Industry Trends

The Evolution of the Financial Services CIO Since Y2K

By Brian Forster | December 29, 2016

The role of the chief information officer (CIO) has undergone substantial changes in less than two decades, progressing from a rare position within an organization to the heart of the executive boardroom. The pace at which technology has evolved has driven much of this growth, and today’s financial organizations now lean on their CIO to keep data safe while also keeping pace with industry advances.

Let’s take a look back at the evolution of security within the financial services CIO’s role and some of changes that have brought us to where we are at today. 

Early Role of the CIO

We’ll start by rewinding back to 1999 and the impending threat of the “millennium bug.”  This Y2K-related computer problem had most in the financial services industry worried that glitches in systems could create a chaotic scene across the globe. Thankfully, there was much more hype leading up to the year 2000 than there were issues. However, the threat was taken very seriously and it prompted huge investments in IT upgrades at the time.

Back then, many financial services organizations were bound to massive tech firms that provided computers, databases, and the software that they needed to operate effectively, making it very difficult to measure ROI. Organizations needed dedicated positions that would help to show ROI and explain technology’s impact on the business. This ultimately led to the birth of the CIO role as we know it today.

IT directors, whose role was to turn and operate the crank of basic security solutions, typically filled early CIO positions. Security solutions at the time were designed as point solutions, addressing specific issues at specific layers of the architecture. The siloed approach to security was initially effective, but it had to be quickly adjusted as new technologies and threats emerged.

The CIO’s Security Role Today

Since the early 2000s, the role of security in the CIO’s job description has expanded significantly. Much of this growth is directly attributed to the sheer evolution of the technology that financial institutions rely on today. From the cloud to the bring your own device (BYOD) phenomenon, there are now more ways than ever for cybercriminals to enter the environment and pose threats.

The cloud was initially adopted by small and medium-sized organizations, as it wasn’t particularly friendly in terms of scale or the extended user experience for large enterprises. However, cloud technology has improved, and large organizations are now looking to expand into the cloud to respond to the growing demand for mobility from both employees and customers. CIOs need to keep pace with this evolution by implementing strategies to extend their current security in order to protect the technology and data that is being moved to the cloud.

And the complicated technology stack hasn’t stopped at simply migrating to the cloud. Many enterprise-level financial organizations are now adopting a hybrid approach, combining on premise computing with the cloud. Data now flows between local, remote, and cloud based environments, and security needs to provide seamless protection across this new distributed environment. As these new technologies are adopted, they need to be friendly to the enterprise and its customers, while also adhering to strict industry regulations. Once again, this is forcing CIOs to adapt.

Today’s network security frameworks, and the CIOs that are managing them, must be able to dynamically mitigate and communicate threats across the entire organizational environment.

The CIO’s Security Role in the Future

While technology will continue to evolve along with consumer and employee demands, it will not be the only factor CIOs need to be on the lookout for. While the future of the CIO’s role and the demands of data security are never etched in stone, the things they can achieve in the future will in large part be determined by the way in which emerging and existing technologies are wrapped into the web of the financial enterprise’s security strategy.  

A security fabric framework allows organizations to actively integrate security into their evolving network infrastructure, automate policy, share threat intelligence, and synchronize the mitigation of security events automatically with an integrated and collaborative approach.

Final Thoughts

There was a time not too long ago when IT’s borders didn’t expand past the walls of the enterprise. However, the threat landscape is now boundless and consumer behavior is driving dramatic changes in the way in which businesses operate. Data security is no longer simply about the ownership of technology. It’s more about finding new ways to protect data regardless of where it lives, and instilling and enforcing trust across all distributed users, devices, applications, and services.

Let’s get a conversation going on Twitter! How have you seen the CIO’s role evolve in terms of security since the turn of the millennium?