6 key issues that keep CIOs up at night

Security is no longer just an IT issue; it's a business priority. Business models are changing, as businesses move away from products to IT-enabled platforms.

by Charlie Bess

One of the most common questions asked of IT professionals is, “What keeps you up at night?” An October 2014 survey by NASCIO asked CIOs that very question. The findings produced a pretty good top list of insomnia-inducing issues, but I think it left out one important area — regulatory compliance. Other popular topics overlapped. Here is my own list of issues that cause CIOs to lose sleep:

1. Security

Security is no longer just an IT issue; it’s a business priority. There is an increasing concern about the number of breaches taking place, and it’s not about if  but about when you will be hacked. In protecting your network, how quickly can you recognize that an attack is happening and then respond to it? Even though lately we’ve heard a lot about breaches in retail and government, security is a concern for every industry. And security is not just an external matter, since internal issues play a role in most security issues.

2. Regulatory compliance

New privacy and security regulations are constantly being enacted, and existing ones keep changing. For example, Sarbanes Oxley is applicable to every publicly traded company. If you handle credit cards, compliance with the Payment Card Industry (PCI) regulations is critical. Healthcare firms have to contend with the privacy and security rules as established by the likes of the International Statistical Classification of Diseases and Related Health Problems (ICD-10) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). A minor regulatory change can place even a generous budget in jeopardy, so flexibility and awareness of the implications are important in planning and adhering to regulatory compliance procedures.

3. Budget controls

According to an article in ZDNET titled, “Here’s what your tech budget is being spent on,” by Steve Ranger, many IT organizations today dedicate 70 percent or more of their budgets to maintaining the layer-upon-layer of systems that have defined success. To address this situation, they should do an application portfolio assessment to prune out the lower-value or higher-demand software. This should be part of an enterprise architecture effort assessing the applicability of cloud techniques and efforts to add flexibility. Think about doing a merger of your current environment and your ideal state. What would you do and when?

4. Talent management

Organizations can lose their most talented personnel for numerous reasons, such as the employment market heating up and baby boomers retiring. Additionally, new technologies are coming on the market daily, and that requires either talent management by training or focused recruiting. Along with that effort, unexpected talent management issues may arise that distract your team from generating the value expected from the business. Watch for it.

5. Shifting business needs

Technology is changing exponentially, enabling new possibilities for businesses, and business models are changing as well as they move away from products to platforms, usually enabled by IT. The CIO is in a key position to make bold moves for the business, and that can be scary.

6. Disaster recovery/business continuity

Bad things can happen to good people. Whether it is a security breach, a natural disaster, or some bad code that brings an enterprise’s system down, the CIO is expected to prepare, test, and execute their way through any event involving IT systems, to keep the business going.

In future posts, I will cover these topics in more depth, so stay tuned.

Learn how AT&T Network Security can help support your business’ security needs.