Our Head of Security, and CISO Service lead, David is recognised as one of the Top 10 influencers by Thompson Reuters, and a Top 50 global expert by Kingston Technology. He is also one of the Top 30 most influential thought-leaders and thinkers on social media in risk management, compliance, and regtech in the UK.

In his role as Head of Security at QuoStar, David leads the CISO Service. The CISO service provides businesses with the cyber-security skills and experience necessary to manage the multitude of threats and rapidly changing risk landscape of today, on a flexible and cost-efficient basis. David take’s a moment to share his views on it all.

1.How did you get started in the security field and ultimately become a CISO?

David: I was around when some of the first Viruses went mainstream. Back then I worked for one of the only companies that made Multi Factor Authentication systems in the 90’s. It was “leading edge” at the time.

I built and ran one of the largest commercial remote access platforms using Multi Factor Authentication.  Then I ran Infosec for some FTSE 100 companies, one of which was the largest private trading network in the world – trading 3.5 trillion dollars a day.  Another was managing Global Security Services Operations Centres (24/7) across 4 continents, where most of the customers were FTSE 250.

2. What do you enjoy most about working as a CISO Service resource/consultant?

David: Meeting challenges of audit, due diligence, and breach management.

Audit is getting more involved and complex and due diligence is often 300-400 questions and an “interview” with the compliance department of potential customers.

Breaches is about managing with around 10% knowledge of the situation and making decisions in a very short time for the best outcomes – while ensuring buy in from the board. They always seem to happen on Friday evening!

3. As Head of  Security, what challenges or issues do you regularly see in small and mid-market businesses? Why do you think the same issues keep occurring?

David: 1. Robust management of access and privilege management. 2. Managing risk consistently. 3. Not aligning Cyber Security with Data protection requirements – as they overlap at a core level.

If you have control of the information assets servers and cloud, information security is much easier to manage. It enables savings in resource and effort if this happens and can demonstrate to the business control and improvement.

4. How do you think the security landscape has changed in the last five to ten years?

David:  As a CISO Service lead, I believe it is manging the hybrid of internal servers and cloud – and managing the challenge of access control. The company boundary is very fluid, especially where ‘what’s company and what’s personal’ is concerned.

One of the best frameworks is ISO27001. It is good for demonstrating accountability and decision making. It also aligns with SOC2 and parts of HIPAA quite well.

5. What do you think will be the emerging risks businesses need to consider in the next 1-2 years?

David: It used to be technology first, then followed by making technology safe and compliant. Now technology needs to be safe and compliant first, and performance orientated second – along the lines of what has happened in the automotive, aerospace, building and food industries.

The risks potentially surround the technology itself not having enough security management capability, or that if it does it can be resource intensive.  There’s also the globalisation of threat actors and the capability of managing multiple global data protection regulations.

More recently the US Biden government issued a memo to US Businesses in summary June 2, Stating the 5 best practices – one being Multi Factor Authentication. Other important aspects are multi-pronged backup Updates, Incident Response, external testing and network segmentation.

6. Has the Covid pandemic exacerbated security concerns or introduced new ones for businesses to deal with?

David: Probably, due to homeworking and fast transformations of moving office servers to the cloud, as well as an increase in Ransomware attacks, an increase in Data Protection legislation globally and the increase in corporate security concerns due diligence.

It has been an increasing challenge for a Head of Security. We have seen an increase in demand from due diligence enquiries, especially for more detailed homeworking policies and guidelines. So, the lines have blurred as to what is home device or a work device. The “physical office” is now the home office, and mandating rules now have to be guidelines that are appropriate – as well as using more layers of defence to protect staff and corporate assets.

7. Do you think businesses focus too much on the technical/technology element of security (e.g. AI solutions)? What other areas do they need to consider?

David: Potentially yes, without an end-to-end strategy, it makes security technology “tactics” unlikely to see a ROI, Return on Investment.

As Head of Security, I see the human element of security is also overlooked quite often. Especially when you consider that almost half of all security breaches are caused by human error. This is even more disconcerting when you consider that only 60% of employees will report a security breach too.

We are actually hosting a free webinar on that subject on 29th July 2021 at 1pm, so if you’d like to know more register for free.

8. How important is cyber-security education? What are the challenges for a Head of Security conveying the risk/educating business? Who in the business needs to receive education/training and how often?

Education is very important, as is having the appropriate training for each role ideally aligned to the companies risks – so that maximum benefits can be realised e.g. developers would require different training from HR staff, as the risk they are managing are different.

Of course, there will always be a need for baseline cyber and data protection training. You can find out more about what Security Awareness Training there is available for employers and employees in our article here.

9. Do you feel there is a security skills/talent shortage? What advice would you give to businesses to combat this?

David: I’m not entirely sure. If there is a shortage, there is definitely a misunderstanding of what skills are required.

Personally, I would align the risks and the strategy, then decide what skills are required to make it happen. It may be that companies would benefit from outside help – to formulate the strategy, and always have access to a range of skill levels onboard to achieve skills resilience.

