wwwredzonetechnetmastermind

Top 5 Trending IT Issues of Q1 - 2016 Whatrsquos keeping CIOs amp CISOs up at night

A Message From Bill

Hello Friends

For over 20 years I have been bringing together the brightest minds in the technology field from a variety of industries to openly discuss challenges you are facing on a day-to-day basis Together we are able to pull decades of experiences and lessons learned to assist one another in solving the chief

problems that keep you up at night

My goal is to provide you with tools and resources to save you time money and a foundation to build relationships ndash while ultimately improving the technology industry

across all markets I am proud that in 2015 alone we hosted discussions with over 30 members and tackled problems head-on in our virtual round-table discussions

You have told me that you love to know which topics are trending lsquoon the edgersquo and when your hear from your peers directly you can gauge this to understand the complexities and feasibility This publication is a comprehensive summary of all discussions we have had in the first quarter of 2016 My team and I have organized each topic into the top five key categories to highlight what is trending in IT today

This 20 page eBook is full of insight from todayrsquos leaders in technology and contains links to vendors resources and thought leadership optimized for digital use with hyperlinks and bookmarks but designed for ease of use in printed hard copy as well

For additional resources on technology leadership business and fearless living I invite you to follow me on LinkedIn subscribe to my RedZone Podcast and visit the RedZone Blog

Thank you and I hope you enjoy this valuable resource To our current members Thank you for your leadership insight and expertise

Best regards

Bill Murphy

President amp CEO

RedZone Technologies

bull CloudIntegrationChallenges

bull SecurityampComplianceStrategies

bull LeadershipampManagementTactics

bull BusinessOptimizationProcesses

bull InnovationattheEdge

A Message From Bill

Hello Friends

For over 20 years I have been bringing together the brightest minds in the technology field from a variety of industries to openly discuss challenges you are facing on a day-to-day basis Together we are able to pull decades of experiences and lessons learned to assist one another in solving the chief

problems that keep you up at night

My goal is to provide you with tools and resources to save you time money and a foundation to build relationships ndash while ultimately improving the technology industry

across all markets I am proud that in 2015 alone we hosted discussions with over 30 members and tackled problems head-on in our virtual round-table discussions

You have told me that you love to know which topics are trending lsquoon the edgersquo and when your hear from your peers directly you can gauge this to understand the complexities and feasibility This publication is a comprehensive summary of all discussions we have had in the first quarter of 2016 My team and I have organized each topic into the top five key categories to highlight what is trending in IT today

This 20 page eBook is full of insight from todayrsquos leaders in technology and contains links to vendors resources and thought leadership optimized for digital use with hyperlinks and bookmarks but designed for ease of use in printed hard copy as well

For additional resources on technology leadership business and fearless living I invite you to follow me on LinkedIn subscribe to my RedZone Podcast and visit the RedZone Blog

Thank you and I hope you enjoy this valuable resource To our current members Thank you for your leadership insight and expertise

Best regards

Bill Murphy

President amp CEO

RedZone Technologies

bull CloudIntegrationChallenges

bull SecurityampComplianceStrategies

bull LeadershipampManagementTactics

bull BusinessOptimizationProcesses

bull InnovationattheEdge

Table of Contents

pg 11 Methods and ways CISOs are reporting to the board and stakeholderspg 11 What are CIOs doing to develop their teams and encouraging them to

stay up-to-date with emerging technologiespg 12 How do executives provide financial calculations on IT initiativespg 12 What Methods are best used for IT capacity planning

pg 13 IT Outsourcing ndash What are the risks ndash Expectation vs Realitypg 13 Identity as a Service (IdaS) amp Single Sign On (SSO)pg 14 How to avoid pitfalls and challenges when implementing Single Sign Onpg 14 What technologies are being used for marketing effortspg 15 The role of Purchasing (Sourcing) in the IT World What are other companies doingpg 15 How are other companies managing help desk ticket processes

pg 16 IT Organizational Design pg 16 How are different companies using data analytics and geospatial mapspg 17 What do you do to support assist and drive innovation within the organization

and is the process structured or informalpg 17 What is ITrsquos role in profit generationpg 17 What are the concerns with the speed of outsourcing development

