To mark the 25th anniversary of Canadian CIO, we’re doing a walk down memory lane. Here, we interview the three editors that shaped the publication over its history.
Right from the beginning, founding editor of Canadian CIO John Pickett saw the chief information officer as a role rather than a title – and it was a role that he wanted to raise up to take its rightfully-deserved place in the corporate spotlight.
When Pickett and his partners started publishing the title in Canada, then called CIO Canada, the concept of the CIO was still relatively new. A few organizations were using it. But even at those that were, the role languished in the doldrums of the technical minutiae of a company’s operations. It just wasn’t as well regarded as other business leadership roles. So when Pickett started noticing his interview subjects putting the magazine in prominent positions on their office desk, he felt encouraged. And when a CIO featured on the cover told him that his career had progressed as a result, Pickett felt like a rockstar.
“It was a big stamp of approval, it meant we were achieving some of the objectives we’d set out to,” he says. “It’s like when AC/DC goes on stage and hears the applause of the audience.”
Since its magazine first rolled off the presses in 1993, Canadian CIO’s core mission has been to elevate the role of the CIO. Over its 25 years of pursuing that mandate, the publication has gone through many changes, as has the nature of the work being done by its target audience. Both have the digital era to thank for that, but while the scenery out the windows has changed, the foundation remains the same. CIOs are still striving to serve as the interlocutor that bridges the technical side of a company with its business goals. And Canadian CIO is still guided by journalistic principles as it tells the stories of those efforts.
Canadian CIO wasn’t Pickett’s first publication. Long before its ink ever rolled off a press, he partnered with the late Andy White on Direct Access in 1985. Aimed at the hands-on workers in the IT field, the strategy was to chase career advertising dollars targeted at the in-demand systems analysts and programmes. Eventually, they crossed paths with current IT World Canada chairman Michael Atkins, at the Laurentian Media Group. Atkins acquired the magazine in 1989, and its brains along with it – White became the president, Pickett the editor-in-chief of the IT publishing arm.
Atkins was publishing Computer Data magazine before then, but at around the same time he acquired Direct Access, he struck a deal with Boston-based IDG to licence its IT brands for the Canadian market. The deal was unusual for IDG, which normally operated wholly-owned subsidiaries in foreign markets, but agreed to take only a minority stake in IT World Canada, which continued to run independently under Atkins.
From that, the new flagship magazine ComputerWorld Canada was launched. It was again targeted at practitioners of IT, workers in mid-management and below. Soon to follow was CanadianCIO, using the same model that was established in the U.S. to serve the leaders of the IT department. Rather than fire a shotgun blast of content at all IT practitioners, Canadian CIO would put a sniper rifle’s crosshairs squarely on stories for and about CIOs.
“The mandate was to support the efforts of those executives charged with bridging the information needs of business executives and corporate executives and the computer department,” Pickett recalls.
Even the term “IT department” was fairly new, succeeding monikers such as “data processing department” or “information systems department.” It operated in a silo from the rest of the business, passing on recommendations at opportune times. But with the creation of the CIO role, and its boosting by IDG’s CIO publications, the need to bring it closer to the rest of the business grew more apparent. It was the CIO’s mission to accomplish that as an executive sponsor of the IT department.
In the early ‘90s that looked like an uphill battle.
“It was seen as a cost centre,” Pickett says. “The departments were viewed as almost arcane and it was an isolated undertaking.”
The challenge of bridging that gap between business strategy and the technical operations of a firm has remained at the core of the CIO role over the past 25 years. David Carey, the longest-serving editor of CanadianCIO (from 1995 to 2008), describes it as the defining major issue faced by those in the role.
“Always top of mind for CIOs was how did they plug into the business and drive value out of technology?” he says.
It’s also recalled as the core mandate of the publication by Shane Schick, editor of Canadian CIO from 2008 until 2015. It was especially important to tell stories of CIOs setting the example in Canada, where IT departments didn’t number in the thousands of employees as they typically do in the U.S. By communicating how sophisticated Canadian CIOs were at developing solutions, the publication set out to make heroes of them and demonstrate they could play in the big leagues. It also demonstrated the importance of the role to companies that had yet to hire one.
“IT has got to be seen as a real strategic asset and you need someone in a role to give it that trajectory,” he says.
