The CIO’s evolving role in an altered world

The CIO’s evolving role in an altered world

With the role of the CIO seeing expanding responsibilities, Rana Gupta, Vice President of Asia Pacific Sales and Services, Thales Cloud Protection and Licensing, tells us: “Far from being a redundant and dated position, an organization would better serve itself by taking time to redefine it.”         

Up until the dawn of 2020, the world was cruising along its timeline at a reasonably predictable pace. But the events that then unfolded substantially altered our perspectives on technology, work, life and society – much more quickly than we are used to.

As a result, Chief Information Officers (CIOs) have inherited an altered future with a role that has changed over the years and especially through the pandemic period and beyond.

In an era of constant, high-speed change, it can be difficult to determine, even within a clearly defined hierarchy, exactly who takes charge of and is responsible for an event such as a data breach or a ransomware attack. These are just two of the many activities that demand fast action to defend the organization, restore its functionality and reclaim ownership of the data.

The CIO still has a unique and highly valuable role to play, one that is evolving while remaining focused on clear goals. The CIO balances responsibilities with the Chief Technology Officer (CTO), typically by looking inward, aiming to improve processes within the company while the CTO looks outward, using technology to improve customer-facing actions. As such the position is moving quickly from being an administrator to becoming a trusted advisor to the rest of the company.

Meanwhile, liability for the outcomes of breaches and attacks is increasing among C-level positions, as evidenced by a September 2020 report from Gartner.

Prior to 2020, many CIOs would have discussed Digital Transformation in terms of shifting work towards mobile, digital technologies, creating a world in which people could work from anywhere, using their laptops and coffee shop Wi-Fi through a VPN.

The pandemic-induced necessity for people to work remotely stopped these types of plans quite quickly and have since not only turned large organizations away from the idea of practice-specific regional campuses but are also posing even more pressing questions about floor space in general.

Many are now considering reducing their physical footprint, especially in high-rent areas, as the Digital Transformation focuses, internally at least, to a hybrid work environment in which hoteling and hot-desking replace dedicated cubicles.

There are other elements of Digital Transformation that get less airtime in discussions and planning sessions but carry significant weight regardless. One of these is data and specifically, its storage life. Cloud technology opened up a seemingly infinite capacity to store data of all types.

This expansion of data, connectivity, ‘As-a-Service everything’ and the resultant growth in cybersecurity needs will all become part of a CIO’s expanded responsibilities.

Over the past five years, the industry has placed great reliance on cloud providers and cloud technology without fully understanding how a particular provider works.

Cloud has made itself attractive due to its apparent cost-effectiveness and scalability but issues of technical and physical security, along with the credibility of cloud service providers themselves, remain of significant concern.

A fire which broke out at a cloud facility in France in March 2021, which resulted in the disruption of millions of websites revealed just how wide these gaps may be, given that the fire had a physical cause – a faulty uninterruptable power supply. This incident also reflected that, firstly, the data lost was residing on bare metal servers within the facility and not the cloud itself and, secondly, the clients who lost the most had not backed up their company’s data independently. These are the types of issues that go well beyond the simple functionality of the cloud and should never vanish from a CIO’s to-do list.

Perhaps the most poignant example of this is ransomware.

Ransomware has evolved from being a crime against a company to becoming a part of the cost of doing business. It hits companies daily.

So far in 2021, the most infamous cases included Colonial Pipeline, which resulted in near economic catastrophe by closing fuel deliveries to the entire US East Coast and Ireland’s healthcare service, which faces months of disruption as it continues to recover from a May 14 ransomware attack. The region is equally vulnerable to these cyberattacks as evident from the recent ransomware attacks on Tokio Marine Insurance and Eye and Retina Surgeons in Singapore.

The CIO is in prime position to be able to translate the often-ethereal notions of cybersecurity into real-world visuals, such as the spill over effects that a breach would have on a company’s brand, reputation, share price, litigation, lost customers, environmental issues and much more.

Looking ahead, even five years is a long time and it is guaranteed that technology and cybercrime will continue to advance in this period as with any other. But with incremental increases in communication such as 6G replacing 5G as well as advances in Quantum Computing, Artificial Intelligence and Machine Learning, it will be up to the CIO to redefine the job to ensure there is a balance between administration and on-going learning.

The CIO is surrounded by other types of digital officers, which doesn’t render the position obsolete but does demand that it becomes more cross-functional. The position also needs to be less top-down, diluting the command-and-control siloed architecture that was forged in the previous century.

The concept of a CIO being a chief information executive remains valid but requires a step away from outdated notions that it must be fixed in its role and stature, as a position that holds responsibility for internal processes centring around Digital Transformation.

The constantly evolving new priorities and technologies that will form the future of business all require the input and influence of the individual holding the CIO chair.

Far from being a redundant and dated position, an organization would better serve itself by taking time to redefine the position, delegating certain roles to other officers and managers and continuing to ask the question: “How best can our CIO continue to look inward, aiming to improve processes within the company while the CTO looks outward, using technology to improve or innovate products that serve the customers?” The two roles are vital and are co-dependent. Holding them together is a bond of knowledge, based ideally on an upgraded combination of continuous learning and continuous communication, not just with each other but with every member of the organization.

In just the same way that IT and security are not departments to be hidden away in siloes, the conversation about security, processes and people must remain front of mind and leading edge. It is the role of the CIO to ensure this happens.


Rana Gupta is the Vice President of Asia Pacific for Thales’ Data Protection, where he is responsible for delivering revenue and profitability growth, developing partner and channel networks and monitoring of business operations in the Asia Pacific region.

Gupta has 20 years of experience in the IT industry and prior to his current position; he was the Business Head of India and SAARC of SafeNet. In this role, Gupta was responsible for software monetization throughout Asia Pacific and all solutions in the SAARC region. Prior to this role he was the Vice President of Engineering at SafeNet. Before joining SafeNet, he held several positions at Altos India and was responsible for the successful roll-out of various product lines.

Click below to share this article

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive