false

Perspectives Home / CTO Stack

The Executive Imperative To Innovate With Resilience

IT and security leaders have a perilous balancing act to manage. Mandates from the top say everything must be cutting edge, but secure. If apps don’t have AI in them, you’re fired — but also, please don’t let AI undermine our business. What’s a CxO to do?

per-exec-imperative-article

Today’s CIOs are facing what feels like a deluge of competing — even opposing — priorities from above that will make or break their careers.

Innovate or nothing. Everything must be cutting edge, but also secure. If my apps don’t have AI in them, you’re fired…but also, please don’t let AI attack or undermine our business.

Just look at the most recent letter to shareholders from JPMorgan Chase CEO, Jamie Dimon. Two poignant highlights that make this case succinctly:

I cannot overemphasize the importance of implementing new technology.

and

...we cannot overemphasize how cyber threats pose extreme hazards to our company and our country.

Jamie Dimon JPMorgan Chase CEO

The volatile global economy and exponential challenge of extracting signals from the technology innovation noise places executives in an increasingly challenging position. Balancing the innovations needed to deliver digital transformation with the risks of an increasingly complex landscape to operate and secure is today’s CxO imperative. That imperative is to innovate — but do so with resilience.



Digital resilience

Is the ability to prevent, detect, recover and respond to events that have the potential to disrupt buiness process and services.

No matter how you feel about it, digital transformation and all its various manifestations have increased the business impacts of security breaches and operational outages that impact customer experience. These outages cost enterprises an average $87 million per year, according to a recent survey. But here’s the imperative; organizations that have advanced digital resilience capabilities minimize the impacts of these outages — and save about $48 million per year compared to beginners.

advanced digital resilience saves organizations more per year

Unplanned downtime cost, per year

Building resilience requires leaders to chart a journey navigating innovation in people, processes and technology. A journey that builds a resilient foundation of critical technical capabilities and embeds resilience by design into every part of the business. McKinsey breaks down this maturation quite well in their recent Survival Guide for Resilience. There, they cite that foundational capabilities are likely the siloed, domain-specific tools and technologies capable of detecting challenges in one technical service.  These domain specific tools often lack the enterprise context of how performance challenges or outages in their domain may have up and downstream impacts on the business services or end-user experiences that power.

Similarly, organizations that rely on disparate tools across security and IT likely struggle to understand how an outage in a cloud service might be connected to a threat affecting their networks. While cloud has enabled new levels of innovation, the data deluge is a real struggle for organizations seeking to bring advanced technologies to challenges of operational effectiveness and cybersecurity. In a recent Wall Street Journal article, Barney Baldwin, lecturer in the Enterprise Risk Management program at Columbia University’s School of Professional Studies, writes, “The problem comes when multiple tools aren’t properly integrated or when companies struggle to gather and organize all the relevant data in order for those tools to function properly. This is an area where IT departments at banks spend a large chunk of their time.”  Executives continue to struggle with fiefdoms of technology investments driven by departmental innovation made at the cost of enterprise resilience. While no leader wants to be a blocker to innovation, we all have a responsibility to set a vision that has a clear benefit to our shareholders, as we know moving from foundational capabilities to advanced capabilities in resilience create an average annual savings of $48 million per year.

To make that real, technology executive leaders should focus on these three guiding principles to balance the executive imperative to innovate with resilience:

1. Consolidate tools across domains

As budget pressures continue to mount for technology organizations, CxOs are already prioritizing consolidating vendors across their landscape and looking to optimize SaaS licensing, according to the recent Battery Ventures Cloud Software Spending Survey. Consolidation and optimization are critical to serve budget constraints, but wise CxOs are simultaneously looking to a smaller number of more strategic technology providers who can provide more capabilities in their product offerings, increasing spending power while replacing niche, domain-specific tools that fail to serve the mission of enterprise resilience.

If the lack of cross-functional, context-rich integrations in your digital systems challenges your ability to deliver resilience, then take an aggressive stance towards rationalization and consolidation. A key concept of organizations with advanced resilience capabilities? Building an enterprise resilience framework that aggregates meaningful insights across IT, security, engineering and operational technology into a single platform, breaking down silos of information and myopic views. The single greatest cost savings for CxOs actively rationalizing their tooling will come from the realization that any single source of interesting data is likely being used (and paid for) by multiple teams using disparate tools to ask different questions of that same data.