pg 16 Innovation at the Edge

pg 13 Business Optimization Processes

pg 11 Leadership amp Management Tactics

pg 9 How can you work security importance into a culture where there is no need for compliance

pg 8 What DLP Enterprise solutions and SIEM log management strategies are being used to prevent information from leaving the company

pg 8 Mitigating the risk of servers and PCs that canrsquot be upgradedpg 8 What risk management policies are being used while vetting vendorspg 9 How to safeguard against ransomware attackspg 10 Software patching your systemspg 10 What tools and methods are being used to assess security risks

around HIPAA regulations

pg 8 Security amp Compliance Strategies

pg 5 Cloud Integration Challengespg 5 Methods on vetting Cloud based SaaS (Software as a Service) providerspg 5 What is the most efficient way to segment and clean up merged data prior to

moving it to the cloudpg 6 Office 365 and Azure migration ndash Finding the right approach - What was your

experience and what challenges did you havepg 6 What to lookout for with Office 365 migrationspg 7 What are the best strategies for SharePoint adoption

Sponsored By

To learn how visit wwwcioscoreboardcom or scan the code to the right

Communicate the Status of your IT security in minutesCommunicate the Status of your IT security in minutes

ldquoManaging and measuring Risk across all areas of IT Security is a difficult task but the process and output of this tool empowers my team to easily understand the gaps in important areas while providing me with a clear view into prioritizing actions plans and investments without getting lost in the complexity and fears of IT Securityrdquo Sam McMakin Chief Information Officer American Chemistry Council

Sponsored By

To learn how visit wwwcioscoreboardcom or scan the code to the right

Communicate the Status of your IT security in minutesCommunicate the Status of your IT security in minutes

ldquoManaging and measuring Risk across all areas of IT Security is a difficult task but the process and output of this tool empowers my team to easily understand the gaps in important areas while providing me with a clear view into prioritizing actions plans and investments without getting lost in the complexity and fears of IT Securityrdquo Sam McMakin Chief Information Officer American Chemistry Council

5

Cloud Integration Challenges

Methods on vetting Cloud based SaaS (Software as a Service) providersCloud-based services are abundant and sometimes the CIO is the last to know of what has been purchasedsubscribed to Where does the IT Team fit into the equation and should they be

In general everyone agrees IT should be involved SaaS providers cover a large spectrum of services and if information is needed to be accessed handled or referenced the CIO has the responsibility to ensure the systems are secure In one instance the accounting systems were moved into a cloud environment and it was only after the fact that the CIO was involved due to legacy systems and their inability to communicate with the service and went out of the standard of compliance

A great example was given by a guest His company signed up for a health based service for employees to enter information concerning their health and the service gives recommendations and health assessment Later the system was flagged by headquarters for not using SSO or 2 factor verification when health information was being used This produced a new mandate for the service to comply or to be replaced

When the CIO can be involved earlier in the process they can set forth polices to ensure the SaaS providers can meet the level of security needed ISO credential donrsquot give much to your businessrsquo specific needs that is why the CIO needs to set that standard and ask the vendor ldquoCan you meet these standardsrdquo This is particularly important as it provides contractual standards and conditions moving forward as well When these are implemented they need to be double checked

With the compliance needs and the rise of cloud-based SaaS providers Bill suggests that future roles may be developed for the Chief Information Security and Compliance Officer Here is a link to the blog he wrote on the subjectVendorsDiscussedbull Skyhigh

bull Accellion - Kiteworks bull OneDrive bull Azure

What is the most efficient way to segment and clean up merged data prior to moving it to the cloudThe cloud is driving business in many sectors but government contractors need to have ways to segment information from customer data prior to migration There tends to be no real answer to the segmenting of data but users are selecting their personal devices and accounts The best you can do is incorporate policies to restrict users and silo information using solutions like Kiteworks VendorsDiscussed

6

MigrationVendorsbull Comparex bull NewSignaturebull Nortec

SecuritySystemsbull Goodbull Mimecastbull EMS from Microsoft

Office 365 and Azure migration Finding the right approach - What was your experience and what challenges did you haveReaching out to Microsoft is not always the best approach sometimes they may want to focus on doing what is quick rather than doing what is right

The general practices that have already been completed have all ran a proof of concept first with the remainder of the migration following After migration several additional applications were included from Skype to disaster recovery

