What is worrying the CIO?

It’s not easy being a CIO. The role is custom made for dealing with nightmarish scenarios. There are a whole lot of things that can spin out of control. And in a matter of seconds, the CIOs near perfect world can come crashing down.

Robust and resilient IT infrastructure can go kaput, management can act difficult and decide not to pony up resources for an ambitious project, vendors can choose to pull the plug on a product, meticulously planned IT projects can go astray, security breaches can throw up nasty surprises, project delays and cost overruns can threaten IT’s credibility in the eyes of business and recalcitrant business users can throw a spanner in the works. Phew! The list of woes is never ending.

For the CIO, these situations have been the stuff of nightmares.

And the whirlwind pace of technology change and dramatically shrinking ROI window doesn’t help his cause, as the CIO scrambles to meet the ever- increasing expectations of business. ​It’s like walking on thin ice strewn with banana skin.


Walking on razor’s edge

So what is worst nightmare of a CIO?

Security is a top- of- the- mind worry gnawing at the mind of Ramnath Iyer, Global Head, Corporate Research, CRISIL GR&A and CTO CRISIL.

2014 saw more than its fair share of high- profile security breaches that unnerved the industry. The severity, scale and complexity of the cyber attacks continues to strike fear in the minds and hearts of the CIO community.

“On the operational side my biggest concern is information security. Today it is hard to identify and quantify system vulnerabilities. Even after vulnerabilities are identified it takes anywhere between 2-10 weeks to run patches and fixes. During this time the vulnerabilities are public and are a source of worry,” rues Iyer.

He believes that internal security threat, social engineering, cloud computing and BYOD also pose challenges to information security.

With the threat landscape constantly evolving, the CIOs sense of security is slowly melting away. Iyer’s fear resonates with the CIO community.

For Vikram Dhanda, Senior Vice President - IT Shared Services, Aegis the most insidious of all nightmares is a malware attack. Not only is it more difficult to recover from but it also spreads fast. It has the potential to render one powerless till such time that a malware cleaner is made available by one of the security firms.

Dhanda suggests a way to expunge the nightmare. “Prior to eliminating the malware it needs to be contained to reduce its impact. To prevent such a nightmare it is essential that all desktops, laptops, appliances, applications, devices and the other paraphernalia that make up IT are adequately hardened and zoned to ensure that there is only localised damage,” he opines.

On tenterhooks

On the operational side, Iyer’s second big anxiety is around non availability of client facing services which can result in revenue and reputation loss for organizations. It can deal a crippling blow business.

And there are other reasons that add to his anguish. From a technology investment perspective, Iyer frets over the choice of technology. “The fast evolving technology complicates the choice; do you invest in a new emerging tech which is not adequately tested or do you invest in a tried and tested technology which is not likely to meet your future needs. This is a Catch 22 situation for a CIO,” he complains.

He explains his case with an example. Today, information security preventive technologies are more reliable and robust, while detective technologies are still evolving. Most organizations have built their defences based on preventive technologies, knowing fully well these only address known vulnerabilities and attack vectors.

The ideal approach is to use detective technologies for mitigating attack scenarios, but these are still in their infancy, leading to the classic Catch 22 situation where the CIO knows current investment in preventive technologies are not adequate, but the future technologies are not stable as yet!

Evidently, the CIO is stuck between a rock and a hard place.

Daunting prospect

Dhanda is also concerned about the loss of productivity due to equipment failure. It can unfold a situation of unprecedented pandemonium.

“It would be a terrible sight to see the entire office whiling away their time and unable to work. This could be on account of any number of reasons that could cause people to not have access to their data, files and mails,” he says.

Dhanda asserts that one can only put in adequate redundancy to ensure that expected and unexpected equipment failures do not impact users. “It is essential to ensure that as and when failures do take place they are attended to in the shortest possible time to decrease one’s risk exposure,” he says.

If the nightmare comes true the CIO will be on tenterhooks whilst he works to set things right.

Concern around data backup and BCP also weigh heavily on his mind. CIOs undertake data backup on a regular schedule. However, the true test of the efficacy of the backup process is when one is required to restore data.

An uneventful data restoration is never remarked upon – it is the minimum expected. But a failed data restoration brings into question not only the data backup process but also a host of other IT processes.

“It is as if the failed data restoration is representative of the way the entire IT function is run. The only way to militate against such an eventuality is to ensure a continuous drill of data restorations to practically provide proof that data restorations will happen when demanded,” Dhanda recommends.

IT management woes

And sometimes vendors can cause angst to CIOs by arm twisting them into procuring new products.

For TG Dhandapani, CIO, TVS Motors the worst nightmare is when IT product vendors unilaterally decide to give up the support (for which customers pay AMC) and force enterprises to procure new licensed product.

“The concern is the adoption of unsolicited new system, issues associated with that, additional investment and payment of AMC for which we don’t receive the service,” complains Dhandapani.

He suggests that if such a scenario comes to pass, the CIO should scout for the best product available product in the market and refrain from making the existing vendor product an automatic choice.

CIOs also lose their sleep over IT management issues. Rajesh Saboo, Rajesh Saboo, head of IT services, Future Group highlights that the resources to manage IT are a cause for concern.

“We have outsourced our delivery accountability with the partners. Enterprise solution and governance is my leadership team’s accountability. But doing this is an art. And finding the right blend of resources with competence and the desire to excel is a challenge. The resource deficit is my nightmare. Since resources are limited I am concerned about what will happen if they decide to move on” he says, alarmed.





.