Missouri is just beginning to emerge from its stay-at-home order in response to the pandemic threat. Who ever imagined that pandemic planning policies would become a reality? What was once regarded as a threat with low probability of occurrence will likely become a much higher probability as we navigate through the coming years. The realization of this threat has certainly changed the way we view ourselves and the world around us. It has sensitized us to our newfound vulnerability.
This month, I am writing to you from the Joplin, MO office of OXEN Technology. Considering our present circumstances, our physical security has received a great deal of focus as we practice ways to reduce the risk of getting or spreading sickness. In much the same way, the realization and response to this specific threat is a great example of how we examine and plan for other risks to a company’s information system. I don’t want to get into the topic of conducting risk assessments this month, but I do want to borrow from this idea to highlight the very important necessity for proper IT leadership for your company before very real threats impact your people, their families, your business, and collective livelihoods.
IT Leadership: A CIO Is Your Organization’s Primary Care Physician
It is common practice for a company to find a “Managed Service Provider” or MSP to help them with their IT. An MSP’s service offerings are structured in a way that is scalable to many clients, manageable, and cost effective. The offerings are a menu of technical products and services that you can apply to your business to meet various IT needs. Automated monitoring and reporting systems will alert the MSP and/or client to certain conditions, and varying degrees of personal service may be provided to perform reactive or remediation work. This all has its place, but it can lack a very important ingredient: IT leadership.
I spent several years directing IT for a community hospital. A lot of my thinking and illustrations come from my time working in healthcare. IT has similarities to the way the medical profession is structured. You have a specialist for each of the human body’s systems. Similarly, in IT, we have specialists in the different aspects of technology. In medicine, each of these specialists are focused predominantly on their area of expertise. A primary care physician or general practitioner will put together the pieces from each specialist and help you coordinate your overall care. In technology management, we have a senior executive level individual called a Chief Information Officer (CIO) that operates very similarly to a primary care physician. This is the IT leadership ingredient.
What is the Leadership Role of a CIO?
A CIO is involved early and deeply in a business, to first understand the business and what they want to accomplish. Then the CIO brings their technology expertise to bear on the company’s business problems, goals, and objectives, asking questions such as:
- What can technology do for my business?
- Can I extend the capabilities of what I already have?
- What enabling or disabling factors exist?
- What information security or legal requirements exist?
The CIO can act as a technology consultant to the business and, in turn, a broker for the business to other entities (i.e., other IT specialists), coordinating the overall care of the “patient” in our medical analogy. The CIO also keeps in mind the long-term management of the client’s IT maturity, total cost of ownership, information security, and legal risks, among other things. With the CIO as a broker, both technology and business leaders can be informed fully about each other’s needs and align accordingly to produce the very best outcomes for the business.
But note carefully: Business requirements are leading the way from the top down—not necessarily the technical requirements! Furthermore, continuous care is particularly important for clients with conditions that encompass 3rd party regulation (HIPAA, PCI, SOX, GLBA, FDIC, FRB, OCC, NCUA) and require prolonged treatment and monitoring. A CIO ensures continuity of care and that all IT “treatments” are consistent with your overall “plan of care” (that is, your IT/business strategy).
Do You Need a CIO to Sit on Your Side of the Table?
Many companies cannot afford full time IT staff, let alone an IT executive. At OXEN, we feel so strongly that businesses need this type of leadership that we have dedicated an exclusive CIO team to work with clients.
Most businesses cannot function well without technology, so there is real risk and hidden cost to your business if technology is not integrated correctly for your unique circumstances. A CIO ensures that the right things are being done, for the right reasons, for your unique business. Technology is too essential to “set it and forget it” and has such great potential to enable your business when it is properly leveraged.
You need proper IT leadership to help bring together all the pieces of technology and align them with your business goals. So, let us together help to ensure that your technology is meeting and enabling your specific business objectives head on, while planning for risks in a reasonable and acceptable way.
Terry Allen is an experienced IT professional with over 20 years of professional work in many industries, including insurance and healthcare. He is a Shared CIO and Senior Security Consultant at OXEN Technology.