Several vendors that assisted group members listed below helped the members identify their specific needs from ADFS to Azure connectors

What to lookout for with Office 365 migrationsWhen considering migrating to Office 365 on the cloud the first rule of thumb is identifying changes from an end userrsquos standpoint to develop customized training It will not be without headaches but adequate training can reduce ITrsquos headaches and time involvement from the start

Implementing disaster recovery and failovers during the migration is also best practice Several products can be utilized as part of Office 365 or on a hostedhybrid solution Security is also an issue as the migration may open gaps that hadnrsquot been thought about A proper assessment to identify vulnerabilities may reduce risks moving forward

A CIO needs to also focus on utilizing a trusted vendor to assist the migration A guest from another session struggled with this as Microsoft encouraged him to implement a new ADFS server simply because it would be easier for them to migrate This is also not because it was the right thing to do but rather the quickest thing from Microsoftrsquos standpoint Additionally Microsoft then limited the ability for him to use a proper proof of concept and wanted him to move forward without testing

Another part of the license agreement may require a negotiation with Microsoft Depending on your needs you may have to work with your Microsoft rep to establish a proper budget Some resellers can assist with the negotiations VendorsDiscussedbull Mimecastbull CIO Scoreboard

7

Each episode I interview leaders who inspire me in the areas of hard core IT Security IT business leadership innovation creativity entrepreneurship and fearless living principles

Check Out The RedZone Podcast

What Our Listeners Say

Irsquom a new subscriber to the RedZone podcast this episode [How You Can Be as Creative as Michelangelo and Navy Seals | Podcast Episode 5] had some excellent insights on solving problems and learning Thanks Billmdash Floyd Matsuda CIO State Department Federal Credit Union

What are the best strategies for SharePoint adoptionMany users have spent their professional lives using a folder-based hierarchy for information To assist users in adapting SharePointrsquos views and categories it requires training and architectural planning Some CIOs have brought in vendors to assist with the design of the metadata and categories If the end user has issues finding information then they are more likely to struggle to adapt ndash or even refuse

Outside from ensuring companies implement for the end user what is equally important is to ensure that the system is designed for scalability and growth ConsultantMentionedbull RDA

8

Security amp Compliance Strategies

bull Varonisbull Alert Logicbull AIE Cyber Security Insurance

bull Microsoft Security Essentialsbull Masergybull KnowBe4

What DLP Enterprise solutions and SIEM log management strategies are being used to prevent information from leaving the companyThe rise of engineered social risks give way for logging and flagging events but education may be more important

End users are not always thinking about security and often find themselves clicking on items that they shouldnrsquot The key to prevention is education and using tools to flag actions is only one step Some CIOs have incorporated programs that are designed to actively phish employees and they provide feedback on areas that exposed the companies to risk The CIOs then take the results and develop training programs for further employee education

As an impromptu survey attendees were asked if employee training is run through HR or if the CIOs can run independently 25 said they do not have to run through HR to facilitate training programs the other 3 said they either do or does so to ensure collaboration execution VendorsDiscussed

Mitigating the risk of servers and PCs that canrsquot be upgradedLegacy systems are needed in several industries yet these systems can expose a certain amount of risk to the organization

Legacy systems are an ongoing challenge Managing the spread of technologies is more and more important but itrsquos not if you are attacked itrsquos when Establishing an incident response plan can be critical to your reaction time One approach to addressing these is establishing a top 3 list and work to resolve those vulnerabilities

What risk management policies are being used while vetting vendorsVendor Management is at the forefront of highly regulated clients Often enough many clients are satisfied by a SOC 2 report but some clients even want to audit the colocation site to ensure standards of compliance are being met Ensuring that vendors are able to meet the standards around physical security access as well as meeting framework standards (NIST ISO 270001 or PCI) is the first step in creating a policy

One of the biggest concerns is the location of where the data is being replicated or stored Regulated data is met with higher scrutiny or even rejected if the data ever travels offshore This is also important to note as well due to additional regulations from the EU and others with certain data types This makes it very important to add this consideration to the vetting process It is also just as important to perform regular audits on the vendors as well

The more certifications and levels of compliance a vendor can abide to can have a direct impact on the companyrsquos ability to sell Consider it an additional insurance policy for your clients

