“In your business there is no business without technology”, summed up the fundamental requirements of supply chain and IT resilience for CIOs present at the Deep Dive session held at Kuehne+Nagel, Porto for CIOMove2023. Stefan Brock and Martin Kolbe presented their theses to CIOs. Stefan focused on how the geopolitical, environmental, security and technological risks in the current operating environment necessitate a re-evaluation of an organisation’s IT architecture principles, whilst Martin considered how cloud choices and technical dependencies need to be managed to ensure resilience. Both argued that the CIO’s role was the only one that could become the strategic link to advise the board on risk, dependencies and opportunities.
CIOs debated these issues during an engaging and wide-ranging discussion, the key points of which were:
- The choice of cloud or on-premises architecture is an individual organisational choice based on the problems trying to be solved.
- You can’t avoid technology dependencies, instead you need to be able to manage your choices.
- Resilience must be built into architecture and development choices from the start.
- The cloud offers resilience but often the availability, access, and connectivity dependencies of the cloud are not considered.
- The organisational culture and understanding of the board and the business needs to evolve so that they are better informed about resilient technologies.
- The responsibility for resilience should belong to the whole business, but the CIO has to retain the accountability for technological resilience.
- CIOs cannot however hold all the accountability, particularly in instances where business services should be ensuring legal compliance.
- When a business is service orientated then its IT is the differentiator.
- Research shows that cyber security attacks are most likely to be by professional groups, will involve infection techniques, and are more likely to target customer information.
- Cyber security considerations are changing due to: machine learning and deep fake algorithms becoming more sophisticated; the complexities of state funded threats; and, the lack of global cyber security experts.
Given the fundamental nature of IT as the cornerstone of a dynamic organisation, the group agreed that the role of the CIO needed to evolve to become the strategic bridge between technology teams, the business and board. CIOs need to manage competing viewpoints within these groups to build organisational technical responsibility and resilience whilst retaining overall accountability.