Here’s the scenario, you (as CIO) are approached to approve the latest round of technology spending. Here are eight key questions you should be asking, and why: 1. Will this enable me to collaborate? Collaboration is a strategic direction for most businesses, whether it’s B2B, B2C, Peer to Peer, the joint venture or strategic partnerships. The key to true collaboration is to be able to see and work on the same data. 2. Will this be secure if I connect it directly to the Internet? Since all your existing systems are probably not ready to be connected to the Internet, you will still operate a security perimeter. What you don’t want to do is then to tunnel all external collaborators through that security perimeter. The correct way is to architect for connection to the Internet, and then everyone simply connects directly via the Internet whether they are inside your organisation or outside. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe 3. Can someone we don’t employ get access to this the same way our staff do?The last thing you want to do is to manage hundreds, maybe thousands of people who you do not employ with user credentials. Systems must be designed to accept user credentials from a variety of sources that you probably don’t manage, and then be able to use those credentials as one of the factors when deciding whether to grant access to the system and the data. 4. If data is lost, will I find my company on the front page of the national paper?The basic rule here is data should be encrypted when in transit and at rest. So you need to find out whether all the protocols in use are secure and are all backups encrypted. 5. How will I know if someone has tampered with the data? With lots of people you don’t know accessing your data, it’s important to understand the data model and how you ensure that people have the right access to the right data. How can you spot that someone has accidentally changed the mark-up formula on that bid-spreadsheet from +25 per cent to -25 per cent, for instance? 6. Will it easily interconnect with our key business partners?If collaboration is going to be easier, you need to understand and agree the secure standards by which the collaboration will happen. This is more important when multiple parties are involved. Generally you do not want to re-key data, or try and maintain and synchronise multiple sources of data. 7. How did you translate the risk appetite of the board for this system? Often, the first you know about a new strategic joint venture is when the press release goes to the city. Connecting the systems so you can collaborate carries a set of risks the board probably did not understand. Your job is often to balance those risks, but validate the risk assumptions that your people have made. 8. Has the vendor built security in or do I need additional parts to make it secure? If the system as sold has security built in as sold, rather than bolted-on, then it provides a significantly better overall security model. When security is built in, it’s generally friendlier for end-users to use, rather than to navigate all those extra layers of security you’ve had to bolt on. Paul Simmonds is a steering committee member of the Jericho Forum, a group of senior IT security offices working together to help business succeed. Pic: william.neuheiselcc2.0 Related content opinion The changing face of cybersecurity threats in 2023 Cybersecurity has always been a cat-and-mouse game, but the mice keep getting bigger and are becoming increasingly harder to hunt. By Dipti Parmar Sep 29, 2023 8 mins Cybercrime Security brandpost Should finance organizations bank on Generative AI? Finance and banking organizations are looking at generative AI to support employees and customers across a range of text and numerically-based use cases. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Sep 29, 2023 5 mins Artificial Intelligence brandpost Embrace the Generative AI revolution: a guide to integrating Generative AI into your operations The CTO of SAP shares his experiences and learnings to provide actionable insights on navigating the GenAI revolution. By Juergen Mueller Sep 29, 2023 4 mins Artificial Intelligence feature 10 most in-demand generative AI skills Gen AI is booming, and companies are scrambling to fill skills gaps by hiring freelancers to make the most of the technology. These are the 10 most sought-after generative AI skills on the market right now. By Sarah K. White Sep 29, 2023 8 mins Hiring Generative AI IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe