Long gone are the days when you could just call upon your “IT guy” to fix your technical problems when your computer system acted up.
Fast-forward through the years to today, and the computer technology field is vastly more complex than ever, and became incrementally specialized in its evolution. Like law and medical practices, this field is now more fractured and specific than ever.
People dedicate themselves to different disciplines, such as networking (e.g., client and cloud, including telecommunication and email and hosting) versus cyber (e.g., anti-virus and firewall hardware and software) versus social media (e.g., websites, social platforms, conversion analytics) versus business software (e.g., Enterprise Resource Planning, Procurement, Electronic Data Interchange, Demand Planning & Forecasting) versus Business Intelligence and Analytics (e.g., Microsoft Power BI, Tableau), and still there are differentiations within some of those groups.
In my opinion, if there is one absolute line in the sand that can and has to be drawn, it is the plain difference between infrastructure and information, and thus the clearly different responsibilities and roles of the CTO (Chief Technology Officer) and the CIO (Chief Information Officer).
Infrastructure encompasses the network, telecommunications, email, hosting, and cyber-security. Information includes the software that runs the business and engages stakeholders, and the analytic software that helps to ascertain how the business is performing. Software runs on and relies upon the infrastructure, so this is where there is collaboration and cooperation.
But we don’t hear much, if anything at all, of the CTO, do we? We know of the CIO as a key C-level executive. CIOs are heralded when things go well systematically, and blamed when things go bad technologically. But what of the CTO, if they even exist? It is way past time that the CTO be established as a co-equal and recognized as a key C-level executive, right along with the CEO, CFO, COO, and CIO.
My reasons for this are only logical. First, and to repeat, infrastructure is different than information. It is two completely different disciplines, knowledge bases, and specialties. I am an information person; I am not an infrastructure person. No one person can have the adequate knowledge and skill set to manage both disciplines well in today’s highly differentiated technical environment.
I just do not believe that the “computer guy” concept is practical anymore, aside from the fact that we really do need more females in the field overall. However, whether client or cloud, no enterprise can operate without infrastructure expertise.
Second: Not only are these different disciplines, but the intrinsic knowledge within each different discipline is becoming more specialized and narrowly focused. In infrastructure, the difference between anti-virus and firewall protections are important. Just because individual users on our home computers might have our protection software all rolled together into one nice commercial off-the-shelf deliverable does not make this equitable and practical on the business commercial side when trying to protect against hackers and cyber-thieves. On the information side, which impacts operational performance, if a company’s data governance is so problematic that its data analytics are struggling, layering AI and ML on top will only make things worse. The right people have to understand the problems from the cause to effect, hopefully before they affect the organization in a negative and destructive way.
Third: I don’t believe that one person – the traditional CIO – can adequately devote their time sufficiently to overseeing both infrastructure and information. Consider the massive data breaches that have occurred. Who is held to blame? The CEO and CIO are the first persons to fall. Data breaches have nothing to do, per se, with the data stolen, but they have everything to do with the infrastructure that was hacked and breached to get access to the data that was stolen.
It’s an infrastructure problem, not an information problem, unless information goes missing and an audit of missing data is required. And then again, that is usually an infrastructure role, e.g., files audit. If a virus is potentially resident, that’s still infrastructure, not information unless, again, it is compromising the integrity of information and an audit can ascertain information integrity, e.g., via ERP reporting. Where was the CTO when these hacks occurred, if the organization even had one? Was the CTO’s voice heard, and was the CTO’s advice understood, and was the CTO’s recommendations implemented?
If your company has a CIO, it should have a CTO on the same level of the organization chart. If your company has a director or manager in charge of information, it should have a co-equal director or manager in charge of infrastructure. The mistake that companies make, in my opinion, is relegating the infrastructure person to reporting to the information person, instead of allowing the infrastructure person to have what is called a “seat at the table” and a voice that is heard, respected, and followed when it comes to company functionality and risk management.
I am the first to speak up that no company can “tech” its way out of a problem, and that technology itself should not overrule a practical business software decision. However, I firmly believe that risk management demands a better balance between infrastructure and information in today’s technology environments. (This should free up your CIO to focus on propelling the business forward better too.) Ensuring that you have and listen to your co-equal CTO is, I think, a great way to start.