From securing IoT to retraining IT talent to finding new revenue streams, CIOs have more than their share of concerns keeping them up at night.
Each year we talk with tech leaders about the biggest problems they’ll face in the near future, and we’re starting to see some subtle and not-so-subtle shifts from the worries of 2018.
Data overload, a major concern 12 months ago, has evolved as new data-hungry tools and AI help make sense of data and drive business decisions. This year CIOs say they’re more concerned with how to protect that data, as organizations grapple with new privacy regulations.
As the economy continues to improve, CIOs are less hampered in 2019 by tightening budgets. And worries about moving to the cloud are less of an issue, since many companies have already made the jump. Executives put more emphasis now on securing their cloud-based assets across multiple cloud environments.
Read on to see what experts from the C-suite, recruiters, and those in the trenches say are today’s top-of-mind concerns — and how to deal with them.
1. New security threats
Headline-grabbing recent events may spark surprising new security threats, says Rick Grinnell, founder and managing partner of Glasswing Ventures.
“The government shutdown helped contribute to a great cyber threat to the U.S. government, critical infrastructure and other public and private organizations,” Grinnell says. “With the shutdown, many of the security professionals watching for threats at a national level were not on duty, creating a bigger hole for attackers. Time will tell if a month of lowered defenses will have deeper repercussions in 2019 and beyond.”
Tech leaders are also gearing-up for next-generation, AI-driven cyber attacks.
“Security professionals must be extra vigilant with detection and training against these threats,” says John Samuel, CIO at CGS. “This year, companies will need to introduce AI-based protection systems to be able to contain any such attacks introduced by this next-gen tech.”
Grinnell says AI wasn’t a factor in the most notable attacks of the last year, but he expects that to change.
“I believe 2019 will bring the first of many AI-driven attacks on U.S. companies, critical infrastructure and government agencies,” he says. “Let’s hope I’m wrong.”
2. Data protection
Forward-thinking organizations are now implementing privacy by design in their products, but making sure those efforts meet GDPR standards is an ongoing concern. Google, for example, just saw a record fine by French regulators over how the company collects data.
“U.S. businesses will need to consider a GDPR-type policy to protect citizens even before any regulations are enacted,” Samuel says. “Ultimately, there must be international guidelines to ensure customer privacy and protection on a global scale to allow for easier compliance.”
Jacob Ansari, senior manager of Schellman and Co., says IoT security got a lot of attention last year, but it led to little practical change in the industry.
"This also suggests that better data privacy legislation — at least in the U.S. — is a potentially hot topic for 2019, particularly in light of the events of recent elections. Nobody loved implementing GDPR in Europe, but its protections for ordinary people are decent."
“The makers of IoT devices still use vulnerable software components, poor network and communication security, and are unable to supply software updates in the field,” says Ansari. “They’re still making essentially all of the mistakes everyone else made in the late 1990s and early 2000s. Oh, and your voice-activated home device is spying on you and the company that makes it will give your data to the wrong person by accident with little oversight or accountability. This also suggests that better data privacy legislation — at least in the U.S. — is a potentially hot topic for 2019, particularly in light of the events of recent elections. Nobody loved implementing GDPR in Europe, but its protections for ordinary people are decent."
3. Skills gap
More than one of our sources mentioned the much-discussed skills gap in IT, but with a twist — some tech leaders now see the problem more self-inflicted than intractable.
“If you're only looking at college graduates with computer science or electrical engineering degrees from the top ten universities in the U.S. then yes, there are hardly any candidates, and most of them are going off to the five largest employers,” says Tod Beardsley, director of research at Rapid7. “But the potential talent pool is so, so much larger than this, and companies would do well to explore this space a little more liberally.”
Sandra Toms, vice president and curator of the RSA Conference, says IT departments would help themselves by “plugging their skills gap with more diverse employees, and not just in terms of race and gender. Most IT hiring groups fail to look at diversity in life experiences, religion, backgrounds, sexual orientation, and education. Viewing diversity in a more holistic manner should open up a broader field of candidates and lead to higher levels of productivity."
4. Multi-cloud security
When exploring new cloud-based services, CIOs now need to ask about security across multiple platforms, says Laurent Gil, security product strategy architect at Oracle Cloud Infrastructure.
“Traditionally, multi-cloud leads the enterprise to manage many different, often incompatible and inconsistent security systems,” Gil says. “We think that selecting cross-cloud, cloud-agnostic security platforms is now fundamental in ensuring consistency, and most importantly completeness of securing enterprise-wide assets regardless of where these assets are living.”