The role of a Chief Risk Officer (CRO) is taking center stage in an increasingly hyper-connected and volatile business environment. In February 2014, Goldman Sachs made an unconventional move by including its CRO as part of the high profile management committee in its 145-year long history. Other than managing corporate and compliance risks, one of the significant responsibilities of a risk officer is managing technological risk aimed at protecting business value and optimizing performance. This includes minimizing potential infrastructure outages and taking strong measures to prevent information security breaches.

Optimizing Performance – Managing Risks in Infrastructure

Today, you cannot afford to have even a brief outage as the corresponding financial risk can be quite high. For instance, every hour of downtime can cost businesses a whopping $700,000. The Information Technology and Intelligence Corp. survey states that one out of ten companies today need 99.999% availability for their IT operations. There are many options available to help you reach this exacting target.

One way to do this is to change your approach to operations management from a reactive to a predictive mode and pre-empt issues even before they occur. The huge volume of Big Data available in your IT environment offers many opportunities for leveraging predictive analytics. In addition, emerging technologies such as machine learning enable self-learning and self-healing by understanding the root cause of errors, correcting them, and learning in the process.

IT Operations Analytics (ITOA) plays a significant role here, bringing visibility and transparency into operations. Application performance monitoring is no longer just about IT engineers monitoring dashboards. There are advanced solutions at play here such as automatic spawning of servers and use of alternate data centers in case of an outage.

Enabling Information Security – Shielding Data from Breaches

Are you looking within the enterprise and scrutinizing every aspect of operations to ensure that there is no scope for security attacks? Basic malware prevention software is usually in place, but there may be procedural lapses that create opportunities for hackers. So, it is essential that you make a comprehensive checklist to prevent such occurrences. For example, a user account needs to be disabled as soon as the employee is no longer on the payroll. A common login credential cannot be used across users, even for convenience and simplicity.

With increasing Bring Your Own Device (BYOD) integration, training and sensitizing employees on how to handle data is essential given the multiple devices that are used to login to the office network. Mobile device security is climbing up to become the topmost concern for businesses.

2015 IDG report says that 74% of its respondents confirm experiencing a mobile security issue. To address this, you need to have a full-fledged BYOD strategy in place.

Any mobile device logging into an enterprise network should be compliant with specified versions of operating systems and applications. The device should have a strong password and allow only signed apps to access the network. Hybrid clouds that segment data into a public and private cloud are another alternative to tackle BYOD security. The private cloud adds another layer of security to sensitive data such as encryption keys.

Some large-scale information security breaches have rocked the business world in recent years. For example, in September 2014, Home Depot, a leading US retailer, experienced a cyber-attack on its payment terminals compromising the security of credit cards of 56 million customers. The point of entry of the malware was eventually attributed to theft of third party vendor’s login details. This instance shows that while most companies may take stringent security measures within the organization, it is also important to enforce the same for all partner organizations as well.

Managing Technology Risk is No Longer Optional

Consider a company such as Facebook that is responsible for a significant share of internet traffic today. They have mammoth data centers – four in the US and one in Sweden. The impact of one of these data centers going down is likely to have a significant impact on its operations. In today’s context, technology is no longer just an accelerant for business growth, but is a core building block, without which companies are bound to fail. There’s little doubt that CROs have their task cut out in terms of mitigating financial and reputational risk to maximize business performance, and secure customer confidence and loyalty.