What's the point of a CIO?\nIt's a brutally frank question. But in a world where business units can sign up for "shadow IT" services in minutes to get anything from CRM to analytics to data storage to email, do organizations really need a C-level technology expert anymore?\nThe good news for CIOs is that the answer is probably "yes." The bad news is that they are going to have to change and adapt if they want to have any chance of staying relevant.\nThat's certainly the view of Jim Cole, a senior vice president at Hitachi Consulting.\u00a0 "The role of the CIO remains relevant to the extent they are strategists first, technologists second," he warns.\nInstead of being the chief architect of IT systems, CIOs must concentrate on being "strategic enablers" for their businesses by allowing them to "enter and exit markets with the utmost in flexibility and agility regardless of where the IT services are provided," he adds.\nCIOs who fail to do that risk finding their roles relegated to ones which answer to another C-level executive, while someone else \u2013 perhaps a Chief Digital Officer \u2013 steps in to handle the more business-critical strategic initiatives.\nEmbrace the chaos\nOne key characteristic that CIOs need to develop is the willingness to allow business units to choose and use any (or almost any) applications that they feel they need to get their jobs done, Cole says. This includes the type of software as a service (SaaS) offerings that previously were acquired without the knowledge or permission of the IT department,\n\u00a0"Today\u2019s CIOs remain relevant by engaging directly in the consumption of shadow IT within their businesses," he says. \u00a0To do this CIOs need to make sure they understand why particular shadow IT services are in demand, and what can be done to make sure that they can be used as effectively as possible.\n"The alternative is to develop draconian, isolationist policies which are often cloaked in the guise of "security" and "data protection" but in reality are often attempts to falsely preserve command and control," he adds.\n[Related: CIOs share best practices for social media and collaboration]\nThe problem for career-minded CIOs is that traditionally the role has been one of Plan-Build-Run, and the capability to execute successful projects of this kind has been the hallmark of a successful CIO, says Abner Germanow, a senior director at New Relic, a Calif.-based analytics company.\nExecuting Plan-Procure-Manage projects \u2013 subscribing to SaaS offerings, in other words \u2013 has not typically been something for CIOs to show off about or to use as justification for an enhanced compensation package. "Not many CIOs have made their careers by subscribing to services," he points out.\nBut Germanow agrees with Hitachi Consulting's Jim Cole that a willingness to embrace SaaS is essential if a CIO is to remain relevant. "The reason that many companies subscribed to Salesforce was that their IT departments couldn't make a CRM system. There's been a long history of going around the CIO, but smart ones shouldn't fight it, they should embrace it."\nFrom control to trust\nAn obvious question to ask then is whether the modern CIO's role really comes down to one of keeping an eye on SaaS services that business units subscribe to, and ensuring that they are used in a secure fashion \u2013 perhaps, ironically, by subscribing to a Cloud Access Security Broker (CASB) service?\nGermanow believes there is some truth in that, but also that there's a need to move from control-based to trust-based security. \u201cThe trend in security is a shift from \u2018I control and secure everything myself\u2019 to \u2018When I use Azure I now use modern technologies and a shared responsibility model with cloud providers,\u2019\u201d he says. \u201cThe focus is on business risk, not technology risk."\nCole says there is more to it than that. To stay relevant a CIO has to orchestrate a complex blend of "best of" applications, technologies, and platforms \u2013 as well as providing "reasonable guardrails" when it comes to security, risk, and consistency, he says.\nThat means working with business units or individuals who want to subscribe to SaaS and building it into an overall IT plan. "The successful CIO engages, embraces, seeks to understand, partners to develop roadmaps, brings a mix of facilitating policies and enabling support services," Cole explains.\n"By engaging they help to establish a culture of accountability, approvals, audits, and awareness so the company leaders never wake up in the morning wondering where their data is and is it secure," he adds.\nSome CIOs may baulk at the idea of handing over much of the responsibility for running applications and securing data to cloud providers and effectively allowing business units to decide what's best for their needs, but CIOs that can't adapt to the changing face of enterprise computing are doomed to sink into irrelevance, he warns.\n"For those CIOs who remain in the traditional "command and control" operating models, their relevance as a business partner will shrink as they continue to try to enforce isolationist policies that, like in geopolitics, never seem to end well," Cole says.