In an era where technology is not only crucial but also incredibly complex, the CIO faces many challenges every day. But while new attack techniques and complicated, insecure software provide enough strain, seeing eye to eye with the CSO can be equally trying.
But now as IT and security both play crucial roles in enabling the business, the two roles must learn to keep in step, despite following a different tune.
The rise of the CSO
The clash of roles begins with the CSO as an emerging role. Much like the days when the CIO could only be found in the data centre, today they work alongside the CEO or COO providing valuable input into business operations.
The same holds true for the CSO, who is gaining wider recognition and authority in business strategy as executives are elevating the importance of information security, meaning CIOs have to take on a more collaborative approach with a new executive voice.
The Global State of Information Security Survey 2014 - a worldwide study by PwC, CIO and CSO - found that executives are now heeding the need to fund enhanced security activities and believe that they have substantially improved technology safeguards, processes, and strategies.
Finding common ground
Technology is a true business enabler and security must be built in at every level of IT to ensure business success. This forever connects the security professional and the IT professional, thus the CIO and CSO become two roles dependent on one another.
But the two factions often have different agendas and methods of how to succeed – the CIO wants to innovate and take risks and the CSO seeks the best way to manage and reduce risk. How then can they form the necessary détente?
Jo Stewart-Rattray, director of information security and IT assurance with BRM Holdich, says the CSO role must become more widespread and holds equal weight as the CIO.
“There’s a whole governance role for information security, not just for IT, so the two are quite separate but there should be reference to each. If there’s a strategy for IT there needs to be a strategy for information security, but there needs to be a dotted line between the two, if you like.”
“The issue is that in Australia we don’t actually see a lot of CSO or CISO roles, and often, it will be someone who actually reports to the CIO, so that of course is a conflict of interest immediately,” says Stewart-Rattray.
Sign up for CIO Asia eNewsletters.