The other issues that many companies seem to come up against are 24/7 and global, so having just one capable Security resource will not be enough to cover these time periods.

10. As Head of Security, what advice would you give to businesses who want to reduce risk and increase their security posture?

David: Manage Risk regularly with key stakeholders.

Ideally do not remove a risk or lower a risk without evidence, from at least the following e.g. a Policy, Procedure, Penetration test, Internal Audit, External Audit or risk committee approval. This will demonstrate accountability and assist in managing data protection, to enable a defensible position in the security posture.

Ensure a multi-layer approach to security. Utilise things like Access control, least privilege, Approved applications, strong email defences, layered endpoint security, centralised control of endpoints and access, plus multiple point backups.

11. If there was one security investment you could recommend to businesses what would it be and why?

David:

One piece of tech most companies aren’t using

To keep companies ahead, Secure Access Service Edge will help with Cyber security and Data Protection. The ROI is great! It releases staff time, and the payback can be in months.

 One Framework

You can manage risk and accountability using ISO27001 framework. If you are not going to be certified, ISO27001 also helps align with NIST, SOC-2 and can help align some components of Data protection. It can clearly demonstrate accountability.

Training that is focused to the role in the business is most appropriate, using the “Incident” metrics to tailor training and technology requirements.

 One practice
Have a data/Cyber champion in every business function so you’re able to manage threats, risk and increase incident reporting capability to enable “real-time” issue management.

 

We hope you found David’s current take on Cyber-Security insightful. During his career David has worked across multiple sectors, including financial services, government, utilities and FinTech, working with a variety of clients – from start-up level and SME up to FTSE 100. He previously held the role of Global Head of IT Security at BT and Radianz (formally Reuters). He’s also been responsible for managing the security infrastructure and delivery of ISO 27001 for multi-billion/trillion-dollar environments. He is also an active CISO consultant on our CISO service offering.

Having a CIO-level professional on your board is the first step to treating IT as a strategic asset rather than a cost. Question is, full time, interim or virtual CIO?

IT is no different from any other business-critical area. You know a transformational IT roadmap will bring significant operational and financial benefits, but you need a professional with the right skillset to pull it all together. It needs a strategy, leadership, and ongoing management if you want to achieve measurable returns and competitive advantage. A CIO – but do you need that position filled in-house or with a virtual CIO?

A CIO (Chief Information Officer) is usually the most senior technology executive inside a business. They hold responsibility for the IT strategy and determine areas for improvement and development within the IT systems and processes. A commercial mindset, extensive experience as well as a deep understanding experience of technology and its application, is necessary for a CIO. 

A CIO will focus on IT strategy and leadership, ensuring that IT is aligned with business goals.

Unlike an IT Manager, a CIO is more outward-facing. They will focus on IT strategy and leadership, ensuring that IT is aligned with business goals and works in unison with the overall business strategy. However, as the CIO is often the executive level interface between the IT department and the rest of the business, they need to keep abreast of day-to-day operations and issues. Any IT projects will likely be owned by the CIO, and they will be accountable for signing off on the solution and the implementation. They will ultimately be responsible for the project’s success, outcomes, and ultimately the ROI. A good CIO can see past emerging technology hype.

Many businesses assume that the only way to gain access to a CIO’s knowledge and experience is a permanent hire. While this is certainly one option, it can be costly and unnecessary for your current needs. If you’re flying blind how will you know they really are as experienced in the field as you require? There are alternatives available that may be a better fit for you. 

We explore four different ways businesses can fill the CIO role: Full-time Permanent CIO, Interim CIO, Virtual CIO and a CIO service. We look at pros and cons of each to help you with the decision-making process.

The 4 types of CIO you could hire

  1. Full-time, permanent CIO

A full time permanent hire CIO is an experienced technology leader who sits within the business at board level, with full time generally meaning 40+ hour week for most – and doesn’t come cheap.

What are the benefits of hiring a full-time CIO?

What are the disadvantages of hiring a full-time CIO?

  1. Interim CIO

Also known as a Contract CIO, an Interim CIO is an experienced technology leader who temporarily fills the CIO role.  The average tenure is between six months to two years and an Interim CIO is usually bought in to tackle a specific challenge while the business transitions between permanent CIOs. However, they are also sometimes hired to support and mentor a newly hired or promoted CIO. 

An Interim CIO’s role typically falls into one of two camps:


What are the benefits of an Interim CIO?

What are the disadvantages of an Interim CIO?

  1. Virtual CIO

A Virtual CIO (vCIO), also known as a fractional CIO, provides consultation on IT and technology strategy as a third party. Compared to full-time and Interim CIOs, who take an active role in company operations, the vCIO is often an advisory role.  

They will have similar responsibilities to an in-house CIO, but the core difference is that the service is delivered virtually. You may not meet your Virtual CIO and there could be multiple people working on the business at different times, depending on the structure of service. 

