By showing the way to mine data quickly and use it effectively, IT managers will become our data heroes.
If IT security is now “everyone’s job,” what does that mean for the folks who actually work in IT? Roles – and job titles – have been evolving as rapidly as technology itself in recent years. And while data security has always been a serious component of IT’s role, recent glaring data breaches and ransomware attacks have pushed security to the top of the priority list. So how does the new emphasis on cybersecurity affect the changing role of IT managers?
Good Reason To Be Afraid
According to the Poneman Institute’s 2016 Cost of Data Breach Study, the average total cost of a data breach for US companies has reached $7.01 million. That’s up 7% over 2015, although the report notes that cost has “not fluctuated significantly” overall since Poneman started this survey 11 years ago.
Industries most vulnerable to customer loss following a data breach:
- Financial services
- Life science
- Service organizations
Threats are coming from every direction. Much has been written about the unfortunate fact that your employees are your worst enemy when it comes to data breaches. In fact, the Poneman report notes that just 50% of data breaches are caused by malicious or criminal attacks. The other half are self-inflicted:
- 27% due to “system glitches that included both IT and business process failures”
- 23% caused by employee negligence
Your employees aren’t out to sink your company, most of them are simply ignorant about the everyday risks, let alone how to avoid them. Nonetheless, uninformed employees and direct cyberattacks aren’t the only sources of potential data leakage.
Forecast: Cloudy, With Increasing Mobility
Third-party data sharing multiplies the number of potential weak points. This is an obvious concern, with increasing reliance on cloud-based services, not to mention vendors with whom companies share their data in the normal course of business. So IT managers are becoming contract managers as they consider security threats posed by third-party agreements with service providers and suppliers. Who, exactly, is responsible for protecting that data being shared? And are they fulfilling that responsibility?
Furthermore, third-party threats include the multiplicity of devices and apps which are routinely used by employees in the course of their work but which are not owned or controlled by the company.
Obviously when it comes to network security, IT managers are having to look inward while building a sufficient fortress against outside attacks. They must be able to predict as well as respond to security threats that could come from foreign countries, criminals, hackers, terrorists, even maliciously-motivated employees or contractors. Or insufficiently educated insiders whose ignorance inadvertently opens the door to attackers. Email, web browsers, increasing use of cloud-based and mobile tools, and the Internet of Things all pose risks.
Assuming the Role of “Security Coach”
Senior IT leaders are responsible for ensuring that IT is, indeed, everyone’s job when it comes to data security. That starts with helping C-level leadership see the strategic value of digital initiatives, and moves downward to inspiring all employees to internalize the importance of vigilance, to protect the company’s digital assets.
In a recently-released whitepaper, Tableau noted, “IT and users must collaborate to jointly develop the rules of the road for their secure environment that each other must abide by in order to maximize the business value of analytics without compromising on the governance or security of the data.”
Compliance Is Complex, But Failure Is Expensive
Failure to adhere to government and/or industry data protection requirements will continue to be expensive for organizations, and not just monetarily.
Last year, an employee at Advocate Health Care in Illinois left their unencrypted laptop in unlocked car. The computer was stolen, resulting in a data breach that compromised the health records of some 4 million patients – personal data as well as clinical details. The US Department of Health and Human Services fined the company a record-setting $5.55 million.
Private businesses in Europe and elsewhere that will be governed by the upcoming EU General Data Protection Regulations are well aware that heavy fines have been established for those who fail to comply.
Related: SOX Compliance: What Is The IT Team's Role?
It’s not enough to assume that an organization is safe simply because it meets required compliance standards. These standards are typically expected minimums, and as potential attackers become ever more sophisticated and creative, minimum compliance measures no longer offer adequate protection.
For today’s IT managers, then, security and compliance roles are interwoven more tightly than ever before.
New Roles Encompass More Than Security
Just as IT security is now everyone’s job, understanding the business is now the role of everyone within IT. Digital transformation acknowledges and embraces the blurring of lines between “technology” and “operations.” Throughout organizations, formerly disparate departments such as finance, marketing, HR, and production are finally realizing they’re all part of an integrated whole. And that IT is the common thread that ties them all together.
Data fuels business intelligence. That drives innovation and ensures competitiveness as well as customer loyalty. The IT manager’s job is to understand not only how each sector uses technology, but why. The goal? To foster collaborative internal relationships and develop digital initiatives that enable humans to work smarter and more creatively. By showing the way to mine data quickly and use it effectively, IT managers will become our data heroes.
Today’s New Role Is Tomorrow’s Old News
In an article published in InfoWorld this spring, Dan Tynan said, “The IT industry has seen many waves where the “next big thing” turned out to be smaller and shorter-lived than anyone expected, thanks to rapid shifts in technology.” Some jobs have disappeared, others have morphed dramatically, and “roles that were once a full-time occupation have become part of a portfolio of skills, thanks largely to more sophisticated tools that simplify and automate them.”
Indeed, IT professionals who carry a plump portfolio of skills are now most in-demand – especially if their portfolio includes cybersecurity and/or data analytics expertise.
From “Tech Support” To The Big Picture
IT has evolved from its traditional role as internal service provider to that of a collaborative partner at every level – creative innovation, functional improvements, facilitating enterprise-wide solutions. The role of IT manager is now all-encompassing because IT now permeates every aspect of business.
In this bigger, broader role, IT managers are in a perfect position to promote blurring of turf boundaries that have traditionally stifled collaboration and creative thinking. They can now take the lead in fostering an “all hands” approach to problem-solving.
Clearly, the role of IT managers continues to be a work in progress, with a scope that extends far beyond increased security concerns. So what does it all mean for the ultimate IT manager – the Chief Information Officer?
In my next article, I’ll take a look at the changing role of the CIO.