AWS Cloud Enterprise Strategy Blog
Tag: Risk Management
Please Do Not Take More Risks
Sometimes I think IT leaders are missing a key point in the way they speak to their non-technology counterparts. Case in point: we keep saying things like, “The company has to be more comfortable taking risks,” or “We have to fail fast,” or “We need to be less risk-averse.” I can guarantee that none of […]
The CFO and CIO: Partners in Success
The roles of the CFO and CIO have been subtly changing. In many enterprises, these roles had veered away from the strategic focus that one would expect from CXOs. But to succeed in the digital world, as I discuss in my book War & Peace & IT, enterprises must let their CIOs and CFOs re-establish […]
Announcing my New Book, War & Peace & IT – a Resource for Enterprise Leaders in the Digital Age
I’m very excited to announce that today is the official publication date of my latest book, War & Peace & IT: Business Leadership, Technology, and Success in the Digital Age. It is intended as the hitherto missing book for senior enterprise executives on how best to work with their technology organizations to accomplish their digital […]
Switching Costs and Lock-In
It’s no surprise that organizations are worried about becoming locked in to their cloud provider. After all, the history of IT is full of examples of vendors taking advantage of high switching costs to impose restrictive licensing terms and to increase prices. But I think that the cloud is different—and in fact, is making it […]
5 Steps to Building a Culture of Security
(image www.bluecoat.com) In an earlier blog post, I discussed the importance of building a culture of security rather than thinking of security as just the job of the CISO’s team. In this post, I’d like to discuss some ideas on how to build such a culture, drawing on my experiences at USCIS. As CIO, I […]
Building a Culture of Security
It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]
Risk is Lack of Agility
In an earlier post, I talked about how risk decisions are often compromised by the status quo bias. In this post, I would like to present an alternative way to think about risk—a way that fits well with today’s business practices. To be precise, I want to try to demonstrate that risk in a business […]
Reducing Risk in the Cloud by Overcoming the Status Quo Bias
I remember an incident from my previous CIO role. A number of us were in a meeting discussing the severe problems we were having with the performance of a large contractor. At one point, someone suggested that we start a new RFP (request for proposal) process to replace the contractor. “Too risky,” said one of […]