9

How can you work security importance into a culture where there is no need for complianceWhen your company is not driven by regulatory compliance security importance may sit behind user impact

Try to describe examples of security threats in your industry and communicate the financial risks involved with inaction Creating a risk factor on quantitative risks and the financial damages for each based on a risk assessment helps explain the monetary damages Additionally describe what the reputation risks could be if your security is breached ndash would your customers trust you if their information is at risk

Help identify the most probable industry specif risks and allow the team to develop a path to prevention The CIO Scoreboard is a great tool to take a snapshot of current state of vulnerability and helps explain the risks to the CEOCOOCFO

A RedZone podcast was released where Bill interviews Jack Jones CISSP CISM CISA Jack has developed the importance of getting away from top 10 lists and focuses more on probability vs possibility of risks and how to use this analysis for identifying security needs

Resourcesbull FAIR Institutebull Bill Murphyrsquos RedZone Podcast with Jack Jones

How to safeguard against ransomware attacksThe Hollywood Presbyterian Medical Center was hit hard by a ransomware attack With the proper identification tools and offsite backup disasters to business applications may be avoided A guest example of a cryptowall attack was identified and they were able to stop the attack after using vendor support to identify the infected machine Once identified they were able to isolate the machine and disconnect it from the network The files were able to be restored in under a day from an offsite backup

This attack also demonstrates the ongoing need to train employees Dell SecureWorks estimates that 70 of breaches can be attributed to human elements and that 90 of all malware requires human interaction before it can infect its target Compartmentalizing user access may help but attacks can jump authentication and shared folders to continue the spread It is best practice to separate personal and administrative access to prevent total infection

Another suggestion is to monitor files for unusual behavior Some attacks may not be caught by security programs but you monitoring for ballooning files or mass updates to alert you of a possible attack VendorsDiscussedbull RedZone

Managed Backupsbull Dell AppAssure bull AlertLogic

10Courtsey of Dell SecureWorks

Software patching your systemsEveryone on the call mentioned that patching is being done regularly ndash mostly on a weekly basis for Microsoft The motivation is there for many companies but finding time to be able to break away to get it done is the tricky part VendorsDiscussedbull GFI LanGuardbull Dell Kace

bull CIO Scoreboard bull Trace Security bull Tenable

What tools and methods are being used to assess security risks around HIPAA regulationsEvery CIO and CISO needs to be familiar with their companyrsquos risk policies ndash regardless of industry Performing an assessment on your infrastructure is important even more so when your company is regulated by NCUA HIPAA or PCI The CIOCISO needs to understand their current security posture and have an action plan in place It is recommended that a neutral third-party that has in-depth knowledge of IT Security and regulatory standards be used to assess your environment and provide you with a visual report and dashboard The report should enable you as CIOCISO to clearly communicate your security posture and be able to be updated as you check completed items off of your action plans

VendorsDiscussed

11

Leadership amp Management Tactics

What are CIOs doing to develop their teams and encouraging them to stay up-to-date with emerging technologiesEmployees that are familiar with current emerging technologies are more efficient in their roles It is easy for employees to become complacent in their current status quo but the CIO needs to encourage employees to think critically

DelegatingCriticalThinking A CIO has a lot to manage and they need their teams to think through the issues To combat this leaders need to implement a screening tactic to compare potential intervieweesrsquo ability to think critically Perhaps giving the employees ideas of goals that need to be reached so they are able to look for solutions when at training events

Bill mentioned a book Topgrading by Brad Smart which describes a way to break people into categories and get down into their root issues and motivations He also mentioned The Strategic Coach that helps outsource critical thinking through a strategy map ldquoThere are plenty of people to think through problems but do they have a framework to think through the solutionrdquo

Methods and ways CISOs are reporting to the board and stakeholdersThe board needs to have a basic understanding of security posture but what trends should they really be hearing Many organizations are set up to report differently however the terminology to these trends can be too technical for board members or for executives to relay what has been reported to them One contributor mentions the value attributed to graphical representation over technical data to be a better clarifier Help identify industry specific risks that are most probable and allow the team to develop a path to prevention The CIO Scoreboard is a great tool to take a snapshot of the current state of vulnerability and helps explain the risks to the CEOCOOCFO

