![](\"https:\/\/images.techhive.com\/images\/article\/2017\/04\/headache_man-100716935-large.jpg\")
<\/p>\n<\/p>\n
Each year we talk with tech leaders about the biggest problems they\u2019ll face in the near future, and we\u2019re starting to see some subtle and not-so-subtle shifts from the worries of 2018.<\/p>\n
Data overload, a major concern 12 months ago, has evolved as new data-hungry tools and AI help make sense of data and drive business decisions. This year CIOs say they\u2019re more concerned with how to protect that data, as organizations grapple with new privacy regulations.<\/p>\n
As the economy continues to improve, CIOs are less hampered in 2019 by tightening budgets. And worries about moving to the cloud are less of an issue, since many companies have already made the jump. Executives put more emphasis now on securing their cloud-based assets across multiple cloud environments. \u00a0<\/p>\n
Read on to see what experts from the C-suite, recruiters, and those in the trenches say are today\u2019s top-of-mind concerns \u2014 and how to deal with them.<\/p>\n
Headline-grabbing recent events may spark surprising new security threats, says Rick Grinnell, founder and managing partner of Glasswing Ventures.<\/p>\n
\u201cThe government shutdown helped contribute to a great cyber threat to the U.S. government, critical infrastructure and other public and private organizations,\u201d Grinnell says. \u201cWith the shutdown, many of the security professionals watching for threats at a national level were not on duty, creating a bigger hole for attackers. Time will tell if a month of lowered defenses will have deeper repercussions in 2019 and beyond.\u201d<\/p>\n
Tech leaders are also gearing-up for next-generation, AI-driven cyber attacks.<\/p>\n
\u201cSecurity professionals must be extra vigilant with detection and training against these threats,\u201d says John Samuel, CIO at CGS. \u201cThis year, companies will need to introduce AI-based protection systems to be able to contain any such attacks introduced by this next-gen tech.\u201d<\/p>\n
Grinnell says AI wasn\u2019t a factor in the most notable attacks of the last year, but he expects that to change.<\/p>\n
\u201cI believe 2019 will bring the first of many AI-driven attacks on U.S. companies, critical infrastructure and government agencies,\u201d he says. \u201cLet\u2019s hope I\u2019m wrong.\u201d<\/p>\n
Forward-thinking organizations are now implementing privacy by design in their products, but making sure those efforts meet GDPR standards is an ongoing concern. Google, for example, just saw a record fine<\/a> by French regulators over how the company collects data.<\/p>\n \u201cU.S. businesses will need to consider a GDPR-type policy to protect citizens even before any regulations are enacted,\u201d Samuel says. \u201cUltimately, there must be international guidelines to ensure customer privacy and protection on a global scale to allow for easier compliance.\u201d<\/p>\n Jacob Ansari, senior manager of Schellman and Co., says IoT security got a lot of attention last year, but it led to little practical change in the industry.<\/p>\n \u201cThe makers of IoT devices still use vulnerable software components, poor network and communication security, and are unable to supply software updates in the field,\u201d says Ansari. \u201cThey\u2019re still making essentially all of the mistakes everyone else made in the late 1990s and early 2000s. Oh, and your voice-activated home device is spying on you and the company that makes it will give your data to the wrong person by accident with little oversight or accountability. This also suggests that better data privacy legislation \u2014 at least in the U.S.\u00a0\u2014 is a potentially hot topic for 2019, particularly in light of the events of recent elections. Nobody loved implementing GDPR in Europe, but its protections for ordinary people are decent.”<\/p>\n More than one of our sources mentioned the much-discussed skills gap in IT<\/a>, but with a twist \u2014\u00a0some tech leaders now see the problem more self-inflicted than intractable.<\/p>\n \u201cIf you’re only looking at college graduates with computer science or electrical engineering degrees from the top ten universities in the U.S. then yes, there are hardly any candidates, and most of them are going off to the five largest employers,\u201d says Tod Beardsley, director of research at Rapid7. \u201cBut the potential talent pool is so, so much larger than this, and companies would do well to explore this space a little more liberally.\u201d<\/p>\n Sandra Toms, vice president and curator of the RSA Conference, says IT departments would help themselves by \u201cplugging their skills gap with more diverse employees, and not just in terms of race and gender. Most IT hiring groups fail to look at diversity in life experiences, religion, backgrounds, sexual orientation, and education. Viewing diversity in a more holistic manner should open up a broader field of candidates and lead to higher levels of productivity.” \u00a0<\/p>\n For a more in-depth look at the hiring market, see “IT skills gap: Facts vs. fictions<\/a>.”<\/em><\/p>\n When exploring new cloud-based services, CIOs now need to ask about security across multiple platforms, says Laurent Gil, security product strategy architect at Oracle Cloud Infrastructure.<\/p>\n \u201cTraditionally, multi-cloud leads the enterprise to manage many different, often incompatible and inconsistent security systems,\u201d Gil says. \u201cWe think that selecting cross-cloud, cloud-agnostic security platforms is now fundamental in ensuring consistency, and most importantly completeness of securing enterprise-wide assets regardless of where these assets are living.