What are the benefits of a Virtual CIO?


What are the disadvantages of a Virtual CIO?

  1. The CIO Service – a better alternative for the mid-market… 

You may feel that a virtual CIO wont deliver the expertise and attention needed to achieve measurable outcomes – but you also don’t have the resources or requirements to justify a full-time hire, and an interim CIO just won’t do.

Often, it’s not operationally or commercially viable for mid-sized organisations to have a full-time senior internal IT professional. However, access to professional IT management expertise and skills offers a competitive advantage.  With the right management, IT can improve the business’s bottom line, aid client engagement and service delivery, and improve staff retention.

Luckily there is a fourth alternative that bridges the gap, while still delivering tangible value on a cost-effective and flexible basis – a CIO Service.

QuoStar’s CIO Service has been specifically designed to provide mid-market businesses with the strategic IT leadership necessary to deliver the benefits of a full-time CIO but without the significant costs.  

What are the benefits of a CIO Service?

Our QuoStar CIO Service offers:

The CIO Service - Blanchards Bailey Client Spotlight

Leading IT consultancy QuoStar has announced the launch of a CIO Service that will deliver on-demand access to top-level IT leadership on a flexible, cost-effective basis.

QuoStar’s solution will provide businesses with a dedicated, experienced CIO-level Consultant who will work in partnership with the senior leadership team to ensure IT continually delivers measurable results. Businesses will benefit from a board-level understanding of performance and receive a clear roadmap for future tech investment and improvements. As a result, they will be able to reduce unnecessary spend, enhance client service delivery and engagement, and gain a lasting advantage over competitors. Based on co-sourced arrangements, this is a fresh approach to bringing external expertise into the business. It’s backed by QuoStar’s Outcome Assured™ guarantee, giving peace of mind that the expected results will be achieved.

IT investments require continuous management and businesses must consider them strategically to deliver the expected returns. While enterprise businesses can employ and retain highly skilled and experienced IT professionals to plan and lead their IT functions, many mid-market businesses cannot, even though the need for professional IT advice is just as great. QuoStar has recognised this challenge and has developed a service that effectively acts in place of the top-level internal CIO position while delivering the benefits of a full, expert external team.

The CIO Service will be headed by Chris White, Head of Consultancy at QuoStar and former Global CIO at international law firms, such as Clyde & Co, HFW and Ashurst. He leads a team of experienced IT leaders who have built and run complex IT environments across many sectors.

Chris comments:

“Technology is increasingly critical to the success of every business. The competitive landscape is changing in most sectors, clients require higher levels of service from their suppliers and remote working looks like it’s here to stay. Technology must be considered as a strategic asset. There’s no getting around the fact that transformation can be expensive, complex and time-consuming. But if you do it right it can provide a significant competitive advantage to your organisation.  We’re delighted to launch the CIO Service, which will help businesses to get the most out of their investments and move their IT estate forward.”

QuoStar has seen an immediate uptake of interest and has recently signed UK law firm, Blanchards Bailey to the service. The firm is already reaping the benefits of working with a dedicated CIO-level Consultant to drive their IT forward.

Paul Dunlop, Managing Partner at Blanchards Bailey, comments:

“At Blanchards Bailey we recognised the strategic importance of technology and its potential to deliver a significant competitive advantage and better client service. As lawyers, we don’t have all the necessary skills to achieve the results we want and therefore we partner with specialist IT firms to deliver the very best secure systems. We have recently partnered with QuoStar, to provide us with a Chief Information Officer Service, providing the board with strategic IT knowledge and expertise. QuoStar gives us the technical, operational, and strategic skillsets of a highly experienced senior IT professional, but on a basis that fits our firm’s needs and budget. We’re in the early stages of our partnership, but the initial reviews have already delivered dividends and we look forward to working with QuoStar on a long-term basis.”

Get more from your IT with a strategy, on-demand CIO-level Consultant: We help businesses to us IT to gain security, stability and a competitive advantage in a rapidly developing marketplace. Click here to find out more.

Outsourced IT support failure can be a huge problem for a business. However, when done right IT outsourcing can deliver numerous benefits to your business.

Like all large projects, the move to outsourced IT support is never guaranteed to be risk-free – but this guide to seven reasons for failure could help you mitigate those risks.

You only need to look a few years back to find some big-name failures caused by a failed outsourcing relationship – The UK Border Agency, BSkyB, the Child Support Agency and the Royal Bank Scotland are just a few.

One very pertinent example is TSB’s IT meltdown which followed a botched IT upgrade project involving the transfer of 1.3m customer records. Their outsourced IT support failure caused problems that spanned multiple weeks and many customers were completely locked out of their accounts during this time. TSB lost £330 million and 80,000 customers because of it – negating any cost savings this project was supposed to deliver the business. Not to mention the lasting damage this incident will have on the bank’s brand.

Situations like these highlight how important it is to select the right IT partner.

