The security risks keeping CIOs awake at night

Global research highlights how the big security worries of IT leaders are changing fast.

Some of the biggest security concerns for CIOs in recent times — particularly around the use of ‘citizen tech’ in the workplace — have started to fade into insignificance.

In a survey of 400 IT decision-makers, the challenges of shadow IT and BYOD (bring-your-own-device) were cited as major risks by only 4% and 3% of respondents respectively. Rather, the research — conducted by TechValidate for open source software company Red Hat — points back to more classic threats: employees not taking appropriate measures, malicious acts by both insiders and external forces, and unpatched devices (see graph below).



That shift mirrors a straw poll by I-CIO on the changing attitudes to shadow IT, which revealed that many IT executives now see user-led IT as something to be encouraged rather than condemned (see CIOs start to view ‘shadow IT’ as a catalyst for innovation).

Customer-centricity driving security

Against that backdrop, the pressure on CIOs to deliver robust yet non-intrusive security is only growing as businesses everywhere intensify their focus on customer-centricity. CIOs questioned as part of the Red Hat study named customer trust as the top business concern for security (47%). More surprising is that revenue loss as a result of security breaches was only named as a top concern by 12%, putting it at the bottom of the list of concerns (see graph below) — though that might just recognize the direct link between customer trust and sales.



As well as revealing some unexpected numbers, the study confirmed some common — and somewhat paradoxical — thinking among business leaders. It showed that while almost half believe IT security is of “critical importance” (43%), the vast majority are only willing to approve small — or no — increases in security spend in 2016. For the largest group of respondents (42%), IT security budgets will be flat, while 39% are working with a small increase.
Hybrid IT challenges
One of the evolving challenges for CIOs is dealing with security across both traditional IT and new digital application development — so-called fast and slow IT. At the start of the year, another TechValidate/Red Hat survey asked 600 IT decision-makers about how they were planning to manage that new hybrid environment.

The hot technology of containers (the packaging of application code so it can be moved between different run-time environments) was the most popular approach for helping to deliver applications faster, selected by 35% of respondents. This was followed fairly closely by platform-as-a-service and public cloud, which were cited by 24% and 18% respectively.

Traditional IT approaches were spread across a large cross-section of options, with virtualization (when used for both optimization and migration) being selected by 84% of respondents. Increasing automation and data center/infrastructure consolidation were the next priorities, with 58% and 35% respectively (see graph below).



But those challenges of striking the optimal balance between cloud and traditional IT models are not just about technology. As Cynthia Stoddard, CIO at storage company NetApp, told I-CIO recently: “A smooth journey to hybrid IT is as much about people skills and change management as it is technical planning and strategic IT leadership.”