While the core challenge of the CIO role remains to be earning a seat at the CEO’s side, that has taken different forms over the years. Perhaps the role’s critical nature received its biggest boost from what was at least a perceived crisis in Y2K. In what was a favourite media story that continued to increase in volume leading up to the year 2000, many worried that certain computer systems would be incompatible with years after 1999. When many businesses realized that without working closely with the CIO, they’d face potentially catastrophic downtime, the CIO’s stock went up. At the same time, it was the height of the dot-com bubble, when e-commerce looked like a golden path to the future.
While we now know how that turned out, David Carey will tell you that 1999 was indeed a golden age for Canadian CIO. By that time he’d been covering Canada’s tech industry for more than two decades, having got his start in the mid-’70s at Electronics and Communications Magazine. In the ‘80s he joined Maclean-Hunter and Canadian Data Systems.
“It was the granddaddy IT publication in Canada,” he says. Carey was promoted to editor after its previous editor retired in 1989 and stayed with it until 1992, when the magazine was shut down and he got a call from Pickett. By the time Y2K fears rolled around, he’d been in the editor’s seat at Canadian CIO for four years.
“It was the best year or two for CIO Canada because everyone was so afraid their systems were going to meltdown,” he recalls. “Vendors were out beating the drum and everyone was acquiring technology to fix the problem.”
Perhaps some businesses were in over their heads, as the number of vendor contracts added up, some CIOs found technology integration was a new challenge. Just trying to fit all of the pieces together and coordinate relationships with tech vendors was a full-time job in itself, Carey says.
Integrating IT can bog down a department and as a result, the IT team can often look like laggards to the rest of the business. This is a conundrum that Pickett recalls from his time as editor. It was in the era when desktop computers were first being acquired as fixtures on the desks of knowledge workers, and when those workers found that they were waiting too long for the IT department to develop business applications, they would sometimes take matters into their own hands. So the phenomenon now known as ‘shadow IT’ was born.
As applications were made exclusively for departmental needs, CIOs were challenged by discrepancies in the data. Each department had its own version of the truth separate from the rest of the company, Carey says.
Along with providing access to corporate information, CIOs also had to devise a system that would provide the right information to the right person, with the correct permissions to access it. This fuelled the early days of identity access management solutions, with vendors like Novell and IBM providing answers.
During Schick’s era as editor, identity would become even more important to IT operations as it also determined what cloud applications that workers could access, and the provisioning of mobile devices to workers with corporate clearances meant that end-points would be carried out beyond the reaches of the firewall more often than ever. Schick reflects that even as CIOs became more articulate in explaining their value to the business and responsive to its needs, executives would still frame their responsibilities in terms of new technologies emerging to the market.
“A CEO would read the newspaper and see an article about cloud computing, and then come in and say ‘what are we doing about this?’ and the CIO was forced to think in those terms versus actually giving advice on whatever the company’s actually focused on here,” he says. “It’s still a reactive mode for CIOs and we’re seeing the same thing with AI (artificial intelligence), with blockchain, and the Internet of Things.”
As the technology market expanded, more startups brought innovative new solutions to market and businesses found they had more options than ever to turn to. But many CIOs struggled with the concept of placing a bet on a smaller company that was not well-established, risking that a product would stop receiving support when the startup was acquired or went bankrupt. Even if many startups had compelling technology, they just didn’t offer the same track record as a legacy vendor like IBM or HP.
Schick’s stint as editor of Canadian CIO began shortly after taking on the Editor-in-Chief role at IT World Canada, rising up through the newsroom first as the editor of Computing Canada and then as senior online editor. It was a time when newsrooms around the world were feeling the pinch (or in some cases, vice grip) of a recession. Rather than continue outsourcing the editor duties to Carey, the decision was made to bring it back in-house and make it Schick’s main focus for his journalism work, which he’d attend to in addition to his managing duties. It made sense for him to be directly serving IT World Canada’s most senior audience, “and in some cases the most critical,” he says.
Schick felt that continuing to write stories gave him more credibility as he led the newsroom, composed of other print publications and websites aimed at different segments of the IT industry. So he continued upholding the journalistic principles that Pickett also held dear when he founded Canadian CIO in 1993. Schick recalls that one of the first things he reviewed after taking on the publication was Pickett’s editorial guidebook. He decided to build upon that foundation, updating it for the digital era.
“Some things were changing, not just in the way stories were being told. We were starting to get into social media, which sounds old now but at the time journalists weren’t on Twitter,” he recalls. “We started get into video and focusing on the newsletter organization. I wondered if it could help us get through print’s decline.”
