What A CIO Needs To Know About Encryption

by drjim on April 27, 2016

CIOs need to know when to make use of encryption

CIOs need to know when to make use of encryption
Image Credit: Yuri Samoilov

Due to the importance of information technology, the person with the CIO job has been handed the responsibility of keeping the company’s information assets safe. This involves a number of different things including preventing the wrong people from gaining access to the company’s networks, etc. However, there is always the possibility that company information may fall into the wrong hands, what to do when this happens? The answer is that all important information should be encrypted, but just exactly what does this mean to a CIO?

What Can A Company Use Encryption For?

Before we dive into a discussion about what your company can use encryption to accomplish, perhaps we should first take just a moment and make sure that we all have the same understanding of just exactly what encryption is. In a nutshell, when we are talking about encryption, we’re talking about using computers to perform complex mathematical operations that turn company information into coded strings of symbols.

Every company has, by necessity, a great deal of information that it uses to conduct its business. Not all of this information is the same. Some can be classified as being critical to the operation of the business. This can include things such as customer information, banking information, etc. Other information is not nearly as important. Examples of this type of information include press releases, the cafeteria menu for the week, the annual list of company holidays, etc.

As the CIO you need to realize that you have two different collections of data. It’s the important data that you need to worry about the most. You need to understand that despite your best efforts, there is the very real possibility that one day a hacker will find a way to breach the network defenses that you’ve put in place, By ensuring that your company’s critical data is stored in an encrypted form you’ll make accessing that data worthless to any hacker who might get their hands on it.

Does Encryption Really Protect A Company?

Having made a decision to encrypt your company’s most critical data, as the CIO you are now going to have to start to manage the encryption (and decryption) processes at your company. One question that always seems to come up when we are talking about encryption has to do with the company’s email: should it be encrypted. The answer is yes, but it may prove to be too difficult to do. Both the sender and the receiver would have to have access to the encryption / decryption software to make that work.

Another question that comes up as CIOs are planning how best to encrypt the company’s data is trying to determine if going to the effort of encrypting it is really going to keep the company’s data secure. The answer is a qualified yes. The encrypted data will be secure as long as the bad guys can’t get their hands on the encryption keys that you are using. All too often in corporate data breeches, this is exactly what happens.

Finally, there is the somewhat obvious question of just exactly why every piece of data at the company is not encrypted. I mean, if you did that then you would not have to spend anytime thinking about what needs to be encrypted and what you can skip. The reason that this is not a valid solution is because it takes time (even for computers) to encrypt information and so this slows everything down. Putting the systems and processes in place to encrypt and decrypt information is a difficult process. Once such a system has been set up, controlling who has access to the encryption keys then becomes yet another important task for a CIO to do correctly.

What All Of This Means For You

Let’s face it, there is probably no way that any person with the CIO job can ever hope to guarantee that important company information will never fall into the wrong hands. What this means for you as the CIO is that you need to take steps before this event happens to ensure that valuable company information doesn’t leak outside the firm. The best way to make sure your private information stays private is to encrypt it.

Encryption simply involves taking information and transforming it into unreadable information. Things that are well suited to being encrypted include customer records, anything to do with money, and company emails. In order to make sure that the bad guys can’t read your encrypted information, you need to take special steps to make sure that your encryption keys don’t fall into the wrong hands.

Encryption may not be the right answer for all company communications – the overhead may be too high in some cases. However, for the most sensitive of company information it is probably the right choice. As CIO you need to take the correct steps to make sure that your company’s critical information is both encrypted and stays encrypted.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: What company information do you think should NOT be encrypted?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

If there is one thing that I think that we can all agree on then it is that our data processing and storage needs continue to grow as the company comes to realize the importance of information technology. The person with the CIO job now has to find a way to deal with this explosive growth. This means that you are going to need to find more room to house the servers and the storage systems that your firm is going to be needing. You have three options: build, collocate, or cloud. How can you decide between these options?

{ 0 comments }

CIOs Need To Learn To Play HEAD Games

by drjim on April 20, 2016

CIOs need to learn how to use the HEAD decision making technique

CIOs need to learn how to use the HEAD decision making technique
Image Credit: Ten Aku

As the person with the CIO job you have access to a great deal of information. In fact, some would say that you have access to too much information. Making a decision about the importance of information technology can be a very difficult thing to do. You have a great deal of information sitting at your disposal, but a lot of it may be contradictory. Just exactly how can you go about making a good decision?

Using The HEAD Methodology To Make Better Decisions

In our modern age, when a CIO is called on to make a decision, there is no lack of information. The real problem is that there is often too much information and the information that you have probably does not all agree with itself. It is exactly this situation where we need to have a way to make good decisions.

Philip Mudd is an author who spent a portion of his career working for the CIA, the FBI, and for the National Security Council. He fully understands the challenges that we are facing. He has created what he calls the HEAD methodology: High Efficiency Analytic Decision making (HEAD).

