How has the role of the CIO changed in five years?

WinMagic's COO gets out the crystall ball for the IT department

Following our Enterprise Security and Risk Management Summit 2016 at the end of November, we caught up with sponsor WinMagic - who provide data security and encryption services for the enterprise - to get COO Mark Hickman's view on a few key industry topics.

CTG: What do you see as the biggest security challenge facing CIOs at the moment?

MH: The rate of change has to be one of the biggest challenges, and I don't simply mean the speed with which bad actors are enhancing their techniques. For senior IT decision makers the way in which their infrastructure has changed over the last 5 years alone has been incredible. Combine this with mass adoption of the cloud, and a much more distributed devices and employees, and suddenly the opportunities for hackers, the vectors available to cause havoc are much higher.

As a result the task of protecting the infrastructure and ultimately corporate data has become much more complex. And in the security world, with complexity comes risk.

CTG: How do you think the role of the CIO has changed in the last five years?

MH: Technology is not only moving faster, it's also enabling disruptive business models such as the sharing economy, born in the cloud companies that can grow and scale at incredible speeds (think Uber and Airbnb). CIOs of established bricks and mortar companies need to leverage this technology - in a secure way - to enable new ways of doing business, else their companies risk being swept away by this disruption.

So now, more so than five years ago, a CIO's job is more about whole new models for doing business than just making the current way more efficient.

CTG: Encryption is the core of your business. Do you think it's gained a bad reputation in the past?

MH: People hear the word encryption and remember how hard it could be to encrypt and decrypt a file 20 years ago. It could be quite a painful experience, and whilst secure, it could stop people being productive. Our approach has always been to make encryption as transparent and frictionless to the end user and IT department as possible.

Taking that approach has meant a lot of investment in the SecureDoc technology at the heart of our solution. It now means we have a centralised key management and encryption solution that can encrypt data across most operating systems, including mobile devices, virtual machines, and more cloud environments that anyone else. Policy engines can also be used, integrated with directory services, to simply control which individuals have access to data. All of this is managed from within a single management environment, helping to remove some of the complexity IT managers experience.

For end-users, encryption and decryption is now transparent and simple.

CTG: Cloud computing has fundamentally changed the way CIOs approach their IT strategies. How has it changed security?

MH: It's definitely a mixed bag! Using a cloud service often means that you are buying into the security expertise of that provider, which can be of great benefit and reduce the capital investment a company needs to make, but it also means you lose some control over your data.

In addition, data and services that are more geographically dispersed carry risks, such as dealing with a loss of connectivity. We have also seen how some cloud services can be as vulnerable to attack as any IT infrastructure.

This is one of the reasons that our encryption solutions use a centralised key model. If you use a cloud service, you never store the keys on that service - it means that whatever happens to that service, your data is securely encrypted.

CTG: What would you like IT directors and CIOs to be saying about encryption in another 5 years?

MH: In the same way that a business would always have a firewall or anti-virus software, encryption has to be considered the same way.

Attacks on companies are becoming more prevalent and data breaches where millions of records are lost, are regular fodder in the press.

Encryption is the last line of defence, protecting data a rest, when all other security has been circumvented. If a hacker gets to your data, you need it to be illegible, whether customer data, or sensitive corporate materials.

CTG: What are the big challenges you see ahead for CIOs?

MH: Without a doubt, artificial intelligence and the Internet of Things. The challenge with artificial intelligence is interesting, because on one hand the CIO probably loves to hand over control of some tasks to an AI. But as IT people - and I know I'm generalising here - we instinctively like to be close to decisions and be sure that the correct actions are being taken across their infrastructure. How much of that decision making - and when - will we be ready to hand it over?

In terms of IoT, these devices are already being exploited in Distributed Denial of Service (DDoS) attacks and as back doors into corporate systems.

IP-based devices are not always purchased or implemented by the IT department, it could be facilities for example, so a way to ensure the security and maintenance of these devices in the corporate setting needs to be found. Otherwise, for all the efforts of the IT department, small unknown holes will be left open to potential exploitation.