What's the point of a CIO?
It's a brutally frank question. But in a world where business units can sign up for "shadow IT" services in minutes to get anything from CRM to analytics to data storage to email, do organizations really need a C-level technology expert anymore?
The good news for CIOs is that the answer is probably "yes." The bad news is that they are going to have to change and adapt if they want to have any chance of staying relevant.
That's certainly the view of Jim Cole, a senior vice president at Hitachi Consulting. "The role of the CIO remains relevant to the extent they are strategists first, technologists second," he warns.
Instead of being the chief architect of IT systems, CIOs must concentrate on being "strategic enablers" for their businesses by allowing them to "enter and exit markets with the utmost in flexibility and agility regardless of where the IT services are provided," he adds.
CIOs who fail to do that risk finding their roles relegated to ones which answer to another C-level executive, while someone else – perhaps a Chief Digital Officer – steps in to handle the more business-critical strategic initiatives.
Embrace the chaos
One key characteristic that CIOs need to develop is the willingness to allow business units to choose and use any (or almost any) applications that they feel they need to get their jobs done, Cole says. This includes the type of software as a service (SaaS) offerings that previously were acquired without the knowledge or permission of the IT department,
"Today’s CIOs remain relevant by engaging directly in the consumption of shadow IT within their businesses," he says. To do this CIOs need to make sure they understand why particular shadow IT services are in demand, and what can be done to make sure that they can be used as effectively as possible.
"The alternative is to develop draconian, isolationist policies which are often cloaked in the guise of "security" and "data protection" but in reality are often attempts to falsely preserve command and control," he adds.
The problem for career-minded CIOs is that traditionally the role has been one of Plan-Build-Run, and the capability to execute successful projects of this kind has been the hallmark of a successful CIO, says Abner Germanow, a senior director at New Relic, a Calif.-based analytics company.
Executing Plan-Procure-Manage projects – subscribing to SaaS offerings, in other words – has not typically been something for CIOs to show off about or to use as justification for an enhanced compensation package. "Not many CIOs have made their careers by subscribing to services," he points out.
But Germanow agrees with Hitachi Consulting's Jim Cole that a willingness to embrace SaaS is essential if a CIO is to remain relevant. "The reason that many companies subscribed to Salesforce was that their IT departments couldn't make a CRM system. There's been a long history of going around the CIO, but smart ones shouldn't fight it, they should embrace it."
From control to trust
An obvious question to ask then is whether the modern CIO's role really comes down to one of keeping an eye on SaaS services that business units subscribe to, and ensuring that they are used in a secure fashion – perhaps, ironically, by subscribing to a Cloud Access Security Broker (CASB) service?
Germanow believes there is some truth in that, but also that there's a need to move from control-based to trust-based security. “The trend in security is a shift from ‘I control and secure everything myself’ to ‘When I use Azure I now use modern technologies and a shared responsibility model with cloud providers,’” he says. “The focus is on business risk, not technology risk."
Cole says there is more to it than that. To stay relevant a CIO has to orchestrate a complex blend of "best of" applications, technologies, and platforms – as well as providing "reasonable guardrails" when it comes to security, risk, and consistency, he says.
That means working with business units or individuals who want to subscribe to SaaS and building it into an overall IT plan. "The successful CIO engages, embraces, seeks to understand, partners to develop roadmaps, brings a mix of facilitating policies and enabling support services," Cole explains.
"By engaging they help to establish a culture of accountability, approvals, audits, and awareness so the company leaders never wake up in the morning wondering where their data is and is it secure," he adds.
Some CIOs may baulk at the idea of handing over much of the responsibility for running applications and securing data to cloud providers and effectively allowing business units to decide what's best for their needs, but CIOs that can't adapt to the changing face of enterprise computing are doomed to sink into irrelevance, he warns.
"For those CIOs who remain in the traditional "command and control" operating models, their relevance as a business partner will shrink as they continue to try to enforce isolationist policies that, like in geopolitics, never seem to end well," Cole says.