12

How do executives provide financial calculations on IT initiativesThe IT Department often has some of the largest expenditures in a company Technology is often expensive and projects need to be fully vetted Sometimes the CIO has difficulties in getting the CEOCFO or the board to agree to projects they do not fully understand One potential tactic is to better describe the risks associated with not proceeding This is not limited to security but also the operational risks Being able to calculate the downtime costs for older technology can help non-technical executives better understand What is the cost of repeated downtime for outdated technology vs the costs of upgrading This can be done using a quadrant approach keeping running costs on a few key items such as legacy tech future tech maintenance of stable tech and new available technologies Another approach is the brainstorming with your team to create a list of potential risks and prioritizing them by score

Additionally many CIOs have had success utilizing a member from finance to serve as a project controller for projects over a certain size This is helpful as the CFO has a member of their team on the project to assist with cost management and to help mitigate cost avoidance as well as continued financial education to the IT team

What Methods are best used for IT capacity planningCIOs are handling a large amount of projects and the capacity of their teams can be stretched Of course the first line of thought is to outsource but there are hidden costs you may not be aware of from the onset Many times the outsourcing itself requires an internal service manager to manage the outsourcing and the SLArsquos This can be a full-time job on its own However a suggestion is to identify admin functions and other items that do not give the company a competitive edge and outsource those ndash leaving the managerial aspects to the HR department HR may already have the capacity to review contracts and their enforcement as well as managing the feedbackreviews from employees on how well the vendor is performing

IT governance is needed to ensure the projects being asked of IT are in line with the strategic goals of the company When done so with executive buy in project management tools can assist the CIO in managing employee resources costs and timelines without scope creep Additionally the projectrsquos timeline needs to consider the software development lifecycle (SDLC) and if this is going to need re-planning in the future

VendorsDiscussedbull Workfront ndash previously AtTaskbull Microsoft Project Planner

Risk Score Estimated Cost of RemedyHas the problem happenedWas the issue widespreadHow Quick can IT resolveProbable potential riskUnlikely potential risk

1010984

$$$$$$$$$$$$$$$$

13

Business Optimization Processes

bull MS Native bull Azure bull Customer Lockbox

Identity as a Service (IDaS) amp Single Sign On (SSO)Identity as a service can be a risk however the CIO can mitigate risks using a strategic plan that fits their needs

The discussion led to the participants agreeing that risk mitigation was important to IDaS One approach was to conduct a feasibility study to better understand the complexity of access to business applications Though such a study can be costly it can produce and drive a strategy for low-risk access that falls within the need of the business Some businesses tend to become weary of cloud based service

EfficienciesofIDaSSome may have more of a hybrid environment and IDaS providers can establish some efficiencies to the process With the right security architecture the access passwords are not stored in data centers and it enables cancellation of access from one location The process improvement pieces should be implemented through clean Active Directory information

Vendorsdiscussed

IT Outsourcing ndash What are the risks ndash Expectation vs RealityWhen outsourcing some IT functions there are 3 primary things to consider throughout the process

1)Integrationofcorporatemechanicsandoperatingprocedures

The most important aspect of outsourcing IT functions is the integration of corporate mechanics and operating procedures The primary way to indoctrinate an outside vendor is to have primary points of contact job shadow internal IT operations for 3-6 months This will allow for vendors to have on the job training in to regards to business mechanics approaches reporting structure and culture prior to the execution of full-time outsourcing

2)Establishingaclearlineofresponsibility

It is important to set the contractual roles and responsibilities of parties prior to the execution This will eliminate the confusion of what areas of IT are staying in-house and what areas the vendors are responsible for Use of a RACI table may be a good starting point

bull Vendors are very good at basicstandard operations however the use of custom business applications will not fall into their area of expertise

bull Even outsourced workload requires a fair amount of management and supervision this is not a ldquoset it and forget itrdquo approach

3)Outsourcingabroad

The aspect of outsourcing overseas may often sound appealing but there may be communication issues to prevent clear understanding While vetting vendors you may want to pay attention to the clarity of their verbal people skills If your internal customers are having difficulties communicating with outsourced vendors then they will bypass them and find their way right back in the IT departmentrsquos offices

