Headline
Why CIO & CISO Collaboration Is Key to Organizational Resilience
Alignment between these domains is quickly becoming a strategic imperative.
Source: Panther Media GmbH via Alamy Stock
COMMENTARY
With an increasingly complex threat landscape and the progression of threat-actor tactics, effective cybersecurity is non-negotiable. At the same time, staffing challenges and an uncertain economy have made it increasingly challenging to manage your attack surface and keep would-be threat actors at bay.
That’s not for lack of effort — or expenditure. Gartner forecasts that the world will spend $215 billion on risk management and cybersecurity in 2024. That’s a 14% increase over 2023. Gartner expects that expenditures for IT will reach a whopping $5.1 trillion in 2024.
Amid all this, companies are striving for disruptive innovation and progress while keeping a close eye on budgets. Many workers are feeling spread thin, with more data and endpoints than ever and not enough qualified talent to be found. As a chief information officer (CIO), I can attest that I’ve seen this crunch particularly within the global IT space. This is not a good moment for IT to be stressed out and overworked. The stakes are simply too high.
So, how can organizations mitigate threats while maintaining momentum?
It’s time to finally break down the silos between IT and security. That starts by fostering alignment between the CIO and chief information security officer (CISO).
Streamlined, Secure — or Both?
Individually, CISOs and CIOs are powerful forces with a lot on their plates — and a lot on the line. Together, they could be unstoppable. However, historically, organizational structures have relegated CISOs and CIOs to separate domains with distinct — and occasionally contradictory — objectives.
Access, Please: The CIO Imperative
For many CIOs, it’s common to be focused on streamlining and efficiency, especially given staffing challenges. Additionally, CIOs and IT teams work to ensure continuous access to optimized tools that help employees get their jobs done. Sixty-one percent of IT professionals admit that negative technology experiences directly impact their morale, underscoring the palpable connection between tech efficiency and employee engagement.
Lack of access to the right tools can contribute to “shadow IT.” Conversely, streamlined, efficient operations enhance speed and elevate the digital employee experience.
Standing Guard: The CISO Imperative
Meanwhile, my peers in the CISO role dial in to ensure organizations are as secure as possible. This is a critical and constantly moving target, as threat actors continue to find new avenues of attack. Effective cybersecurity prevents all manner of problems, ranging from the inconvenient (unexpected downtime) to the catastrophic (a major breach).
I have an enormous amount of respect for the CISO role, as should everyone impacted by security. (And that’s all of us.) In 2022, the average cost of a single data breach was $4.5 million — not counting ransomware costs. Meanwhile, nearly 87% of businesses grapple with a shortfall in IT security staff. This talent crunch severely threatens organizations’ defenses against evolving cyber threats.
Exploring the Overlap
Both CIO and CISO roles seek to optimize business outcomes, though we often take differing approaches. “Streamlined” and “secure” are frequently mutually exclusive, particularly if your organization lacks the right tools.
There are several areas impacting both IT and security. Just two include:
- Influx of devices and data: It’s anticipated that more than 180 zettabytes of data will be floating around by 2025. If you thought we were already facing a data firehose, you haven’t seen anything yet. The more data produced, the more streamlined operations must be to manage relevant data effectively — and the more importance must be placed on data protection.
- Shifting work environments posing challenges: The mix of remote, hybrid, and in-person work environments — plus the increasing reliance on personal devices used to access company data — makes things more challenging for both IT and security.
Problems like these aren’t theoretical — they’re real. According to Duke University research, “more than 80 percent of U.S. companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data.” Meanwhile, the digital employee experience is more critical than ever in the battle to attract, engage, and retain top talent — so any tools and policies must be user friendly and secure.
I like to think of these challenges as shared opportunities.
Unlock the Collaborative Potential of CIOs and CISOs
This is where alignment comes in. IT and security may have been siloed, but that could change. The past few years have shown change is not only possible but essential for survival.
Breaking down the silos between your IT and security leaders doesn’t diminish their roles, it elevates them.
Collaborative IT and security leaders, and their teams, enjoy the benefits of:
- Financial optimization through consolidation: Streamlining vendor and technology portfolios for optimized spending and resource utilization.
- Elevated employee engagement: Eradicating shadow IT and fortifying digital business for heightened engagement and security.
- Heightened enterprise resilience: Bolstering cybersecurity measures to curtail risks and fortify the organizational backbone.
Fostering alignment between these teams will vary, but there are a few universal principles to keep in mind:
- Loop in your applicable executive(s), e.g., your CEO, from the start. They should be on board with and involved in facilitating this alignment.
- Clarify objectives and define roles. Seek commonalities with your counterpart to identify overlap and gaps.
- Make yourself open for regular communication and collaboration — and find out if there are cross-training initiatives available.
- In collaboration with applicable executives, adopt a unified approach to performance metrics, reporting mechanisms, risk management, data governance, and compliance.
- Work together when making decisions on technology adoption, resource allocation, and budgeting.
- Tooling should be a shared responsibility to ensure coverage and observability are always meeting key performance indicators (KPIs).
The endgame with these tactics is a more efficient operation to make life easier for both parties. Worth noting: Intelligent hyperautomation can be a massive benefit in streamlining processes and amplifying operational efficiency.
IT and security alignment is a strategic necessity. This collaborative effort fosters mutual accountability and improves overall security by eliminating data silos that hinder response times and hide crucial insights.
About the Author(s)
Chief Information Officer, Ivanti
Robert Grazioli is chief information officer (CIO) of Ivanti, responsible for all of its global IT systems and SaaS Operations, including the integration of Ivanti acquisitions over the past two years. Bob originally joined Ivanti in June 2020 as vice president of SaaS operations. Bob brings more than 25 years of global experience spanning the financial services and the software industry. He has been involved in some of the biggest software acquisitions in the industry over the past 10 years and has been responsible for some of the largest SaaS offerings in the industry. In addition, Bob has oversight of Customer Zero, taking Ivanti’s SaaS operations to the next level through leveraging our own learnings to benefit the needs of our customers.