Engaging with the wrong one – or for the wrong reasons – could cost your company dearly in terms of financial outlay, staff morale, productivity and future performance. We have put together an honest list of seven common reasons for failure. These can apply whether you are outsourcing your entire IT function for the long term or have engaged a third party for a one-off IT project.

Remember it is a two-way partnership and both parties have important roles to play in the process.

1. Cost is the only consideration

Many businesses opt to outsource to simply reduce costs. This is typically already lining up problems from the start. Of course, the cost is a factor but value is more important than flat fees. As an example, many companies look to cheaper offshore companies without considering the potential issues such as communication problems, cultural differences, quality of staff or time zones. These areas can grind a project to its knees and almost always guarantee outsourced IT support failure.

Rather than simply choosing the lowest bidder or the one who offer the largest upfront discount, look for the provider who will deliver the highest quality of service. Take into account their previous record of accomplishment, obtain references from current clients, and look at the quality of the staff, the teams, their accreditations and experience. If you don’t know how to look at these areas with a complete understanding of all the factors then find a consulting firm that can assist in vendor selection. If your main criteria for selecting a provider is cost then you will get what you pay for.

2. Rushing to meet a tight deadline

As a simple example, if a 150 person law firm were to introduce a new practice management system we would typically expect the process to take around 12 months, from end to end. This would include things such as

Rushing to complete a project within an unrealistic deadline means one or many of these areas will be skimped on. This results in lower quality work and further issues down the line. Of course, situations do occur where you have no option but to operate to a tight deadline, but you should be scheduling plenty of time for a project. Also, remember to include some contingency. It is better to have it and not need it rather than letting a hurdle throw your timeline wildly off track.

3. Not seeing the relationship as a strategic partnership

In long-term IT projects and outsourcing, your service provider can become a valuable partner in achieving business growth. Try not to view IT-related tasks in isolation – or even worse, as a “necessary evil.”. If you do you will miss huge potential benefits.

4. Outsourcing the wrong functions

To gain the benefits of IT outsourcing you do not necessarily need to outsource your entire IT environment. This approach does not work for every business type and there are some situations where it may be better to keep some IT functions in-house. A good IT consultant will discuss these options with you and advise you accordingly. They won’t force you into a contract that is not quite right.

5. Failing to accept the need for flexibility

Technical advances and technology developments happen rapidly in the IT world, which can require a degree of flexibility. Agreeing to common-sense changes as the contract plays out will ensure you keep up with the latest advancements. That way your project remains relevant.

6. Poor communication can cause outsourced IT support failure in an instant

As discussed above, offshore outsourcing can cause issues due to language barriers, cultural differences and time differences. This can lead to your staff having to work extended hours in order to reach the outsourced team. However, some companies can have trouble with UK-based providers as well. It is important to make sure that all parties are on the same page. That they are working towards the same goal and the same timeline. Poor communication can seriously damage the outcome of an IT project.

7. Outsourced IT Support Failure can be down to Micromanagement

You will have chosen this IT consultancy to manage and deliver your project because you believe they have the skills and experience to do so – so let them use those skills. Of course, there should be regular communication between the business and the project manager. However, micromanagement just leads to bad feelings on both sides.

Build a good working relationship. That way you should be confident that the project manager will execute the work as defined in your contract.

Conclusion

Outsourced IT support failure is not limited to the biggest businesses. The issues outlined above could affect any organisation undertaking IT outsourcing. That being said, you should not let potential problems put you off altogether. Just keep them in mind when meeting with IT consultants to discuss outsourcing or project management. Trust is a crucial element for successful outsourcing. So, make sure your chosen provider is someone you can work in partnership with.

Digital transformation and automation are hot topics – they’ve been hot topics in one guise or another since IT was born. But despite their proven effectiveness and capability to enhance the way a business operates; many businesses only pay lip service to improving their internal processes in earnest.

Why is this? The two most common reasons are that either they’ve been burned by a project or initiative that was sold to them using automation and digital transformation tags as buzzwords which then failed to deliver substantial results, or they’re distracted by the more visible (but less impactful) new campaigns being generated by marketing or sales.

This obsession with searching for new horizons whilst leaving the internal business to fall into disrepair is seen all too commonly. Even in manufacturing, companies who have been improving their production processes relentlessly for decades seem to have forgotten to apply the same fervour for efficiency gains in the back-office. There are huge gains to be made from automation, but it must be business-led and with a focus on ROI.

So, how do we begin?

1. Understand where you are

This early on, you shouldn’t be looking at the tools to conduct your automation. Nor should you even be looking for external consultants. You need to instead get a general feel for what could be improved and what should be improved in the business.

This is a straight forward exercise of breaking down the business into its component parts –  typically into departments. Then list all the business operations/processes within that department, such as client onboarding, lead-processing, invoice processing and debt collection.

You should then break down these processes into steps and actions. If you can use a flow-chart then great, else just map it out in a way that the team understands.