14

What technologies are being used for marketing effortsSometimes a CIO needs to be involved with Marketing There are reasons from a technical standpoint to ensure systems are correctly amp securely installed either via cloud-based SaaS applications or directly bolted into core business systems behind the firewall More so is the thought leading to the ideas that CIOs should be more involved with driving revenue No matter the route the CIO needs to be aligned with the CMO to establish the benchmarks marketing strategies and analytics of big data

Identifying a vendor or partner is important Many companies do not have the in-house expertise to bring in all the different areas of trafficking sales and marketing efforts If there is not an existing process vendor support can be critical to success The technology vendor typically doesnrsquot know much about marketing but the marketing vendor who knows a bit of IT can help drive the right platform and marketing sales definitions

Bill emphasized that when selecting a CRM (Customer Relationship Management) tool CIOs need to understand there will be hidden costs not readily known Every business is like a fingerprint ndash no two are identical so when considering the installation the CIO must be prepared to incur costs of custom data mapping and fields that were not discovered in the initial discovery processes Donrsquot be blinded by the sexiness of an application or software or by what they can do and ensure that they can show you a realistic example of a sale for your industry VendorsDiscussed

bull Salesforcebull DonorVision

bull RazorsEdgebull Oracle CRM

bull Marketobull Quora

bull Ping Identitybull OKTA

bull DUObull Azure

How to avoid pitfalls and challenges when implementing Single Sign OnSingle Sign On (SSO) provides a lot of convenience for users to access all of their business applications in one swoop One of the biggest concerns is of course the security of Active Directory (AD) Many SSO providers encourage AD to be replicated externally so that they have full control however the threat is some of the providers may actually be more concerned with growing their business than protecting the AD replications on their end This can also place companies in tight spots as their regulatory and compliance needs dictate that the safeguarding of the AD is paramount ndash AD is the keys to your kingdom

One consideration to consider to prevent complications is selecting a vendor that has capabilities to use SSO on hosted solutions as well as externally hosted solutions and to ensure that other vendorsrsquo identities are secure as well

Additional security through multifactor authentication can be put in place End users may have an additional step to access their business applications but the benefits could mean a concrete security platform From a mobile device standpoint multifactor authentication apps exist and it is up to the business to require the apps or a key fob VendorsDiscussed

15

The role of Purchasing (Sourcing) in the IT World What are other companies doingTechnology leaders are experts in technologies and tend to have a hard time letting go of purchasing Sometimes they feel it is easier to just do it themselves than describe their technology needs to a purchasing manager that may not have the technology chops However the purchasing managers often have better negotiating power to gain better price points and agreements with suppliers

To the surprise of many the procurement teams often have specialties in business areas These specialized purchasing managers have a deeper understanding of technology needs and requirements and lend themselves well to a working relationship with the CIO

What the majority seem to agree on is the hierarchy of expenditure approvals where the CIO recommends the technologies based on the value to the organization while the actual approval of funds rest with the COOCEO In either case the CIO may have assistance in day-to-day administration of sourcing but the CIO is still responsible for maintaining the budgets and making the recommendations based on the value-add to the company not just the dollar figure itself

How are other companies managing help desk ticket processesHelp desk ticketing programs have helped technologies teams in many ways Not only does the CIO now have a customer satisfaction tool for internal staff but they also have ways to identify trends in both specific machines and their users Effective tracking and notation of tickets can assist help desk staff in troubleshooting errors but one of the greatest aspects is the ability to track human errors This allows the CIO to establish training policies to minimize future issues and identify problem children ndash those who consistently need help

Training ongoing education and even disciplinary actions can alleviate problem children but in companies with high-turnover or low-end positions the CIO needs to be able to accept some elements of human error The best course of action may be posting a laminated trouble-shooting document or manual by the machine and allow the users to self-correct as much as they can

VendorsDiscussedbull osTicketbull Track-It

16

Innovation at the Edge

RedZone Technologies is proud to announce that CEO Bill Murphy has been selected as the Ambassador of the Singularity University Washington DC Chapter Our mission is to educate inspire and empower leaders to apply exponential technologies to address humanityrsquos grand challenges

RedZone Technologies is proud to announce that CEO Bill Murphy has been selected as the Ambassador of the Singularity University Washington DC Chapter Our mission is to educate inspire and empower leaders to apply exponential technologies to address humanityrsquos grand challenges

bull Google Earth bull Thoughtspot bull ESRI

How are different companies using data analytics and geospatial mapsAssumptions and misinformation leads to business leaders making bad decisions Simply put ldquobad data makes bad decisionsrdquo Being able to utilize good quality information to make business decisions is critical Identifying tools for surge based data analytics can assist business decisions