The HEAD approach is all about learning how to ask the right questions. These questions include “what is the problem?”. Also, you’ll want to ask questions that will reveal what your drivers are. The goal is to identify the important characteristics that define your problem. In order to make the right decision you will also want to determine how you will measure performance. You will also need to know what important information is missing.

How Can CIOs Anticipate Unforeseen Situations?

As good as knowing what questions you need to ask before making an important decision is, there are still going to be situations where the person in the CIO position is going to be challenged to know how to do the right thing. Specifically, one of the biggest challenges the CIOs are facing is trying to anticipate unexpected situations before they occur.

The approach to solving this problem that Mudd suggests is to take a different approach to how we go about asking questions. When we are faced with an unknown future, we need to start to ask questions about what we don’t know – not what we do know. Shifting the focus in this way allows CIOs to deal with the so-called “known unknowns”.

This still leaves the problem of the “unknown unknowns” – those things that we don’t even know that we need to know about. When we want to get our hands around these types of decision making situations, what we need to do is to bring in a new team. This team would be made up of renegade thinkers who will challenge our existing ideas and think outside of parameters of convention.

What All Of This Means For You

Here in the 21st Century, CIOs are faced with the somewhat unique situation where we actually have too much information. When it comes time to make a decision, we can find ourselves being paralyzed by lots and lots of information that may all be contradictory. What’s a CIO to do?

One approach is to use the HEAD method for making decisions when we are faced with great quantities of information that may not all agree with each other. The HEAD method consists of High Efficiency Analytical Decision making. In a nutshell, we need to learn to ask the right questions. In order to determine what the right decision is when things are unknown, we need to learn how to ask “out of the box” questions or bring in a new set of people who can challenge our thinking processes.

The one thing that I think that we can all agree on in regards to the future is that we just don’t know what we don’t know. This means that as CIOs when we are placed in a situation where we are expected to make a decision that will impact our IT department and perhaps the company both today and into the future, we need to have a system for making the right decision. The HEAD approach gives us a way to make sure that we’re asking the right questions when it comes time to make a decision. Give it a try and decide if this is the right approach for you.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: When you are facing an unclear future, who else in the company could help you to make the right decision?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Due to the importance of information technology, the person with the CIO job has been handed the responsibility of keeping the company’s information assets safe. This involves a number of different things including preventing the wrong people from gaining access to the company’s networks, etc. However, there is always the possibility that company information may fall into the wrong hands, what to do when this happens? The answer is that all important information should be encrypted, but just exactly what does this mean to a CIO?

{ 0 comments }

Airline CIOs Show How To Move From The Old To The New

April 13, 2016

The day-to-day challenges of being a CIO and teaching the rest of the company about the importance of information technology are enough to keep most of us fully busy. Just imagine if you were handed the additional responsibility of creating a plan to merge the IT operations of two large airlines. You could not screw […]

Read the full article →

3 Ways To Get Your Company To Take Digital Security Seriously

April 6, 2016

As the person with the CIO job, you realize the importance of information technology and just how important it is to keep your company’s network secure from all of the bad people out there in the world who are always trying to get in. You make investments in firewalls, intrusion detection devices, and highly paid […]

Read the full article →

5 Things That CIOs Need To Be Doing In Order To Protect Their Networks

March 30, 2016

By now I think that we all realize that we are living in dangerous and challenging times. The bad guys know about the importance of information technology and so they spend their time trying to break into our networks and we keep trying to find ways to keep them out. You’d think that a person […]

Read the full article →

The Problem With Healthcare Records

March 16, 2016

In the U.S., the government is investing a great deal of money into transforming the country’s medical system. A key part of this transformation is the conversion of medical records from paper to electronic records. On paper, this sounds like a great idea. Once CIOs have overseen the digitization of medical records, they can be […]

Read the full article →

Bloomberg Terminal Outage Creates CIO Headache

March 8, 2016

The job of a CIO is to make sure that everything works “just right”. If we have a nightmare it’s that the systems that we are responsible for suddenly just stop working just when everyone realizes the importance of information technology. As they sit around waiting for us to fix things, we frantically run around […]

Read the full article →

Does It Make Sense To Grade Your IT Employees?

March 2, 2016

As the person with the CIO job, it’s your responsibility to stay on top of the quality of the employees that you have working in your IT department. In most IT departments this means that at least once a year you will have everyone engage in an evaluation process. During this process each worker will […]

Read the full article →

5 Things That A CIO Should Never Accept In The IT Department

February 24, 2016

CIOs need to make sure that their IT department is a smoothly running machine. There are many different things that they can do in order to make sure that this happens. Hiring the right employees is a great way to start. Taking steps to keep employee moral high and ensuring that employees are motivated are […]

Read the full article →

Mastering The Skill Of Public Speaking

February 17, 2016

One of the most important parts of your job is communicating with the people who are looking to you for guidance. Just exactly how to go about doing this in an effective way is a big challenge that every CIO faces every day. The great thing about living and working in the 21st Century is […]

Read the full article →