How Covid-19 has changed the role of the CTO
This post was originally posted on Information Age.
The Covid-19 pandemic has fundamentally changed the CTO position. As organisations adapt to working from home, fight for business continuity and prepare for their eventual return to normal working conditions, CTOs are leading the adaptation of infrastructure on which companies will either succeed or fail. By necessity, the most effective CTOs are taking a more public-facing leadership role in the process.
Based on conversations with Agio’s enterprise CTO clients across financial services and healthcare, I have seen significant changes in this position across three key areas: tech application, operations and approach to leadership.
These may seem the most obvious. As 62% of the American workforce adapts to working from home during the current pandemic, CTOs must ensure all aspects of an organisation are reconfigured for this new style of work. This includes formal checks that all staff can access the systems, and tools and data their positions require in efficient and secure fashion, regardless of location.
The new style of work also presents an immediate need to pivot from traditional desktop-based solutions to cloud-based ‘desktop-as-a-service’ (DaaS) options that are accessible from anywhere in the world. Virtualisation tools and cloud computing services like Microsoft Azure are top-of-mind among CTOs now in a way that they were not prior to Covid-19. The CTOs who act now will receive a much greater end-benefit from their transition.
Cyber security is another major focus for CTOs right now, even those with CISOs in their organisation. Data loss prevention is a priority topic at this time that must be tackled with greater urgency. Employees may be lulled into a false sense of security by using a firewall while working remotely. This does not, however, guarantee the network is safe. Since employees’ home networks are not corporate-managed, CTOs must assume these are only as secure as the public internet. To remedy this situation and allow for a trusted zone inside the home network, all laptops used for work purposes – commercial or personal – must have endpoint protection (EPP) added by the company.
The new CTO should also determine the use and abuse of communications tools like Microsoft Teams, Zoom and VPNs, which are experiencing record-high adoption rates amidst the Covid-19 pandemic. By formally assessing these platforms and their use for vulnerabilities, such as pending software updates or encryption flaws, the CTO can work efficiently (or alongside the CISO) to proactively minimise business disruption risk.
While the workforce is remote, its individuals are more likely to work at all hours of the day from several locations. Accordingly, CTOs must structure their team as if all company departments are now operating 24/7. This can be a drastic change for some operational leaders, who must consider whether outsourcing partial or total systems coverage to a third-party specialist provider would be a more efficient way to accommodate this demand, while preserving internal company resources.
Once the pandemic has subsided, the new CTO must act as a major decision-maker at the company and co-lead the process of returning employees to the office environment, ensuring that the transition back is as seamless as possible.
This may include enforcing pre-return system checks for each office location, ensuring that all devices are updated with their latest software patches, creating a specialised portal for employees to flag technical issues and designing programs to help map and/or reconcile company data stored across multiple company and personal devices. The onus is on CTOs to optimise the tools and channels through which company data is shared. If done thoroughly, the process will also safeguard against employees bringing threats from outside the company into its network.
As the sheer scale of technical and operational change due to Covid-19 demands the CTO role to become more a public-facing and assuring leader, CTOs must embrace proactive communication with employees and other company leaders. This includes formal public speaking opportunities and presentations, such as company townhalls, to keep the workforce informed on a consistent basis.
Gartner recently reported that 57% of CEOs expect the CTO to control their company’s dedicated budget for testing and adopting emerging technologies. In this context, CTOs must explain new technical rollouts, provide rationale and keep employees apprised of enterprise-wide progress. As COO at Agio, I am frequently speaking with our CTO about our use of communication platforms like Microsoft Teams, the vulnerabilities we should prioritise monitoring for, as well as what alternative we should rely on as backups.
When it comes to cyber security, CTOs must also be prepared to present IT and security vulnerabilities to the broader C-suite, explain why they happened, provide the potential scope of damage, suggest how to secure these weak points, and at what cost.
Take email scams for example, a frequent tactic for malicious actors that preys on human naivety to exposure company assets. Detection of these scams is becoming increasingly mission-critical to the organisation, having increased in frequency by 33% since January. The new CTO must explain to their peers which technology-based solutions is best for the organisation, whether it’s sourced within the company, built from scratch, or attained via a third-party specialist.
Until now, the CTO role in some organisations has been understated or ambiguous. It is my hope that CTOs will recognise their value in this new reality as a business enabler and company leader. In doing so, they can adapt to crises such as Covid-19, and become the public-facing ‘CTO 2.0’ that organisations need to navigate the unknown and ensure success.