Schick felt the ideals of journalistic independence hadn’t changed. But it was being challenged more so by vendors that were beginning their own publishing operations. Dubbed “owned media,” vendors started to create content marketing materials that were very similar to what might be found in the pages of Canadian CIO. But there’s still an important fundamental difference between the content a vendor can produce and what an independent editorial team can produce.
“Even if it is the most editorial-looking piece in the world, it fundamentally has a different objective which is to create some kind of affinity with that brand, to convert into a lead, to actually sell products in some way,” he says. “Journalism still has a greater latitude and freedom to comment on things, and to tell things that otherwise would not get told through other mechanisms.”
While Schick describes the tension of facing down competition from the vendor community, Carey recalls the challenges of building a trusted brand held in regard in corner suites across the country.
“We had to deal with a lot of sensitive subjects. We had to build the confidence of the CIO community and these folks wanted to make sure that what we published didn’t damage the organization in some way,” he says. “We built that trust.”
Carey also points to Pickett as a defender of journalistic principles for the publication. Pickett always sought out the best journalistic talent in building his editorial team, hiring graduates from journalism programs. He felt that not only was it in the readers’ best interests, but the advertisers.
“If you have a publication that is trusted among readers, then isn’t that a great place to put your adverts,” Pickett says.
So when I, the current editor of Canadian CIO was interviewing Pickett, I made sure to ask him for advice. It’s not an easy job, he told me. And it’s a a more difficult time for journalists now. The right way to approach that time?
“Be honest. Readers are not stupid. You need to make clear for them what’s editorial and what is not.”
Which explains why, when we publish new content every month that I feel reflects that original mission of the magazine launched 25 years ago, I feel just a little bit like a rock star too.
To mark the 25th anniversary of Canadian CIO, we’re doing a walk down memory lane by profiling some of the CIOs featured on our covers over the past quarter-century, reflecting on their cover moment and catching up on where their leadership career has taken them.
“The CIO role was born at a crucial time. Technology was evolving. What today would seem like a crawl felt like breakneck speed at that time,” reflects Jim Love, CIO at IT World Canada and our chief content officer as well. “Then suddenly, the industry was thrown into a rapid cycle of change. We went from the mainframe and the mechanical ‘data processing’ to departmental computing and to client-server in a few short decades. It was a wild ride.”
For Bawks, the old adage “the more things change, the more they stay the same” holds true. In his role today at GT Nexus, a subsidiary of Infor, he’s still addressing the supply chain challenges that he was working to solve 25 years ago at Beaver Lumber. The 1993 cover story delves into Beaver’s new POS systems and how it was integrating those systems with its backend Electronic Data Interchange while also working to interface with 80 different partners in the system. While he may have been on the cover of CIO Canada, it wasn’t until the next year, when he started a new role with Consumer Packaging to helm a full upgrade project, that he thought of himself as a CIO.
“It was a funny term because at the time the acronym tended to mean ‘Career Is Over,” Bawks recalls.
But that acronym certainly wasn’t accurate for Bawks. In his consultant role, he works with different global organizations and helps them bridge the divide between retail operations and logistics, designing process flows, and building integrations that directly benefit the bottom line.
“I’ve taken my focus at Beaver Lumber and broadened it externally to help global customers,” Bawks says. “I’ve been in meetings where people say ‘your title is solutions architect, but you talk like a business person.’ I have both sides.”
The chasm that Bawks managed to cross, using his skills in deploying and integrating technology to help drive business strategy, is the same one that other successful career CIOs have managed to transverse.
For Ronan McGrath, who was on the cover of CIO Canada in 1994 as the CIO of CN Rail, the role has evolved over the past 25 years.
“Today’s CIO is completely different to when I was doing this stuff,” he says. “CIO is not just supporting the business, the CIO is an integral part of the business and should be involved in the plan from the very beginning.”
For Don Critchley, who now is the president of Haliburton, Ont.-based Cottage Care Rentals and was on the October 1996 cover, he saw his role as CIO to understand his team’s competencies and deploy them well.
“Whenever I run across an organization that is command and control in its structure, I bristle against that,” he says. “I encourage them to stop that and get back to thinking seriously about the type of competencies they need.”
In Critchley’s early days, he recalls replacing desk typewriters with “green screen” terminals, so companies could begin communicating with email and use other applications to boost productivity. He had a knack for identifying the engineers that were passionate about assisting in those projects. As the ’90s rolled along, Critchley saw the adoption of more integrated techincal teams that were distributed across the business rather than being siloed away. With the web beckoning with opportunity, rigid approaches to management weren’t working anymore and CIOs were called upon to help align technical teams with business units.