Also once the data is defined a data dictionary can be implemented to those running reports to ensure the data is well defined and outlines protocols to assist the data analysis VendorsDiscussed

IT Organizational DesignAdding value to the company is tough from the IT standpoint as the majority of the CIOrsquos time is keeping the lights on Many CIOs are looking at how they can add value by enabling the rest of the organization to be more efficient through the use of technology tools and contributing to the companyrsquos top-line growth Of those who answered on their share of adding value vs keeping the lights on the average range is 10-30 of their time is adding value The top level of the percentage comes from IT departments that have restructured their teams by either separating the day-to-day operations or by outsourcing them This leaves more time to add value and innovate and less time in the keeping the lights on mode There is a perceived disconnect from the employees and the IT department as the employees in the rest of the organization assume the lights are on and that ldquoif itrsquos on a computer it must be ITrsquos problemrdquo while still demanding technological innovation The time spent on keeping the lights on should be decreasing over time due to SaaS and cloud-based systems but on the other hand complications from keeping the lights on will change over time as IT evolves Bill mentioned Carin Watson from Singularity University She gave a conference keynote about finding hidden talent She was able to take employees who were on probation at their company and re-task them on projects she felt they were more inapt for What she found is that when these individuals were tasked with projects that fell more in line with them they become rock stars in the company

17

What is ITrsquos role in profit generationIT has long been considered a resource ldquoblack boxrdquo ndash being more of a spending department rather than a revenue generation machine While this may be true in support of the day-to-day operations or the ldquoplumbingrdquo IT has a unique opportunity to drive innovation CIOs are seeing success in getting involved in product development and partnering with universities or industry partners to innovate product development that can be used to boost revenue Some organizations are more focused on stabilizing their finances to ensure a stable foundation Sometimes the organizationrsquos cultural ideology is not ready to innovate or lacks the support structure to invest resources The CIO needs to help solicit the idea that innovation needs to happen before they are the next Pan Am left at the gate while other companies seize the marketplace

VendorsDiscussedbull ThinkTank

ResourcesDiscussedbull ldquoExponential Organizationsrdquo by Salim Ismail

What do you do to support assist and drive innovation within the organization and is the process structured or informalMany companies see the IT department as only a help desk department and implement technologies and systems without ITrsquos oversightMany participants in the discussion have had issues with other department heads launching CRM or ERP systems without discussing the initiatives with IT This leaves the IT group to play catch-up in a mess when things do not go smoothly To combat this CIOs have rebranded their department to Technical Services or Business Services to market their IT department internally Some have instituted titles such as Chief Integration Officer to drive home the integration of macro goals as well as Implemented Solution Managers to act as IT consultants to be more involved As Bill pointed out a lot of companies are hesitant to innovate ndash mostly because they assume innovation can disrupt the core of the business Innovation needs to happen at the edges of the business Hedging on small bets at first Some of the most successful innovators will often establish a lab-like environment to separate office space

What are the concerns with the speed of outsourcing developmentWhen a CIO does not have development expertise in-house a logical thought process is to outsource Outsourcing has many perks such as inexpensive labor costs and continuous work flow around the clock but there are several things to keep in mind First and foremost is the location of where data is being stored If sensitive information is stored overseas then you may very well be in violation of regulatory bodies and your own business agreements with customers If information is leaked the business associate agreements may be voided and leaving your company on the hook If they are not voided then you could find yourself going to court in another country When intellectual property is concerned the executive teams may want to substitute sensitive data for dummy data for development This is not only true for the development of software but for the transfer vehicles being used ie Dropbox OneDrive or FTP as well You as the CIO want to be sure that all risks of leaked information are mitigated and assessed as you are not only protecting your information but your customerrsquos information as well

The primary benefits of being a member include

bull Strategic amp tactical discussion topics with local industry peers

bull Enable strong IT and business alignment

bull Foster peer level relationships outside your industry

bull Learn how others in similar positions are handling business and technology challenges

bull Freely share and get valuable feedback about projects initiatives and challenges

bull Learn about new technologies in a panel question and answer format

CIO MasterMind Membership

Join an Exclusive Group of Like-Minded IT Executives

The mission of the CIO MasterMind Discussion is to give you The CIO and CISO a place to seek out solutions and feedback to solve your current challenges from your peers in a collaborative environment

