CIOs and CFOs: creating a value-driven partnership
The CFO/CIO relationship is evolving in the UK and elsewhere in the world. The
digitisation of everything is forcing both functions to recognise that
technology is not just integral to running the business efficiently, but also
permeates every aspect of business strategy and how companies define competitive
advantage. Consequently, technology is exerting much greater influence on the
way CFOs and CIOs think about their roles and how they define value for their
organisations. ... “Technology is expanding the roles that CFOs and CIOs
play in an organisation…”. It implies the need for closer collaboration between
IT and finance in this country. If both roles collaborate and ask meaningful
questions of each other, their shared expertise will enable them to better
understand their contribution to delivering value for the business and how their
combined skillsets can leverage the benefits of digitisation to become more
productive. Yet, not all is sweetness and success, because traditionally both
functions have come from very different standpoints when it comes to what value
means to their organisations: “While the CFO-CIO relationship is interconnected,
sometimes it can become divided, as both often speak different ‘languages’ about
the same topic”.
Ignore API security at your peril
Many organizations are quick to embrace the potential and possibilities of
connected devices and apps. However, they frequently neglect to put in place the
right technology and processes needed to make their APIs secure. Understanding
APIs in terms of private/partner/public differences and understanding that these
are not the same as internal/external is just the start. Organizations should
have both an API strategy and a well-managed API management platform in place so
that before teams expose APIs to anybody, a thorough security review is
undertaken before rolling out certain API designs. Similarly, any identified
issue needs to be handled in a highly structured way. This includes conducting a
full assessment of the impact and scope of reported vulnerabilities and having
processes in place to ensure that all these issues are then resolved in a timely
manner to prevent bigger problems arising further down the road. As
organizations push ahead with using APIs to power up digital transformation and
deploy a new generation app-based services, so the risk of unauthorized access
and data exposure is growing.
AI Liability Risks to Consider
Most AI systems are not autonomous. They provide results, they make
recommendations, but if they're going to make automatic decisions that could
negatively impact certain individuals or groups (e.g., protected classes),
then not only should a human be in the loop, but a group of individuals who
can help identify the potential risks early on such as people from legal,
compliance, risk management, privacy, etc. ... It states, "The data subject
shall have the right not to be subject to a decision based solely on automated
processing, including profile, which produces legal effects concerning him or
her similarly significantly affects him or her." While there are a few
exceptions, such as getting the user's express consent or complying with other
laws EU members may have, it's important to have guardrails that minimize the
potential for lawsuits, regulatory fines and other risks. "You have people
believing what is told to them by the marketing of a tool and they're not
performing due diligence to determine whether the tool actually works," said
Devika Kornbacher, a partner at law firm Vinson & Elkins. "Do a pilot
first and get a pool of people to help you test the veracity of the AI output
– data science, legal, users or whoever should know what the output should
be."
Digital transformation: 3 priorities for CIOs facing a tough climb
Leading a successful digital transformation is like leading a mountain
climbing expedition: It takes courage, leadership, and perseverance. Consider
these tips from a leader who's done both ... Imagine boiling the ocean in one
day. That’s how digital transformation feels sometimes. The psychological
impact becomes unbearable and overwhelming. By preparing and staying the
course, however, digital transformation becomes an achievable feat with
lasting outcomes. In the case of our climb, preparing meant wearing the right
clothes, packing the right things, communicating with each other, trusting one
another, fuelling ourselves with energy bars, breaking down the path into
smaller chunks, and learning about the road ahead. As a leader, I ventured to
turn our performance up that mountain from mediocre to exceptional. In digital
transformation, this may mean upskilling the workforce and adopting new
platforms. ... Climbing Mount Hood was precarious and mentally and physically
difficult. I never wavered. I stuck to our goal because I knew the outcome
would benefit everyone in my family. To soldier on, you must be that
persistent.
How to Secure Your Cryptocurrency Wallet
Owners of Bitcoin, Ethereum, and other cryptocurrency typically trade on
centralized platforms such as Robinhood, Coinbase, FTX, and others. They don't
need to worry about creating and managing digital wallets since the platform
handles those tasks. That's the convenience of a centralized platform.
However, there are serious drawbacks to keeping your crypto assets on a
platform. If the platform gets hacked, or your account credentials are stolen,
or the government decides to seize your digital assets, you could lose all of
your crypto investments. If you would rather not rely on these platforms to
secure your digital assets and prefer not to be subject to their policies,
it's better to move your digital assets off of the platform and to where you
can have full control. Centralized platforms are the on-ramps to purchase
digital assets with dollars. Once you make the purchase, you can take custody
of your assets by transferring them to your wallet. Decentralized applications
(dapp), on the other hand, require users to hold funds in their own wallet.