“We found that if we were going to develop something new and we wanted to do it in an iterative way and have prototypes developed faster using web technology, than it became obvious to us you had to have the firewall person and the server person and the developer person and the business person all in the same room,” he says. “Unlike the mainframe days where everything was totally structured… we changed dramatically to being much more iterative with everybody involved at the same time.”
As companies integrated technology and became more competitive based on that differentiating factor, CIOs became a critical role in business. CEOs called on them to reduce costs and scale up operations, so the pressures were high, but viewed as crucial to an organization’s well-being. The role only became more revered as the perceived threat of Y2K loomed and the dot-com boom had every company chasing an ecommerce future.
Helen Polatajko, on the CIO Canada cover in May 2003, remembers it as both an era of opportunity and challenge. In 1998 she was asked by her employer to take on a new role. The Bank of New York Mellon, had formed a joint-venture with Toronto-based CIBC, and as a CIO that had mastered Mellon’s technology stack, she was tapped to lead the greenfield opportunity for the startup in Toronto.
“Y2K was right on our doorstep,” she recalls. “Plus, I was facing a brand new country, a new job, a greenfield IT build, early acquisitions, and demutualization as insurance companies were going from private to public.”
Poltajko, like many of her peers, was about to face a markedly different era.
The fall from grace
Where CIOs had been heroes that averted a disaster as the clocks rolled over to the year 2000, then helped businesses chase the gold rush of the online space that followed, they were now relegated to a dotted-line to the chief financial officer. Many organizations changed their attitudes towards technology, seeing it merely as a utility and the CIO’s role to keep the lights on. If the CIO got bigger aspirations, well “the CIO proposes, the CFO opposes,” Love recalls.
“After Y2K and the dot-com bubble bursting, a lot of CIOs suffered,” Love says. “Budget cuts. Cost pressures. Lost prestige.”
As a result, CIOs were faced with a new culture shock. Instead of just focusing on delivering new capabilities, they had to toe the line on ROI measurements. Many found the time they had to prove their worth in their organizations was less than a year and many were shown the door.
Polatajko remembers the struggle well. One that she experienced as a newcomer to Canada.
“CIOs were really not recognized as peers at the executive table and quite frankly women even less so at that point,” she says. “Personally, the challenges were just being accepted as business partner and as a woman at the table.”
On top of organizational politics, CIOs were also starting to face a new challenge in dealing with data. When business department leads got impatient waiting for IT teams to extract the data they needed to make decisions, they found ways to do it themselves, often even building their own applications or carving out budget to outsource an application’s build without bothering to inform the CIO. So-called “shadow IT” was on the rise and as a result, organizations faced a lot of redundant systems and multiple places where data was held, often portraying different versions of the truth.
With no strong executive role setting directions for systems or data, organizational silos formed between departments. A phenomenon that also affected the new joint-venture of CIBC Mellon.
“I was green-fielding my organization and each of the other executives were green-fielding theirs,” Polatajko recalls. “The marketing department had to figure out what it meant to market a joint venture. The authorizations department had to navigate compliance for the new geography. So we were all a little bit working in isolation.”
Starting in 2003, Polatajko noticed a shift. With the individual organizations at CIBC Mellon in place, the executives began collaborating more with each other. As she gained the ear of the rest of the leadership team, she won approval for more projects and saw them integrated into the business.
By the time her CEO pulled out her cover issue of CIO Canada and put it on the boardroom table to show other executives as a point of pride in May 2003, the CIO role was beginning another era. One that was rather Dickensian.
“It was the best of times, it was the worst of times,” Love says, channeling the Victorian-era novelist. “What can only be described as the consumerization of IT brought with it the biggest wave of shadow IT in history.”
At the same time, the pace of change brought by technology meant that organizations themselves were changing rapidly. Some collapsed entirely, proving not nimble enough to respond to a wave of disruptive competition from startups that were born out of the Internet.
CIOs faced increasing complexity and more demands than ever on delivering results. As a result, new “lean” methodologies and agile approaches became adopted and the role of the CIO was abstracted beyond the bits and bytes of an organization.
“When I started I could have installed a server,” says Ted Maulucci, now the President of SmartOne Solutions and a member of the Canadian CIO Hall of Fame. “The general complexity is increased so that you can really no longer do it on your own and with your teams.”
Maulucci was on the cover of Canadian CIO three times, with the first being in October 2005.
Instead, CIOs call on partner networks to succeed, juggling vendor contracts, and outsourcing teams alike. Globally, firms that understood technology realized that it was no longer something that was nice to have, but something that was necessary to survive.
