IT operations is serious business that ensures organizations are able to operate to achieve goals like reliable CX, while security operations have to ‘guarantee’ businesses that use tech for this, do so without compromising a company’s data integrity, reputation, customers’ privacy and experience. 

But the scope of work is not so clearly delineated. Also ironically, both these functions work to benefit an organization via optimized use of technology – so, why are they set up separately? Why are both roles discordant with each other?

Battle-hardened cyberdefenders like Cybot’s Rodney Lee and CACT’s Dr. Suresh Ramasamy have also wondered aloud that when it comes to balancing usability of tech and its secure use, it is the CISO or Chief Information Security Officer, who should make decisions because they are usually trained in all areas of tech.

This is the guy who manages the cybersecurity of all the different business functions and (has visibility into) whether IT projects are risky to go ahead with or not.

Friction between this Chief Information Security Officer (CISO) function and that of the CIO  (Chief Information Officer) may have to come to a head during this vulnerabilities-fraught era of automation, shrinking talent and skills pool, and AI-armed cyber adversaries.

What is the IT landscape like for 2024? What would cyberguardians like Dr. Suresh and Rodney have to contend with for the next 12 months, and how will the Ultimate decision maker(s) choose  between security and usability when delivering products and services to stakeholders and end users? 

New ways of working in IT and business

We saw signs of these the past three years, when work from home was the only available option for desk workers.

Social distancing mandates led to retail in Japan experiencing robots cleaning and doing sales promotions in stores, while digital infrastructures (think data centers) and other industries like logistics, mining and energy, witnessed more pervasive use of automation. 

 “They recognize that technology has matured to a point that it can help them solve all these issues they are trying to address internally, but they don’t have the capability to do that themselves.”

William Fellows, Research Director at S&P Global Market Intelligence has also shared, “(AI’s) affinity for language and learning capacity enable it to deliver optimal organization of the underlying infrastructure resources and arrangement of the application code it supports in ways that are still only starting to be realized.”

Remote’s Chris McNamara details their 2023 remote working report whereby  “As the workforce continues to shift to younger generations, companies must take remote work seriously in order to attract new talent and remain competitive in the global economy.”

What is the IT landscape like for 2024? What would cyberguardians  have to contend with for the next 12 months, and how will the Ultimate decision maker(s) choose  between security and usability when delivering products and services to stakeholders and end users?

The data implies that distributed work teams with greater autonomy over their schedules enjoy higher productivity and self-rated job satisfaction. 

Shadow IT, Shadow AI

Companies are no strangers to having to attract and retain talent, and besides more autonomy over their schedules and remote working arrangements, talent want to leverage emerging technologies.

Forrester discovers that 60% of workers will use their own AI to perform tasks, with their main reason being, “It’s the most efficient way of doing what I need to get done.”

There are valid cybersecurity, privacy, and regulatory risks from employees circumventing their organization’s security policies and controls, but only 5% of businesses that Forrester surveyed are actively banning the use of AI/generative AI.

(Image credit: Forrester)

David Lim of Wise AI observed risks occur because of the lack of visibility, controls and security measures which can lead to potential data breaches. On the other hand, “Being proactive in AI adoption also allows employees to evaluate and enhance existing approaches to work.”

Understandably, enterprises have to strategize how to manage and secure Shadow AI, if they haven’t already, and OpenAI co-founder Zack Kass advised getting the “enterprise versions of everyone’s favorite app” seemed a sensible approach to addressing Shadow AI and bring-your-own-AI.

The thing to note is that more and more IT applications are taking on AI capabilities, and Shadow AI may eventually blend with Shadow IT, or there would be no difference between the two.

Let’s not deny the obvious benefits of automation

Rockwell Automation also predicts industrial automation services market in Asia Pacific is expected to reach US$74.35 billion by 2027 with Singapore dominating the Southeast Asian market.

“Customers are expecting the suppliers or IT providers to step up to fill a gap. They recognize that technology has matured to a point that it can help them solve all these issues they are trying to address internally, but they don’t have the capability to do that themselves.”

 In office environments, robotic process automation (RPA) have embedded AI and machine learning capabilities, and RPA business leaders like Hew Wee Choong also see RPA as that glue for separate legacy systems in an organization that facilitates data sharing between different functions and further fuels its digitalization. Hyperautomation is the ensuing notion of automating end-to-end processes 

When speaking with the CISO of a large bank, he acknowledges the value of automation in cybersecurity. Automated solutions in a SOC for example, can help reduce technical demands upon entry-level security roles, and it frees them up to contribute in more meaningful ways. This CISO also admitted during a 24-hour shift, automated solutions can do the job of as many as nine analysts.

Securing business and IT in 2024

Tarek Taha, GM of Citex Systems and WITSA regional vice chairman aptly described the situation, “I think organizational data that is safe and never compromised does not exist 100% yet, but the digital workplace is a fundamental component of the hybrid/home work environment. Those that have digitized successfully, or are in the process of digitizing key areas, are seeing better results in teamwork, data security, productivity, customer experiences.”

Running a business and its IT environment does not get any easier in 2024. There are tools and solutions to help, but the task of understanding these tools/solutions, optimizing them, whilst securing them and their usage, is monumental. 

To exacerbate matters, these tools are available to cybercriminals who leverage AI and automation to compromise organizations’ security perimeters and its systems, networks, and data. Akamai’s EVP and CTO, Dr. Robert Blumofe, singled out social engineering as criminals’ weapon of choice with ransomware tactics and ransomware attacks being augmented by AI. 

Security vendors like Trend Micro also see Generative Adversarial Networks (GAN) disrupting the phishing market in 2024. This means cost-effective creations of realistic audio and video content, which can drive a new wave of scams.

Will increased regulatory scrutiny lead to the cybersecurity industry taking matters into its own hands? 

Greg Young, VP of cybersecurity at Trend Micro seems to think so.  “In the coming year, the cyber industry will begin to outpace the government when it comes to developing cybersecurity-specific AI policy or regulations. The industry is moving quickly to self-regulate on an opt-in basis.”

What does this all mean for Usability and CX?

Matthias Ifesieh, MD at Sagita Systems Ltd and WITSA Director had shared his view that emerging technologies like IoT, VR, and AI make it challenging for organizations to balance cybersecurity and customer experience. This delicate balance holds true for cybersecurity and experience for stakeholders and end users.

Who shall decide which way the pendulum should swing? More than ever, there may have to be a reckoning of CIO/CISO roles.

Rodney had pointed out, “A lot of times the CISO has to make the business decision because at the end of the day, you cannot be the guy who is stopping IT projects from going live.”

And for this role to be able to make the optimized choice, it needs to have a seat at the table along with visibility into the business. Ultimately, the scope of work for CISOs and CIOs could even be a happy union, as long as the business is prioritized.