CIO-CSO webinar: How CISOs and CIOs collaborate in times of COVID-19

CIOs and CISOs need to work closely together if they want to bypass budget conflicts caused by the economic impact COVID-19. That is the conclusion reached by Sarah Winmill, CIO – Business Functions, at the Ministry of Defence (MoD), and Quentyn Taylor, Director of Information Security at Canon EMEA, during a CIO.com live webinar organised in collaboration with CSO Online.

[Watch ‘Business Continuity during COVID19: How CISOs and CIOs work together’ here.]

Touching upon the intersection between the CIO and CSO roles at a time of unprecedented disruption caused by coronavirus and the best ways in which both executives can collaborate, Winmill explained how the MoD is witnessing a greater engagement between her office and the CISO’s since the beginning of lockdown.

The move to remote working, while also maintaining the strict cybersecurity protocols expected from such a sensitive government department, has positioned the technology and cybersecurity departments closer than ever, she added.

“We’ve been nursing colleagues through how to use technologies and reminding them of their cybersecurity responsibilities,” said Winmill.

For Taylor, the new economic reality resulting of COVID-19 is something that information security executives will have to get used to.

“I think that the security budget is going to get cut and that is going to lead to conflict with CIOs,” he said. “Although the CISO is not under the CIO, they still need the CIO to be the hands and eyes to actually execute the plan. I think that’s going to cause a lot of conflict in the coming years.”

This view was shared by Winmill, who sees tensions arising when trying to look at usability versus security.

“However, if everyone stays focused on what’s necessary to get business done, then that tension shouldn’t be there. A decent CIO has to be aware of the cyber threat,” she said. “You should be able to resolve that conflict and come to a commonality of view.”

Shadow IT risks

During the webinar, Winmill and Taylor also discussed the risks and opportunities presented by shadow IT in the current climate.

Shadow IT, the use of IT systems and solutions inside organisations without explicit organisational approval, remains a challenge for Winmill and her team at the MoD. Although shadow IT can offer opportunities to advance the digital transformation of some businesses, the cyber security risk is too great for a highly sensitive environment like the MoD.

To avoid staff resorting to shadow IT, Winmill recommended in the webinar getting to know in-depth the needs of the organisation and align its operational imperatives to the IT strategy – it’s when enterprise IT is not serving business needs well enough that shadow IT emerges.

“Those shadow pieces will come where we aren’t hitting the sweet spot of what’s needed in terms of working with the organisation and keeping the wheels on the bus,” she said. “Now we’re working with colleagues to look at various tools and it’s a constantly evolving ecosystem within defence.”

Taylor shared the view of shadow IT being the result of IT failing to deliver the customer need – whether that’s customer need or customer want, it’s debatable. However, Canon’s Taylor highlighted the opportunities brought upon by the COVID-19 crisis for finding valuable learnings of shadow IT.

Watch the full webinar here: