View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
October 28, 2015

CIO job insecurity in the app dev age

Iain Chidgey, vice president, International Sales at Delphix looks at the CIO’s role in maintaining the delicate balance between security and continuous delivery.

By Cbr Rolling Blog

Chief Information Officers (CIOs) have a tough job. Not only do they oversee the IT assembly line to keep the lights on and operate as a factory churning out applications that add business value, but they also are the point person when something goes wrong.

Everyday CIOs must defend their organisations from attacks by sophisticated cyber criminals and protect their reputations from being impacted by employees who inadvertently, or deliberately, breach enterprise IT security measures from the inside. It’s a precarious position because security breaches don’t look good on one’s CV. A bad tech investment is on par with not investing in technology that could have averted a security breach — it will get the CIO fired.

A matter of ‘when’
Industry trends are not helping CIO job tenures. Findings from a recent survey at Black Hat USA 2015 indicate that 73 per cent of security professionals believe their organisation will likely experience a major data breach in the year ahead. At a time when enterprises’ highest priorities are achieving speed, agility and continuous delivery, this reflects an attitude that it’s not a matter of ‘if’ the organisation will be breached, but ‘when’.

At a time when CIOs are under pressure to drive the development of apps faster, it’s quite common to find sensitive and confidential data in development and test environments. Each app development team needs a clone of the production database to test their apps against. That clone contains sensitive data such as credit card numbers or other personal identity information. If there are multiple app development teams, there are multiple new ways for that sensitive data to be breached.

A huge blind spot is emerging. The stringent security controls and protocols IT relies on to mask sensitive data are not being applied to the non-production databases developers use to create new features or applications. However, the number of global-scale scandals around sensitive data losses reinforces the need for CIOs to architect a new approach that ensures data security is embedded into everyday practices.

A balancing act
Increasingly, CIOs need to find a new way to ensure that even if hackers break in, they won’t be able to obtain sensitive data. One approach is to insert a new layer into IT that automates data masking and makes it part of data delivery to ensure all information is secured before it even reaches developers, QA engineers, analysts or other privileged users.

IT can control the data masking policy and data retention rules, and they can manage who has permission to access the data. More importantly, instead of relying on synthetic data or duplicates of non-masked copies, organisations can readily extend masked data to any application project environment. This approach enables a centralised view of organisations’ data, and it safeguards information for whoever needs it and for whatever project – whether on premises, off shore or in the cloud.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

Too often, IT is goaled on delivery and not security. However, by advocating a new approach, CIOs can carefully balance the scales, ensuring the IT function adds business value while maintaining secure processes.

Delivering secure data as a service, organisations can dramatically accelerate app development – the software makes one clone of a database, enabling users on each app development team to quickly test against the freshest data as if they were the only ones using it.

By accelerating app development in a secure way, CIOs can protect the entire business from falling behind the competition. That can save a lot of jobs — and not only theirs.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.