06 Mar Fusion 2007: IT threats make risk management paramount
Madison, Wis. – These days, it seems that a CIO’s head has to be on a swivel.
The CEO’s head, too.
If there was a consistent theme during the Fusion 2007 CEO-CIO Symposium, it was that threats are bombarding business organizations from many directions, and risk management has surpassed security as the paramount concern of upper management and technologists, alike.
From the opening keynote, where John Swainson, chief executive of CA, warned that the pervasiveness of technology is accelerating IT complexity and risk, to sessions that addressed everything from innovation to workforce development, the need for vigilance in risk management was a conference concern.
Swainson spoke of the “big bang” of technology as a whole, where constant product and process innovation adds layer upon layer of complexity – and vulnerability – to networks.
“Managing this is a different matter,” said Swainson, who advised technologists to limit the scope of their projects and try to accomplish things incrementally. “We’re talking about a quantum leap in scale and complexity.”
Attorney Erik Phelps, a partner in the law firm Michael Best and Friedrich, told the gathering that security breaches and new e-discovery provisions have helped make data protection a top five priority for the majority of CIOs. Meanwhile, lawsuits continue to proliferate, and companies are devoting more resources to compliance.
It has reached the point, he quipped, where the answer to the age-old question, “Can I be sued for this?” is pretty much always “yes.”
“Technology is pervasive,” Phelps noted, “therefore risk is pervasive.
Steve Opfer, a senior compliance officer for the advanced technology group of Symantec, said the online transaction model is the new frontier of business. However, while $22 billion in online sales were reported in 2006, a 26 percent increase over 2005, an estimated $2 billion in online sales never occurred due to a lack of consumer confidence. That lack of confidence exists, he said, even though nobody’s credit card number has ever been stolen in an online transaction.
Opfer said the cyber line of defense has moved from a reactive approach on the network’s edge to more of a proactive, data-protection approach throughout the network. Information technology executives likewise should broaden their concept of security to risk management, not risk elimination.
“All companies deal with an inherent level of risk,” Opfer said. “A tolerable level of risk is what each company tries to achieve.”
Laboring for IT skills
Even the IT labor shortage is viewed as part of the risk profile, especially for companies and governments that aren’t taking steps to address it.
Tom Koulopoulos, founder and CEO of the Delphi Group, said once the IT infrastructure is completely “poured” within the next decade, the real growth and development will begin. However, he’s worried that American businesses won’t be equipped to take advantage of the boom opportunities because their workforces won’t have the skills to compete.
“I see that as a very real threat,” he said.
As senior vice president and global chief information officer for Manpower, Rick Davidson travels all over the world and has witnessed technological energy on an international level. He believes the United States needs another galvanizing effort like the space program of the 1960s to inspire young people to pursue technology careers and sustain the nation’s technological momentum.
He was one of several speakers who noted that young people love technology, but have been reluctant to pursue careers in the tech sphere.
“We’ve become complacent in that we’ve become consumers of technology rather than creators of technology,” he said.
• Fusion 2007: Making the business case for technology
• Fusion 2007: In “e-legalities,” CIOs and lawyers combine to provide business value
• Fusion 2007: Innovation drives productivity in post 24×7 world
• Fusion 2007: CA chief says IT complexity raises risk
• Fusion 2007: CEOs say bar is raised for CIOs