Enterprise resilience as a design philosophy may or may not force changes in your cloud, data center and application deployment architecture. The primary objective should be to implement the necessary monitoring of those underlying systems and services in order to build context-rich, cross-functional insights that speed your teams’ ability to detect, investigate and resolve service interruptions or security threats. While instrumentation of your technology landscape will likely require attention, it’s wise today to focus on instrumentation methodologies that are open-sourced and prioritize value extraction from the platform used for enterprise resilience capabilities over the instrumentation technologies themselves. In the hybrid cloud environments we’ve all built, cloud provider-specific tools are foundational tools according to McKinsey’s maturity framework because they’re myopically focused only on what is deployed in their ecosystem, but can’t provide advanced resilience capabilities that look across clouds and SaaS providers, and connect to business outcomes that may or may be not cloud-bound.

business resilience and digital resilience connected in a flowchart

A framework for business resilience

If the imperative is for an enterprise-wide, collaborative framework that allows your team to visualize, detect, investigate and respond to threats, outages and service disruptions, then your designs for enterprise resilience must include the ability to aggregate data across clouds, data centers, and SaaS providers. The capabilities are critical to each of your domain teams’ abilities to serve your resilience goals and they are not all that unique. Organizations like Netflix use a similar breakdown of resilience in their Recommender System Operations, or RecSysOps: Detect, Predict, Diagnose and Resolve as outlined in a recent best practices blog.

A recent Splunk report, “Digital Resilience Pays Off,” shows respondents identified similar key resilience capabilities as those that should serve your teams across security, IT and DevOps with a critical final point: Collaboration.



Five key resilience capabilities

We asked respondents to answer 26 questions about five key capabilities to assess their resilience maturity. These questions probed on specific aspects of each capability, such as data coverage across hybrid and multicloud environments, alert triage, sharing data across security, IT and DevOps and more.

Visibility

How well teams can see across their technology environment, including quality and fidelity of data and completeness of coverage

Detection

How well organizations use data to search for potential issues and accelerate analysis, including enrichment, threat hunting and searching logs, metrics and traces

Investigation

How well organizations use data to search for potential issues and accelerate analysis, including enrichment, threat hunting and searching logs, metrics and traces

Response

How quickly security, IT and DevOps teams respond to day-to-day issues or incidents

Collaboration

How well teams and the tools they use facilitate working cross functionally across security, IT and DevOps

2. Create a culture of collaboration

While any successful transformation requires evolutions of people, processes and technology, innovating with resilience also requires leaders to create a culture of collaboration, supported by executive imperatives that make collaboration a priority in organization design and operations. Reinventing organizational structure to foster innovation with resilience is one of the key ideals outlined in the ISTARI and Oxford University’s CEO Report on Cyber Resilience. The most powerful question a CEO can mull over from this report is, “How can I reinvent my organization now so it is prepared for a potential prolonged period of cyber crisis?”

CISO, meet CRO. CTO and CIO, pull up a chair and get ready to rethink how your teams are designed and how to build collaboration into your responses in times of crisis. Bridges must be built across the executive team if, in turn, you’re expected to build bridges across your teams, too. Furthermore, you should regularly cascade consistent communication of innovation with resilience priorities for the organization and clearly connect them to team MBOs to ensure adherence. Organizations are rightly beginning to build “Resilience Centers of Excellence” to help CEOs answer a variety of the thought-provoking questions of organization design that promote innovation with resilience and priorities aligned to those in the ISTARI report.

3. Adopt transparency in reporting resilience in innovation

The multiplicative impacts of rationalizing technology investments, combined with implementing a culture of collaboration, are all part of a journey, not a singular investment with a simple ROI. We must measure the success of these long-tailed investments, but do it properly over a time period that accurately reflects their scope and alignment to larger corporate objectives for innovation and resilience.

For example, key performance indicators informing CxOs on their journey towards innovation with resilience should reflect the people, process and technology concerns we’ve discussed:

  • Are we improving our SLAs for innovation initiatives over time?
  • What is our mean time to detect or remediate a threat or service disruption now and are we getting better than we were?
  • Over a given period, are we seeing a decrease in breaches and outages?
  • Is our utilization properly balanced with our need to absorb the shocks of fluctuating demand?
  • Do our recovery plans technically align the business requirements to the processes they support?
  • Have we facilitated a reduction in technical debts that affect our digital resilience?
  • Are we staffing a talent pipeline commensurate with our evolving needs?
  • What does the perfect resilience dashboard actually show?

Think of the output of this exercise as a dashboard that displays health, as well as progress toward innovation and resilience. One that identifies areas for both remediation and celebration. Call it the map to innovating with resilience. The work of building this map and embarking on the journey requires coordinated leadership from across the executive team, but it’s worth it — worth an average of $48 million per year for those organizations that lead innovation with resilience. And that is only the carrot. The stick remains in the hands of the CEOs making these imperatives clear.

Innovation with resilience is the way. Say it with me, now:

“This is the way.”

Read more Perspectives by Splunk

July 11, 2023  •  3 Minute Read

The Best Pieces We’ve Read (And Watched) This Year — So Far

Splunk’s thought leaders share the most valuable reports, blogs, webcasts and articles they’ve encountered in 2023.

July 11, 2023  •  4 Minute Read

3 Lessons From Cybersecurity Leaders in 2023

The research is in: Here's what we learned from surveying 1,500+ leaders in DevSecOps about the state of security today.

July 11, 2023  •  5 Minute Read

Rise of the Machines: A CISO’s Perspective on Generative AI

Here are three risks leaders should consider — plus, how to mitigate them.

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.