The biggest benefit to me is the opportunity to network with like-minded peers in the Industry if I have a problem that someone else has solved I can just reach out them

Current Member

If you would like to learn more about the CIO MasterMind or apply for membership visit wwwredzonetechnetmastermind

Current MasterMind Discussion Group Members

AndyFolandVicePresident DECO Recovery Management

AshishBhatiaDirectorInformationTechnology Host Hotels and Resorts

BryanCaporletteCTO GampG Outfitters

CaterinaLuppiCIO American Psychiatric Association

ChristopherLumley VP Information Systems MECU of Baltimore

DarrenDeathCISO ASRC Federal

DaveDulanseyCIO IPA Global

DavidRonisITAffiliateManager DSM

DonaldWiegnerChiefInformationOfficer Mariner Finance

GeorgeCacchianiVicePresidentInformationTechnology Quorum FCU

JimDePietroCIO Bowman Consulting

JimGoehrigCIO Wiley Rein LLP

JoeTopinkaCIO SnapAV

JoshRosalesPhDITDirector Seventh-day Adventist Church

LesMcCollumManagingVicePresident CISO ICMA-RC

MadelineDelahanCIO Armed Forces Benefit Association

MannyCorderoCISO SGT

MatthewRichardCIO Laborerrsquos International Union of North America

MikeRaederSeniorDirector Digital Signal Corp

NealGuernseyCIO STG

RafaelMaldonadoCIO NADA

RichardGonsmanCIO Chimes Inc

RickMooreCIO National Committee for Quality Assurance

SamMcMakinCIO Managing Director American Chemistry Council

SandyScheuermanCIO First Potomac Realty Trust

SholaOyewoleCIO United Therapeutics

SimonCooperCIO Service Power

StacyDuncanVicePresidentofIT DavCo Restaurants LLC

StephenSimonsCIO Direct Energy Solar

TonyHabashCIO American Psychological Association

TonyMeoniVPInformationTechnology AHIP

RedZone provides Enterprise Security solutions from Core to Edge and is a leader in Enterprise IT Security Data Governance and Managed Security Services

Our vision for working with our customers is ldquoDelivering on Promises and Customers for liferdquo It is our guiding and never changing intent because in a fast and evolving IT and cyber security environment something has to stay the same and this is our vision RedZonersquos core mission which is to follow-up and follow-through on promises we make over a long-term relationship journey hasnrsquot changed

RedZone brings the best innovative IT and Cyber Security solutions to serve our customer needs in the areas of Security Assessments Integration Products Managed Services and Big Data Security

In response to pressure from government regulations PCI HIPPA HIPAA and worldwide cyber security threats RedZonersquos Solutions Development Group is continuously innovating our IT Security Assessment methodology

About RedZone Technologies

Security is a Verb and not a Noun

To learn more about RedZone Technologiesrsquo services visit wwwredzonetechnet

410-897-949wwwredzonetechnet

2444 Solomons Island RoadSuite 219Annapolis MD 21401

RedZone provides Enterprise Security solutions from Core to Edge and is a leader in Enterprise IT Security Data Governance and Managed Security Services

Our vision for working with our customers is ldquoDelivering on Promises and Customers for liferdquo It is our guiding and never changing intent because in a fast and evolving IT and cyber security environment something has to stay the same and this is our vision RedZonersquos core mission which is to follow-up and follow-through on promises we make over a long-term relationship journey hasnrsquot changed

RedZone brings the best innovative IT and Cyber Security solutions to serve our customer needs in the areas of Security Assessments Integration Products Managed Services and Big Data Security

In response to pressure from government regulations PCI HIPPA HIPAA and worldwide cyber security threats RedZonersquos Solutions Development Group is continuously innovating our IT Security Assessment methodology

About RedZone Technologies

Security is a Verb and not a Noun

To learn more about RedZone Technologiesrsquo services visit wwwredzonetechnet

410-897-949wwwredzonetechnet

2444 Solomons Island RoadSuite 219Annapolis MD 21401