It is amazing how many drivers, even at the Formula One level, think that the brakes are for slowing the car down.
Mario Andretti, legendary race car driver
In many organizations, the security and compliance functions are treated as necessary evils, time-consuming processes that slow down initiatives but are nevertheless understood to be important. It is true that as cyberthreats increase, there is a danger that security concerns simply choke off a business’s speed and flexibility. The solution to this conundrum lies in recognizing that security is primarily a cultural and managerial issue rather than a technical one. While almost 90 percent of tech leaders believe their IT organizations have been effective in improving cyber defenses, only two-thirds of the rest of the C-suite agree, implying that there is considerable room for improvement. 7 McKinsey Global Survey on technology and the business, 2021.
The first big shift is to move security from something that is done only by a dedicated team to something for which everyone is responsible. CIOs can provide developers with the education and incentives to build security and compliance into their code. In addition, security and compliance experts should work side by side with developers to help teams address security issues before they surface.
The second shift is to upgrade security operations to improve prevention and resilience. CIOs can best enable this shift by applying a developer mindset to security rather than a compliance one. A DevSecOps working model, where security is integrated into each stage of an agile product life cycle rather than being a check at the end, is one way to do that. CIOs can further harden security by committing to a “security as code” approach that defines cybersecurity policies and standards and then instantiates them as code through architecture and automation.
Quality is like quantity, but there's a lot less of it.
Suzan-Lori Parks, playwright
The biggest issue with data is that there’s so much of it that companies have tremendous difficulty making sense of it. Data users can spend between 30 to 40 percent of their time searching for data and 20 to 30 percent on cleansing it. The result is often a kind of data drunkenness where companies chase after different ideas in an uncoordinated and disjointed fashion. In effect, they’re trying to manage the scale rather than extract the value.
It’s not much of an exaggeration to say that no important value-creating initiatives for the business are possible without good data. It is literally the lifeblood of the business and should be treated that way. From that acknowledgement flow two imperatives.
The first is quality (including access and usability) over quantity. Too often the focus on data quality becomes just a set of policies and guidance that an IT support function executes but is not widely followed. The CIO can drive effective data governance through a balance of centralized data-management and governance roles. More than 60 percent of tech leaders from our survey, in fact, say they are planning to scale data, analytics, and AI—more than any other tech initiative. 8 McKinsey Global Survey on technology and the business, 2021. CIOs will need to bring in data and machine-learning operations people to manage this effort.
The second imperative is to develop an orchestration capability to make the many data linkages needed to enable advanced experiences. Take the example of predictive maintenance. When data from sensors indicates that a widget should be replaced, this data needs to connect with inventory data to see if a replacement widget is available, with team-management data to get a crew in the field to replace the widget, with supplier pricing data to track the costs, and with billing data so that the right customer is billed and payment is tracked. This level of orchestration requires data developers to build systems that collect, integrate, and manage target data sets.
One way that CIOs can meet these needs is by standing up a “data and analytics delivery war room” made up of data developers, legal, compliance, and full-stack architects. This team takes inputs from the business, locates key data sets, and creates a data-orchestration platform to deliver data to any part of the organization.
Business in the digital age is impossible without a strong technology platform. The COVID-19 pandemic has provided an important exclamation point to make this reality clear to the C-suite and board. With this foundation, CIOs have a unique opportunity to become business drivers. This doesn’t mean it’s time to throw out the old playbook; traditional needs of ensuring stability, meeting business requirements, and managing the costs and risks of delivery are all still necessary. But they’re not sufficient. CIOs need to write a new chapter in the IT playbook that embodies a new set of bold aspirations to put technology at the forefront of the business.