Regardless of what method you use, it is imperative that you are as precise and detailed as possible at this point in your journey. Every concurrent step follows on from this one, so ensure you start on steady footing. The more detail you add, the simpler it is to see areas that can be automated which saves future you time and other resources.

2. Determine priority areas

As you go through your analysis you’ll start to see areas that can be improved quickly. You’ll also typically see that many internal processes can be broken down into two core types of task – actions and approvals.

Taking a typical and traditional expenses procedure as an example: An employee would open an expenses sheet and enter the details of their claims, scan in all their receipts, print the form and receipts, sign the form, hand it to their line manager, they sign-it, it’s scanned back in and finally sent to accounts for payment.

You can see from this that even with simple tasks, there’s a good deal of steps and many opportunities for automation. However, there are also some stages that are impossible to automate – the signatures are a notable example. These can still be digitised, however.

The real purpose of this step is to gauge how and where automation/digitisation can make an impact. By identifying processes that have wide stretches of actions which could be automated or lots of approvals that could be digitised you can create a priority list of tasks that you should address to have the biggest impact. The more steps and touches by people the greater the potential impact.

3. Look at technology

Thanks to the rampant rise of technology and globalisation, you are likely to be able to find tools and applications that fit your requirements relatively easy.

Of course, many systems will be able to take over many parts of your operations and the processes within them. If you can find one system that can deliver greater efficiency and ultimately customer service then it’s potentially going to save you costs, integration headaches and upgrade hassles.

On the flip-side it’s important that during this stage you find a system that maps directly to your requirements, rather than trying to change your operations to fit a system – which can happen with complete business systems that blend various applications and operations, i.e. Practice Management Systems in law firms, ERP in manufacturing, etc.

You may have to create a blend of systems to deliver a highly configurable system. As in essence you then get a much more powerful solution that will deliver you greater results and potentially a greater edge over your competition. Lots of tiny improvements soon mount up into a measurable advantage.

A clear requirements analysis is really going to help you see the gaps when looking at software solutions and systems. Do understand that it’s common to buy a total business system and then not use large pieces of it because those parts don’t truly map to your operations, i.e. you use the accounting and service elements but don’t use the CRM functionality – potentially using a 3rd party solution that integrates better.

4. Plan the project

Once you’ve mapped out your processes, bundled them into relevant categories, evaluated where the big wins will come from and have a solid system/application more or less identified then you have a clear starting point. Now it’s time to look at the project delivery.

A clear time-bound plan along with sensible milestones is essential to deliver returns from a digitisation project. You should be working in conjunction with vendors and (if relevant) developers, along with internal affected teams to create a project plan that you all buy into and approve. It’s important to of course consider costs, not just the hard costs but also the soft-costs – which will often make or break a project in terms of delivering a business-enhancing result.

If you are looking at numerous digital transformation projects, it’s important not to fall into the trap of rolling out too many projects at once or back-to-back. Too many companies go for fork-lift upgrades where they change numerous projects at once and that can cause fatigue and frustration in the user base at best. Create a considered road-map that will give staff time to become accustomed to new ways of working or new systems before undertaking more change.

5. Go hard on testing

Testing can never be overrated. You can only ever deliver an effective digital transformation project through a rigorous and considered testing plan.

Ideally, you’ll be able to pilot the new process or system in a real-time test environment. That way you can see the difference whilst ironing out issues as you go, prior to a wide-scale rollout.

This is increasingly possible now since many applications and systems are now cloud-based, allowing you to trial a system in a fully-fledged test environment without signing up for long-term contracts.

If there isn’t a way to preview the effectiveness of the new process or system, it’s important to agree what success looks like with the vendor far in advance of signing an order or contract. Too many businesses sign-up on a sales person’s promise. A project can fail because clear deliverables aren’t agreed at the start.

If you have stakeholders, i.e. users of the system, ensure that they are happy with the testing. Without stakeholder and user group sign-off you can find yourself surrounded by disgruntlement and finger-pointing. Make sure you tie everyone into success.

6. Go Live

Once you’ve signed off your testing and pilot as a success, it’s time to finish your roll out and go live with your new system. If you’ve got to this stage successfully everyone should be raring to go (communication is everything) and fully trained.

You should now be following your project plan as you bring the solution live. It’s also important to document and analyse any issues that arose along the way. Discuss them in a ‘lessons learnt’ session with the project team during or after the rollout. We all grow through difficulties, and our experiences can help those who follow after us on other projects.

7. Evaluate success

After you’ve delivered your automation project it’s important to formally look back to what your objectives were at the beginning. Did you meet them? It’s also important to do a formal follow-up meeting. Ideally once everything has been running for a few months and then maybe after the first year.

If you can clearly demonstrate the value and business enhancement over a period that’s exciting. It will also transform a boards perception of IT. It will drive it to the centre of the board agenda – which it should be right now.

