The Future of Corporate IT: Implications for Information Risk, Part 2

We wrote recently about the five trends impacting the future of corporate IT, and the implication of first three trends for CISOs – information over process, IT Embedded in Business Services, and externalized service delivery. In this post we want to continue with the implications for the CISOs for the other two trends postulated in that work.

  • Greater business partner responsibility for IT. We have already seen examples of greater business partner involvement in IT through collaboration and the social media space, where HR functions are using social networking sites for recruiting and sales organizations have bought 500 SaaS licenses without having discussions with corporate IT and CISOs. This has major implications for CISOs as they lose their traditional listening posts from inside centralized IT and ability to prevent risky technology and software from entering the corporate IT infrastructure. Some CISOs already have lists of approved consumer devices but they should also start including SaaS-type applications that could be realistically purchased by the business in that list. Assurance for these applications might involve conducting third party assessments for “future third parties”. > NAC’s maybe another technology that CISO’s would consider deploying further to ensure that only approved devices are connecting to the network.
  • Diminished Standalone IT Role. As many IT resources get externalized or absorbed into the business services organization, the standalone IT function will become smaller. This implies the security function will need to have people with different skills. Security people in the new IT organization will need skills to work with business as well as other corporate functions, as we discussed our recent blog posting.

Do you see some of the overall trends affecting IT as outlined in the future of corporate IT and how do you think this impacts your function? Send us your thoughts; we would love to hear from you.

> Denotes content for IREC clients. Following the link will log you in automatically or take you to a page to determine whether your firm holds a membership.

Explore posts in the same categories: Information Risk Governance, Regulation/Compliance, The Future of IT, Third-party risk

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: