CIOs need to take back security

  • After high-profile security breaches, CIOs are being challenged to deliver a more secure IT environment.

  • CIOs are responding through strategic technologies, partnerships, or delegating to a CISO.

One of a CIO’s primary mandates is to promote an atmosphere of professionalism and productivity around the information technology that has become indispensable to every organization. It’s time for CIOs to take back the high ground on security.

High-profile security breaches affecting millions of consumers have heightened calls for a dedicated chief information security officer, or CISO, since there seems to be a growing sense that CIOs are too overburdened to solely take on IT security.

In some organizations, a dedicated CISO may actually be the best cultural fit. But whether ultimate security responsibility rests with the CIO, a CIO’s direct report, or a CISO, a case can be made for the CIO needing to participate in planning, evaluating, and implementing company-wide protection, or risk being marginalized out of the very departments they helped build.

Unsurprisingly, retail CIOs seem to agree and are responding with the message that they can and will spend more time on security. To put that sentiment into action, the CIO must be constantly on the lookout for strategic technologies and partnerships that enhance, automate, and streamline security safeguards, compliance monitoring, and threat response.

Delicate balance, tough decisions

Even when not responsible for the ultimate security plan, a CIO should have a comprehensive understanding of all business, contractual, and regulatory drivers and mandates for security. As the marshal of IT resources and budget, he or she is in the position of balancing the need to maximize security against the drive to minimize unnecessary spending and effort.

As part of this balancing act, the CIO must also be prepared to define and defend acceptable or tolerable risks and communicate crucial security issues at a level directors can understand.

Security as differentiator

The CIO’s role should be well-positioned to turn the organization’s security capabilities into specific business guidance for the CEO and chief marketing officer. In essence, the CIO can help sell security as a competitive advantage. Heightened security policies are good for brand and reputation building.

In the face of recent security challenges, CIOs should be thinking about re-establishing a security-minded reputation. Whether that means forming a closer partnership with a qualified security consulting firm or delegating more tasks to a CISO, the CIO needs to take a stand and reinforce that security is of primary importance to the organization’s highest technological office.

Learn more about network security services from AT&T.

Jason Compton Writer About Jason