\u201d<\/p>\n Find out the “7 secrets to a successful multi-cloud strategy<\/a>.”<\/em><\/p>\n According to Gartner data<\/a>, about two-thirds of business leaders think their companies need to speed up their digital transformation<\/a> or face losing ground to competitors.<\/p>\n Most companies will continue on the same path until they\u2019re forced to do otherwise, says Merrick Olives, managing partner at cloud consulting firm Candid Partners.<\/p>\n \u201cTying IT spend to strategic business capabilities and answering the question \u2018How will this make us more competitive?\u2019 is essential,\u201d Olives says. \u201cValue stream-based funding models as opposed to project-based funding are becoming more and more effective at tying board-level objectives to budgetary influences. The cost structures and process efficiencies of legacy vs. a nimble digital capability are much different \u2014 nimble is less expensive and much more efficient.\u201d<\/p>\n See also “6 secrets of highly innovative CIOs<\/a>” and “Insider tips on how to get digital transformation right<\/a>.”<\/em><\/p>\n Ian Murray, vice president of telecom expense management software firm Tangoe, says that while the business landscape is ever evolving, the basic premise of making a profit is the same.<\/p>\n \u201cThe process to finding and exploiting revenue opportunities hasn\u2019t fundamentally changed \u2014 find a problem that we can solve that is common, prevalent and that people will pay to solve,\u201d Murray says.<\/p>\n What has changed is the emphasis on direct revenue generation landing in the CIO\u2019s lap \u201cMaybe I\u2019m old school, but I don\u2019t think the CIO should be worried about directly generating revenue,\u201d Fuhrman says. \u201cI\u2019m starting to see this pop up more and more among my peers. To stay relevant as a CIO, many are working to try and productize themselves. While there are benefits to thinking that way, I think it can also be a recipe for defocusing the team and the boardroom. When it comes to revenue-generating opportunities, the place the CIO belongs is focusing on those projects and digitizing the business into an automated platform at scale. We need to stay focused on driving costs out of the business and scaling from a go-to-market perspective. That\u2019s how a CIO should focus on revenue.\u201d<\/p>\n For more insights, see “6 secrets of revenue-generating CIOs<\/a>.”<\/em><\/p>\n Organizations that aim to incorporate agile methods sometimes end up limping along in a sort of hybrid model that incorporates agile practices but also more linear \u201cwaterfall\u201d methods. In short, the worst of both worlds.<\/p>\n Tangoe\u2019s Murray lays it out: \u201cDevelopers are coding to specific spec sheets with little conceptual understanding of how this button or feature fits within the overall user experience. A disciplined approach is needed to pull this off, where the solution to specific problems are addressed within a certain release. Each release is then coordinated for a set of sprints so that a comprehensive solution that adds to the UX is achieved with every release and not just a collection of requested features that may or may not support one another.\u201d<\/p>\n See also: “5 misconceptions CIOs still have about agile<\/a>.”<\/em><\/p>\n The skills gap will lead many organizations to seek outside help. But these sometimes-necessary solutions can lead to concerns with reliability and security.<\/p>\n \u201cOur main focus is to deliver on the promises we make to each customer,\u201d says Sanchez. \u201cYou build your reputation and business on this one critical thing. In outsourcing your work, the quality of the deliverable is sometimes at the mercy of the firm you outsourced to. Given the sensitive nature of the projects we manage, we utilize strict third-party vendor assessments to evaluate partners in the event a project requires us to consider outsourcing some or all of the required tasks.\u201d<\/p>\n In addition to quality concerns, outsourcing opens up security threats that are well known. \u201cThe specific threats for CIOs that should be top of mind are the insider and the contractor,\u201d says French Caldwell, chief evangelist with MetricStream and a former White House cybersecurity advisor. \u201cUntil we move away from passwords for credentials, humans will continue to be the biggest threat.\u201d<\/p>\n For more, see “11 keys to a successful outsourcing relationship<\/a>.”<\/em><\/p>\n Matt Wilson, chief information security advisor at BTB Security, says there\u2019s a disconnect between what\u2019s set aside for the IT budget and measurable results for the business. \u00a0<\/p>\n \u201cMost organizations haven’t taken a hard, brutally honest, look at their current spend,\u201d Wilson says. \u201cThere’s often too much momentum behind the way things are currently done, the solutions already acquired, and the processes built over a decade to allow for any meaningful change. Instead, organizations may cobble together partial solutions that can’t ever fully address the root of the IT challenge \u2014 for example, Equifax not patching a known vulnerability. We live with IT pain. We waste dollars. We frustrate our talented resources with solvable problems that are rendered completely impossible in our companies by momentum. For 2019, we should refuse to be captive to history.\u201d<\/p>\n3. Skills gap<\/h2>\n
4. Multi-cloud security<\/h2>\n
5. Innovation and digital transformation<\/h2>\n
6. Finding new revenue streams<\/h2>\n
\n, says Mike Fuhrman, chief product officer of hybrid IT infrastructure provider Peak 10 + ViaWest.<\/p>\n7. Lack of agility<\/h2>\n
8. Outsourcing risks \u00a0\u00a0<\/h2>\n
9. Business results<\/h2>\n