8. Start again

Digital transformation doesn’t have a clear end. It’s all about continual improvement and so should in effect be a never-ending cycle. It’s very unlikely that the change you have instilled is perfect and can’t be improved.

If you want to grow your competitive advantage and/or profit margin you should be managing change as you go; whilst also revisiting the whole process in specific time-frames. This could be every 3 months, 6 months, annually or longer if appropriate (unlikely).

Ideally, now you’ve gone through the motions, innovation, automation and transformation should have become part of your standard operations. Your board will hopefully be demanding it.

Conclusion

Digital transformation is without a doubt a buzz term. In reality, it’s LEAN and continual improvement rebadged. It’s something every business should be doing in a structured manner to survive and thrive in a global business environment. The challenges are there, but you can gain than ther is to fear.

What is a CIO?

If you don’t know what a CIO is, or want a refresh, check out our existing article on the role of a CIO. Since this article is aimed at businesses who are aware of what a CIO is but want to know if they need one, we won’t be covering it here.

Does my business need a CIO?

A widely held notion is that only large, multi-national corporations need the service of a CIO. This may have been true a decade or so ago, but with IT now central to the whole business it’s no longer the case.

The skills of a CIO are now useful to any size or type of business from a 50 person legal firm to a 300 person manufacturing business.

So then, if every business can have a CIO, how do you know if you need one? Here are some key indicators you can look for which show you’re ready for a CIO:

1. You lack the information to make business decisions

When there are plans to make a change in the business, a lack of data and information can plunge even a good idea into uncertainty. Lacking the knowledge for major IT-related business decisions results in project delays. And when the time does come to choose, it’s a decision made on the promises of a salesperson rather than on proven facts.

These factors often limit the scope and effectiveness of projects. Resulting in a lower value or poor performing outcome.

A CIO helps by de-risking the decision-making process. By using their knowledge of technology and the wider business, they can find a solution that has its base in hard facts and proven performance, rather than going by guesswork and hope.

The CIO also gives an amount of certainty to making IT-related business decisions. This can help drive change and adoption, giving you an edge over your competitors who may be uncertain about how to review and apply new technologies such as AI or initiatives such as process improvement and automation to their business.

2. There is friction between departments

When one system or department’s poor performance and operations restrict the ability of another department to get work done, animosity and frustration can arise. This friction is often made worse by siloed departments. This causes rifts of communication, priorities and strategy to form and makes employees feel like they are fighting against their co-workers to get work done.

By being a mediator who ties together the IT and operations sides of the business, a CIO can help reverse this friction. Producing a unified strategy and operating environment means employees will be working towards a complementary outcome. And since everyone will be working in tandem, the likelihood of bottlenecks forming is also reduced.

Finally, because the CIO is in a neutral position, not aligned to any specific department they can be an impartial judge over which department is in the most need of IT resources and systems.

By relying on the facts and listening to each case, they can determine whose requests and priorities to address first. Rather than having each department claim that they are in the most need.

3. There are regular complaints about IT system performance

When constant IT issues are occurring, employee performance will decrease. For a 40-employee firm, even five minutes of disturbance per employee per day will waste over 16 hours a week.

A CIO will listen to the complaints being made and use their knowledge to identify and address the root of the problem. Be that through their own team, a service provider or a software vendor.

This not only minimises employee’s frustrations but it also improves their efficiency. Making a difference to your bottom line.

A CIO can also help you understand where issues might arise in the future as your business grows. They have the expertise and experience to know when you’ll meet friction and pain from an IT or operational standpoint. Allowing them to smooth out the road before you get there.

4. The business is going through a period of change

When your business is experiencing change (moving premises, going through a merger or acquisition, moving to the cloud, expanding teams, e.t.c.) there can be uncertainty around the potential threats which arise and unseen opportunities which pass by. Large scale change in the business’ use of IT can also create unease from a strategic standpoint.

A CIO has the experience, skills and expertise required to get things done in this situation. And thanks to their knowledge of both IT and business, they’re able to take advantage of the opportunities and mitigate the threats which may arise during a period of change.

5. You don’t understand the benefits IT can bring / You see IT as a necessary evil

When a business sees IT as a necessary evil, it’s inevitable that they’ll commit the least money, time and effort towards it. But businesses which do this only end up handicapping themselves since IT is not only ‘a cost’. Instead it’s the main area where you can gain a competitive advantage in the modern business arena.

The ‘IT is a cost’ mindset arose in the early 2000s due to a decline in business intelligence and a lack of understanding in what IT is. Investments were being made based on trends and hype, not fact. And when people were burned by their mistakes, it leads them to think of IT as a waste of resources.

The CIO helps bring back the business focus and knowledge that so many businesses have lost. Allowing IT to once again become a performance enabler.

Through wise technology investments, addressing deficiencies and ensuring that the IT strategy aligns with the strategy of the wider business, the CIO can re-kindle faith in IT and drive it back into the heart of the business, where true business gains lie.

