We’ve all heard, “IT the department of No,” or we’ve read Dilbert comics that joke about the problems with IT departments and specifically the CIO. There are also the ever fashionable comments like, “the role of CIO will be moved to the head of Marketing or the CMO position.” We can all buy cloud or SaaS applications with a credit card, so why do we still need a CIO to get in the way of progress?
Are we really that stupid short-sighted?
Why would it be short-sighted to get rid of the CIO? Let’s take a short trip back to 1997 and take a look at the average department. Let’s see what was going on relative to IT to get an explanation. What do you see (besides a bunch of frustrated users with terrible applications)? In 1997, we were still very early in the days of the internet relative to it being a commonly used resource for companies beyond being a “home” page. However, most departments saw some potential in having a website, and as such, they were paying external contractors 10K plus to build them a page. It didn’t matter what the page would be used for, we just had to have one. There was also the rampant use of solutions like MS Access. There would be a key person in the marketing or sales department that would put MS Access on their PC and build a data base. The web pages and Access DBs and other one off applications were proliferating like wildfire, and there was little if any governance on cost, security, data sharing, application integration, etc. The lack of governance meant that with many of the above mentioned solutions, they became one or all of the following; a support nightmare, a critical resource that now has to be connected to the ERP system, or a failure that just ended up being a waste of resources in cash and time.
Fast forward 18 years to 2015. What’s different? The applications have gotten a little better, and most web work can be done very cheaply. The work is usually managed centrally for a company or large line of business; however, now we have SaaS applications that are being designed, managed, secured, and delivered from outside the corporate network. You have the ability to acquire cloud resources in minutes with a credit card where you can then install an application and or store data. Now tell me, what’s the real difference between 1997 and 2015? There really isn’t a different, except that the person with the credit card is much more dangerous to the organization than they were in 1997 because they need less IT understanding to get started. In some cases, we can call these acquisitions shadow IT; in others, they are misguided if not well-intentioned efforts to move more quickly than the CIO’s budget or his/her attitude will allow.
Why the CIO position is as relevant as ever
Without governance, the level of risk that enterprises carry when everyone is buying their own IT solutions is very high. Each time an employee buys access to a SaaS application, they are committing the company and the company’s secrets. Each time another person buys a SaaS application that does the same thing but from another vendor, you have missed opportunity. You also have the risk of wasted licensing, little to no data integration, and one or more of these applications going from useful to critical without the necessary protections, planning, and support. The risk with buying IaaS and building applications outside the purview of the IT group is just as bad as with SaaS. What happens when Corporate data is shipped offsite without appropriate governance? Who knows the data is outside the corporate network, and who will manage its lifecycle, sovereignty, security, and recovery? What about a person with the experience to validate the qualifications of a supplier? These risks and many more are risks that need to be mitigated. Are we to assume that the CMO will have knowledge or interest? The only position really qualified to attempt to support the company as a whole in this new shoot from the hip world of IT is a strong CIO position.
However, a strong CIO may not be enough (related blog post: Why we Value IT Incorrectly )
Even with a strong CIO, there will be issues if there isn’t broad support from the c-Suite. It’s also critical that the CIO be innovation-oriented and secure in accepting that not all IT oriented solutions need to come directly from his/her team.
There is no comprehensive management suite available today that I know of that would allow a CIO to easily absorb new solutions acquired from non-IT groups. Personally, I don’t know what the right type of tool would be. It would seem that a great tool might be a beautiful control panel that would allow you to just drag and drop new applications and sort through the assorted data sharing, policy, and security issues. However, as an IT person who has historically shied away from the “one tool fixes all problems approach,” I have my concerns about the aforementioned. Maybe it’s more of a logical recording of what’s going on. I don’t know what an application would look like that supports this “logical recording” strategy; it’s just a thought.
In the end, it always boils down to “you can’t manage what you can’t measure.” I actually see the space of IT governance as a real disruption opportunity because the risks are real and will only get worse before they get better.
Strength isn’t something you tell people you have (related blog: Are you one of the smart ones?)
A strong CIO won’t be strong because they tell everyone “I’m in control, don’t worry. Any and all decisions that even remotely look like an IT decision will be made by me.” Instead a strong CIO is one that builds relationships, one that is taking a leadership position through innovating and is creating an understanding (through action) that IT is part of the business, not a bolt on. I’ve said it before and I’ll say it again: IT wasn’t created to reduce the cost of IT. Until you successfully change the mindset of your business from IT as a cost center to IT as a creative business linked innovation engine, you’re trying to take your canoe upriver without a paddle.
The CIO needs to set the table and serve the food
The CIO must work directly with all the other line of business owners to create a vision for how IT can integrate and innovate from within. Help them understand that without a strategic approach to IT solution adoption and governance, all you’re doing is herding cats through a field of toys (table). If you successfully capture the risks in the light of opportunity and demonstrate your ability to provide vision—not just risk and cost management—you might be pleasantly surprised by the response. Introduce the new IT as one that is often providing the ideas, and when it’s not it’s supplying the grease that helps ensure non-IT originated ideas, are successful (food).
Professionally Copy Edited by @imkestinamarie (Kestine Thiele)