Decentralized finance (DeFi) – such as lending, borrowing, insurance –
requires using a digital wallet. DeFi is only slowly becoming available to
users of centralized platforms.
How to Work Better Together: Building DEI Awareness in Tech
Increasingly, we also gatekeep on existing experience. By that I mean the
problem that those new to our industry experience when they need to "get
experience to get experience". This happens when entry level roles already
require some number of years of experience as a condition of hire. Without
"year 0" opportunities, then the only people in the available job pool will be
people already behind the gate and that number will decrease over time as
people change industries, retire, or even want to go on holidays or
sabbaticals. Perception of what success looks like is also a major barrier to
success. A great example is the previous section, where I outlined groups of
people who are not normally included in dress code; not normally actively, but
rather invisibly due to lack of representation or lack of awareness of those
currently in the majority. A way to start self testing for this is to see what
comes to mind when I say "successful engineer", "manager", or "CEO".
Specially: what do the people in those roles look like and sound like, by
default, in your mind’s eye?
Australia Says Uber 'Interfered' With Users' Privacy
The OAIC action comes almost five years after Uber's systems were infiltrated
by attackers who stole user data. Uber's cover up of the incident spurred
outrage, inquiries and action by several regulators worldwide. Two attackers
obtained login credentials from a private GitHub site that was used by some of
Uber's engineers. They then used those login credentials to access an Amazon
Web Services account that had an archive with rider and driver information.
All told, there were 57 million accounts exposed. The data affected included
names, email addresses and phone numbers for Uber customers as well as
personal information of 7 million drivers and 600,000 driver's license
numbers. Uber paid $100,000 in bitcoin to the two attackers and positioned the
payment as a bug bounty. Uber did not reveal the breach until more than a year
later in November 2017. Shortly after that disclosure, Uber fired Joe
Sullivan, its CSO. Sullivan, who is now CSO for Cloudflare, was charged in the
U.S. with obstruction of justice and misprision, which is the deliberate
concealment of a felony or treasonable act.
CISO Interview Series: How Aiming for the Sky Can Help Keep Your Organization Secure
Visibility is key to understanding your landscape, to understanding what ‘your
organizational landscape’ and world looks like. The capability I would invest
in is looking at your cyber risk profile, ensuring that you understand your
risks. If you understand your risks, then you can help translate that across
the business. Or it doesn’t need to be translated. It’s already done for you
because you’ve got it in a risk profile that the business understands because
the business will essentially dictate that.
Once you understand your risk
profile, that gives you actions you can work towards. Even if you’re using a
risk framework, without a good risk assessment, you can be working on stuff
that doesn’t really add value or isn’t a problem. Understanding your landscape
is what gives the visibility. Focus on your basics and get your policies and
processes in place so that there is structure that everyone can work from. As
an example, we work to four area: governance, risk, and compliance; security
operations center; secure architecture; and secure infrastructure. They acre
the four pillars we align to. What that means is your secure infrastructure is
critical.
Health Care’s Digital Transformation: Three Trends To Watch For
A shift is happening within our health care system that is allowing more and
more data to enter the health system. According to Capital Markets, 30% of the
world’s data volume is being generated by the health care industry, and by
2025, the compound annual growth rate of data for health care will reach 36%.
Health care organizations must develop a plan to manage this data and
integrate it with SDoH data, AI-fueled behavioral science, patient history and
more to facilitate a more proactive approach to care. Value-based care — a
buzzword for years now that emphasizes preventative care — may finally be
within reach if health care leaders are able to harness this data and
integrate it into clinical workflows. Like the health care system itself,
these topics are interwoven and complex. Overcoming these challenges will
require hard work and dedication from the entire health care industry, but I
am confident we are making incredible strides. We’re seeing cloud adoption
that would have been unimaginable just 18 months ago.
Re-focusing your tech strategy post-Covid
Too often businesses forget about the importance of measuring these KPIs
long-term – in fact, research carried out last year by AppLearn found that
just 12 per cent of organisations measure the success of their technology
investments after one year, falling to five per cent after three years. When
you consider the time and money ploughed into software roll outs, these stats
are shocking. But there’s also the fact that software evolves and the way
users interact with it can change, especially with major updates – this makes
assessing the performance and value of investments beyond the first few years
of implementation just as important. In the age of the digital workplace, data
is king and will give business leaders greater insights into the technologies
used and the end-to-end employee experience. To maintain productivity in the
long-term, you must move beyond surface level vanity metrics and gather
intelligent data points – this could be time spent navigating tasks within
applications, task error/completion rates, what pages users have visited or
where they’ve looked for support.
Quote for the day:
"We are reluctant to let go of the
belief that if I am to care for something I must control it." --
Peter Block
No comments:
Post a Comment