6. No one in the C-suite is excited about IT

When there is no interest, there is no innovation.

There needs to be someone on your board who is excited about the potential of IT. Without this momentum, you risk projects being put on the backburner or dropped altogether. Slowing your pace of innovation, or even causing stagnation.

So in a world where you either innovate or go out of business, the CIO’s interest and proven experience in technology are vital.

By staying abreast of the latest trends and opportunities a CIO can ensure you’re always getting a business advantage. And with their understanding of the business applications of IT, new technologies and systems can deliver improved business processes and productivity. Giving you a competitive edge.

How big of an investment is a CIO?

To hire an in-house CIO, you can expect to be paying a salary of ~£150,000 per year. And for a highly qualified candidate, up to £240,000 per year – almost a quarter of a million.

A CIO’s salary is likely to eclipse that of any existing senior IT employees you already have such as an IT Director or Chief Technology Officer. It may also surpass many of your other C-level executive’s salaries as well. This is because the role demands a blending of technical and business knowledge alongside at least a decade of experience in similar roles and so employees can command a premium for their employment.

If you’re unable to part with this much cash or are already concerned about cash flow, you may now be thinking that a CIO is out of reach. Fortunately, there’s a second and increasingly popular route: a CIO service.

Because a CIO service has many clients, you get to benefit from the economies of scale which allows prices to be much lower on average.

Combined with how you only pay for the time you use their consultancy, rather than a yearly salary, a CIO service will typically be far more accessible than an in-house employee; all whilst offering the same benefits.

Running a business can be difficult, particularly when it goes through a rapid growth phase. As a business owner, you may be feeling overwhelmed, overworked or just not as efficient as you know you could be. To remain competitive, businesses must boost operational efficiency, this is especially true in the SME market where organisations may have more limited resources. Efficiencies can be gained in a number of places, but here are five areas to start with.

1. Reduce paper usage

Reviewing your paper consumption and usage is often one of the quickest ways to streamline your business. Paperwork can quickly pile up and increase waiting times – internally and externally. Trace the paper trail and ask key employees:

You may find that while the information is necessary, individuals do not necessarily need to have paper copies. One way to address this would be to look at document management solutions that would allow you to make the move to start digitising information.

Document management solutions can help your business to operate more efficiently by putting documents at employees’ fingertips instantly and providing an easy way to categorise, store and organise documents. With the right solution, you will be able to scan documents in a matter of seconds, and use workflows to automatically route that document to the right folder or person. When choosing a solution some of the things you will want to look for include: being able to create customised workflows that fit your business operations, easily search scanned documents and assign access levels by employee role.

File cabinets and storages boxes can also take up valuable office space – or even be an additional expense if you require offsite storage. So you should look at using a document management system for the long-term storage and retrieval of documents. Not only will this save floor space, but could prevent staff from having to make trips to and from your offsite storage to retrieve documents – saving you both time and money.

2. Outsource

Businesses of all sizes can benefit from outsourcing, whether that’s choosing to outsource their finance and IT support or HR and marketing. There are a number of ways your company can benefit from outsourcing. When done correctly it can help your business to run more efficiently and reduce costs. For example, outsourcing tasks will allow you to focus on business growth, without sacrificing quality and service in the back office.

For small businesses outsourcing can help ensure certain tasks (such as billing) are performed at a consistent and affordable rate. It can also help reign in the spiralling operational costs of certain departments in larger organisations. If you suspect there is an area of your business that could be more efficient, scope the requirement and desired outcomes, and investigate potential options.

3. Automate repetitive tasks

Does your business have a lot of time-consuming tasks which need to be performed on a regular basis? Do you have to use multiple systems to complete single tasks? Look to see whether these tasks could be consolidated, so they can be performed with a couple of clicks. See whether you can use workflows to automate processes, freeing up your staff to focus on higher-value tasks. One example could be billing emails. If you send regular reminders to customers about direct debits or upcoming payment dates automating this process could save you hours.

4. Develop a long-term technology plan

Replacing outdated or ineffective hardware can majorly impact your employees’ productivity. You can minimise or reduce these disruptions by planning for the long term. You should determine your short and long-term business objectives, and map where technology solutions can help you achieve these.

5. Reduce unnecessary travel time

While face to face meetings are an important part of a business, they are not necessary for every situation. Particularly where you might have customers spread across the country or even the globe. Time spent travelling is typically less productive, and any time saved can be spent on higher-value tasks.

Nowadays it is straightforward to talk face-to-face virtually with video conferencing and collaborate via screen and application sharing using systems such as Skype for Business. Of course, the price points do vary so mapping technologies to their correct applications are crucial. Additionally any out of the office training seminars, conferences or exhibitions should be reviewed on a cost-benefit basis. This is not to say you should stop employees from attending these events – as they can deliver high value. Just ensure you’re choosing ones that will help your employees meet their objectives.

