As today’s world becomes more dependent on technology, enterprises should feel the pressure to have the right people in the right positions—especially in the Chief Information Officer and Chief Security Officer roles.
Both of these roles are evolving quickly. And it’s never been more important that these two people in every organization work together as a partnership to help meet company objectives and maintain security.
Understanding Each Role
A few years ago, the CIO was “concerned mostly with IT infrastructure.” But now the role involves innovating, business development, and strategic agility. A CSO has always been focused on security implementations and implications with technology, but now has to quickly adapt to technological changes in the workplace and ensure an organization is in tip-top shape to prevent attack.
Whereas a traditional CIO is focused on moving quickly (i.e., speed of delivery), a CSO is focused on the safety of data, information, and privacy. This can cause tension but it doesn’t have to—and shouldn’t—for the sake of an organization.
The C-suite is comprised of several roles where responsibilities may overlap. It is important for CEOs to understand the importance of having separation between CIOs and CSOs/CISOs; both positions should report to the CEO, according to CIO.com. When or if the CSO reports to the CIO, risk reduction takes a “back seat” to operations. This can put companies at a disadvantage where security is concerned.
When CIOs and CSOs Work Together
CIOs do not have time to worry about all security elements a CSO does, but “there is simply no excuse for a CIO to be completely divorced from security.” CSOs are focused on advancing threats, cloud and supplication security, implementing best security practices, among another things.
The need for CSOs is growing. Every day there is a new high-profile data breach, so it’s no surprise the need and salaries for CSOs are rising. As more breaches happen, it will be easier for CIOs to convince the C-suite having a CSO is a necessity.
This article in CIO Insight says CIOs and CSOs must have boundaries and clearly outlined responsibilities. In general, the CSO defines the level of security and the CIO implements it. It makes the analogy that a company that does not have a CSO is a like a football team without a quarterback.
As technology moves forward, so must security. CIOs and CSOs should have the same goal “to ensure that information flows safely and securely at every level of a business.”