E-Commerce Times, nor is sending it downstream to someone who is willing to ship it out of the country.

“Since most companies, no matter how large, do not have electronics recycling or remarketing capabilities, CIOs need to have strong and ethical business partners for outsourcing IT asset disposition,” Slack insisted. “It’s up to the CIO to hold that partner to the highest standards.”

That sentiment stretches from disposal to communication to tools to careful study of the most pertinent IT risks. The bottom line is, one plan does not fit all CIOs, but each will have in common a need to collaborate with others to determine what specific dangers threaten his or her firm. That way he or she will be better able to build the proper arsenal and action plan to keep data assets safe and comply with current laws.