These five areas are just a starting point there are many other things you can go on to consider. You can also review software, recruitment, remote working, mobile access and communications. Remember to evaluate the impact each area will have on your bottom line and how it will impact your employees, suppliers, business partners and your customers. If you commit to taking the time to streamline your business operations, you will see the results take shape.

Managed print and document solutions can bring a wealth of benefits, including increased employee productivity and efficiency, the ability to maximise billable hours, and greater document and data security. But in order to truly harness these benefits and enhance your operations, you need to choose the right print and document solutions partner.

Many companies will feel under pressure to simply pick the lowest cost option, or are blinded by a dazzling list of benefits which seem impressive on paper, but in reality, don’t quite deliver after installation. This why it’s critical to do your research, to ensure you’re choosing a solution that delivers a return on your investment, beyond simply the cost per print.

How to choose a solution that suits

The Installation Process

If planned and executed correctly, the impact of installation on day-to-day management and activity should be insignificant. If the print and document solution takes days to install and is difficult to integrate with your other applications, then it’s only going to have a negative impact. In the short-term, it’ll be costing your firm on the bottom line and will damage the end user’s perception of the solution. Inefficiencies will swallow up any potential returns in the long-run as users try to find a workaround for the solution.

How Does It Integrate?

If the platform will only integrate with a few pieces of third-party software then it’s going to be a struggle. Or it will become more of an expense in the long run. You want a solution that fits your needs and operations. Not one that you have to work around it, or which restricts future decisions. In order to truly integrate, you should be looking at firms who truly understand systems, and who can analyse your business and operations. You don’t want a provider who only looks at printer location and the cost per print. This is where so many traditional copier businesses fall down.

Flexibility

Your chosen print and document solution may integrate perfectly with your current infrastructure, but you don’t want it to affect software choices you make in the future. Otherwise, you could be left with an ineffective, cumbersome solution. Or have to pay out to start this whole costly process again. The right print and document solution should, as your IT infrastructure does, grow with you, allowing you to capitalise on new opportunities and changing markets.

Management & Long Term Planning

When most law firms receive a proposal from a print provider, the first things they will notice is a lower cost per click, due to standardisation, and a drop in paper consumption and waste. Whilst these are positives, there is only so much you can gain without further optimisation. You can achieve greater productivity and efficiency through scanning solutions, but this takes time, planning and ongoing management. Many print providers simply don’t have the knowledge to deliver this properly.

You need a provider who is in it for the long-haul, who will take the time to learn end-user trends and revisit the solution to see where they can change processes and automate staff functions. These are the areas which will make the solution completely bespoke and will enhance your margins. The provider needs to stage the solution, with every step optimised before progressing to the next. If a print company tries to deliver everything in one big project then something is probably not quite right.

Ask yourself, what do you want to achieve from this process? Do you just want to achieve quick wins? Or do you want to also optimise processes for ongoing operational and margin improvement? The answer to that question should give you an idea of what sort of providers you should be engaging with.

Generally, you haven’t moved away from Windows Server 2003 because a critical and extremely complex piece of internal software relies on it, or due to budget constraints. There are a few other reasons, but chances are that you are simply being negligent and putting your business at risk for the sake of saving a few £s. If you are ignoring the end-of-support warning due to financial concerns, then you are playing a dangerous game. In fact, if you are unfortunate, a savage enough attack could cripple your business or even put it under – and that’s not scare-mongering.

You will notice a few security vendors stating that they can protect you whilst you still run Windows Server 2003, but generally, this isn’t really the case as the weak link often comes in a process or a person. Also, if they were all so good we wouldn’t have any viruses or exploits, would we?

So, if you are in a difficult situation, where do the real threats lie?

There are other risks but these are the main ones and the most significant. Over the coming months, the risks to Windows Server 2003 are going to be pretty large as hackers and the like hold back exploits until the support ends. The flames will burn brightly for say 6-9 months and then slowly taper off as the easy prey has been picked off and the bandits look for new pickings.

If you have left it too late to switch from Windows Server 2003 then what are the key things you can do to protect your environment?

The important thing to do is plan to protect services as soon as possible, then get your plan ready. Depending on the size of your environment, it’s unlikely to be a straightforward task, so you should probably start planning now or bring in a consultant quickly. You need to take a number of factors into account as a bare minimum. Here a few generic ones to get you thinking about the implications.

The implications

If you’ve been avoiding a move due to expense then remember that everything can be turned into an OpEx. This does help financing and budgeting immensely. You can go for a fully managed cloud, your own private cloud, or simply replace servers and software in-house. You can also finance development work and consultancy and wrap it into a monthly payment.

Running Windows Server 2003 past the end of support will likely leave you open to regulatory issues. It will also leave you open to a lot of issues from an insurance perspective should a breach happen. Also, how about the embarrassment of your breach in the press? I know I’ve been quite strong in my views here on a bit here, but this has been on the radar for years, there is no excuse.

Not taking action now is simply like knowing the spare bedroom window won’t close properly. Chances are at some point someone’s coming through it.