CIO-CSO tension makes businesses stronger
- 23 April, 2015 05:26
The relationship between the CIO and CSO (or CISO) can be fraught with tension - and that can be a good thing. Both executives play a critical role in your organization's C-suite, and better understanding these sometimes overlapping roles can only make your business stronger and more secure.
Out of the shadows
In the past, the CSO, or CISO, depending on your organization's language, was a role secondary to that of the CIO, the CFO or another C-suite executive. But as security becomes a more pressing concern, CSOs have come out of the shadows to take a separate, but equally important role at the executive table.
"That can be hard for other C-suite players to swallow; this role that once reported to them - whether it was an offshoot of the CIO's role, or a CFO or even the CEO - is now a separate role with its own distinct priorities, budgets and concerns that sometimes appear to conflict with what other C-suite members' priorities are," says Zia Bhutta, co-founder and COO of consulting and strategic outsourcing firm Synechron.
Same goals, different priorities
"There's a natural tension between these roles because they have what appear to be different priorities, and because in many larger organizations, the CSO role, and security in general, becomes a higher priority," says Justin Cerilli, managing director, financial services technology and operations, Russell Reynolds and Associates.
"Both the CIO and the CSO are concerned with how to transform the business. What are the business' goals? How does technology both enable and hinder those goals? How can you focus on efficiency and speed of delivery, but also maintain security? These are really similar goals, but the priorities are different," Cerilli says.
It's not so much that the goals of the CIO and the CSO are different, but that the priorities are flipped, says Bhutta. For CIOs, speed of delivery - for new hardware, software and applications - and efficiency are paramount. For CSOs, the concern is with the security of data, information and privacy, says Bhutta.
Contention comes into play when the CIO and CSO don't work together to plan and agree on an overall strategy that takes both of their needs and concerns into account, says Robert Orshaw, COO and executive vice president at Velocity Technology Solutions.
"As security becomes an increasing concern, sometimes CSOs can start to develop strategy, architecture and budget spend priorities in isolation from the CIO - that's a problem," Orshaw says. "When they work as a team to jointly develop architectures, priorities and budgets that consider the needs of the whole business - that is a beautiful thing," he says.
Striking a balance
The key is effective communication, an ability to present a united front to board members and other c-level execs and to finesse compromises on both sides to achieve speed, availability and security, says Russell Reynolds' Cerilli.
"You have to be on the same page around people and processes as well as technology; create a consistent message around the business goals, the challenges and what's needed. Then, you can present a united front for your executive board and the market," he says.
One of the struggles in achieving this balance and laying the foundation for a good working relationship between CIOs and CSOs is the potential for personality clashes, says Cerilli. Human Resources can and should play a major role in finding leaders who can work well together and put the business' needs ahead of any personal need for career advancement or recognition, he says.
"Many times, we see CSOs who are either great at tech or great at relationships, same with CIOs. Having an HR organization that understands that ensuring these two roles, with a good balance of these qualities working together is a great asset. That also means that, in areas where it's not working well, you might have to find new blood for these positions if they're not effectively working with their peers," he says.
CSO, prove your worth
Working well with other members of the C-suite can require CSOs to educate their peers on their role and their value to the organization, says Orshaw.
"It's all about perspective - we had a client ready to move into a brand-new data center location until the CSO spoke up and said, 'Well, it's right near a major curve in a railyard. What happens if a train derails and runs right into our data center?' And that was an aspect no one had considered because they weren't looking at the physical security considerations," he says.
As the CSO role gains importance in the enterprise, they should consider some ongoing investment of time and energy into educating the organization on their challenges and vulnerabilities, and how the business can collaborate to solve problems, Orshaw says. Effective collaboration on every aspect of the business from physical security to hardware to software to delivery can only serve to make businesses stronger and more secure.