Security and Shadow IT - The 2014 CIO review

Should your organisation be worried about shadow IT, and how high on the agenda is security for CIOs? In our latest round-up of 2014, we take a look at the attitudes of CIOs and technology executives towards threats to their organisations.

Shadow IT

"Do we have technology at Centrica I'm unaware of? Of course we do.

"But am I bothered about that? Not so much. If I've got people who want to go out there and kill their own food, solve their own problems I won't stop them."
Rod Carr, Centrica CIO

"I embrace shadow IT. If someone has identified a good technology that helps them, I want to help them use it securely and let other people use it.

"What is shadow IT? It is people using technology to try to get their jobs done, and who am I to stand in their way?
Barry Smith, Foster and Partners head of IT

"Some of my stakeholders say 'I just want a system'. But a system is technology, people and process. We are still mopping up some of the shadow IT, and shadow IT is still being created."
Jeremy Vincent, Jaguar Land Rover CIO

"Why does shadow IT develop? It's because they've been to the IT department and the IT department said 'no'.

"There has to be a cultural shift in the ecosystem of the organisation.

"Now we look at the way to enable the device, rather than disable it. A lot of our people former special forces; they can strip an automatic weapon but might not be as good with technology, so they need a device that works when and how they want it to."
Former G4S Risk Management CIO Tim Grieveson

"If people aren't doing it already it's either not a good idea, you don't need it, or there's a serious regulatory barrier stopping you from doing it."
CIO UK columnist Matt Ballantine


"We have a whole programme of activity we've been driving through to really refresh and increase our capability around information security and the risks introduced by technology.

"It's a real focus for us and I would say it's going to continue to be. No matter what we do, there just seems to be more coming so we're going to have to continue to invest our time and energy in this.

"Security is an ever-changing beast you're chasing constantly."
Neil Clark, Heathrow CIO

"While we secure our own data, what's collected for financial products – provided by Bank of Ireland – is not housed on our servers. So at the point of sale it's passed on via secure data transfer to third parties. We do regular data handling and security audits – it's a sign of times."
Lesley Sewell, Post Office CIO

Hampshire County CouncilCIO" alt="Jos Creese, Hampshire County Council CIO" src="" height="150" width="200" />

"Data security matters a great deal and data cannot be vulnerable in any one place in the public sector. But we must not restrict mobile working.

"You don't want over-complex and disproportionate security controls, which indirectly lead to workarounds or to IT being seen as a blocker to modernisation and flexible working.

"It is essential that we join up our infrastructures so the ability to share information is securely opened up. Public services will need to collaborate more in the future as we drive down and out into communities. The challenge is not to end up with an overblown central process; it must be as easy and intuitive as possible, and the measure of success is take-up."
Jos Creese, Hampshire County Council CIO

"We focus heavily on security, after all every security analysis report says financial services are a major target. So it is a constant arms race and you have to be aware of what you are trying to protect."
OutgoingSchroders head of IT Matthew Oakeley

"We are now also talking to our partners about offering this environment as a virtual data centre. We already host the disaster recovery for Wolverhampton. They prevent a lot of politics, but of course there are discussions and concerns about security."
FormerStaffordshire County Council CIO Sander Kristel

Copyright © 2014 IDG Communications, Inc.

Security vs. innovation: IT's trickiest balancing act