In an interview at the Canadian Tire headquarters in Toronto, Chief Technology Officer Eugene Roman reflects on some of the hits and misses in the Canadian technology scene during the 2000s. He points to Sybase, an enterprise software firm that analyzed relational databases. Its SMS and MMS protocols are still widely used by telecom carriers around the world. (Sybase was acquired by SAP in 2010.) He also points to the heyday of BlackBerry and the end of Nortel as pinnacle moments.
“This is who we are, digital Canada. I think our country has produced tremendous people in this space,” he says. “Here, we tend to go to people who get stuff done. We’re common-sensical.”
In the last couple of years, the importance of technology has become even more integral to the business. As Microsoft CEO Satya Nadella put it in 2015, “every business will be a software business.”
If that’s indeed the case, then perhaps Khosla is right about the CIO being perfectly positioned for even loftier leadership positions. Certainly the CIOs interviewed for this piece have all seen their careers continue to climb over the years. Maulucci has started his own business to bring digital “smart community” technology to Canada. Polatajko and McGrath are now active board members. Critchley is the President of Cottage Care Rentals. Roman continues to lead Canadian Tire’s technology vision – winning the Canadian CIO of the Year award in 2015.
As for Bawks, who is now in his early 60s and still happily working, 25 years after being featured on the first cover. With his two daughters grown and embarked on their own professional careers (one became a lawyer, the other an athletic therapist) and his wife still working a demanding job in the public sector, he continues to find satisfaction in solving business problems.
“I’ve had a lot of enjoyment looking at a lot of different businesses rather than just one business,” he says. “I like to work. There are a lot of things going on and I want to tinker at the edges to see what can be down in the puzzle to help customers out.”
We like to picture him tinkering away with a saw in one hand, and a level in the other.
To mark the 25th anniversary of Canadian CIO, we’re doing a walk down memory lane by profiling some of the CIOs featured on our covers over the past quarter-century, reflecting on their cover moment and catching up on where their leadership career has taken them.
Helen Polatajko’s Canadian stint as a CIO began at a startup, giving her a rare opportunity to start from scratch. It also transformed into a collaborative role that has led her to help corporate boards better understand technology.
Having begun her CIO career in Texas in 1993 for Mellon Financial Corp.’s mortgage subsidiary, four years later Polatajko was asked to come to Canada to be the CIO for its joint venture with CIBC in Toronto because she already knew the Mellon technology.
“It was a great opportunity because it was a startup,” she said. “I could really greenfield the technology, the people. I had to hire people, I had to create policies. It was a unique opportunity. Many CIOs don’t get a chance to greenfield.”
It was a busy time for CIBC-Mellon when Polatajko took the reins in 1998. “It was the beginning of a joint venture. Y2K was right on our doorstep. CIBC-Mellon right involved in an acquisition the second year of its existence,” she said. “On top of that, the insurance companies were starting to go public from being private. All the demutualization of the insurance companies was happening.”
It was a lot to tackle in the span of two years. Polatajko’s approach was to do everything piece by piece with a really strong team of people that really wanted to work, do the right things, and enjoy the green fields. “It’s no different then than it is now,” she said. “They saw that opportunity of doing something, making something new, and making something good.”
Some of the pitfalls back then remain the same today, something Polatajko tried to avoid at CIBC-Mellon, including the duplication of everything, “spinoffs of everything, so there’s multiple data stores for the same data, not the same definitions for the same data.” She saw an opportunity to do things differently by creating a single source of truth. “We would all know what the pieces of data meant. There would not be duplications of data, there would not be spinoffs of applications.”
Polatajko said her organization was able to merge data tighter than what can be done today because there’s too much disparate and unstructured data coming in. “Today’s CIOs can no longer get their hands around it.” But what hasn’t changed in her 30-year career is how to get the best people. “I’m a firm believer that technology can be taught. That is not the challenge. What you want to look for are the kinds of people that are a fit for the organization and fit for the team. People that think out of the box. People that can look at things in different ways and not always look at it one way.”
Five years into the CIBC-Mellon joint venture and clear of the Y2K and demutualization challenges, Polatajko said executives collectively agreed they should collaborate more as a team. “In 2003, we started not just building our individual teams, but building for the organization. We started coming up with different procedures to help us,” she said. “These were no longer just technology projects. These were business projects. We built in those protocols, and my colleagues and my executives were all part of helping us build these processes for technology. It was a unique opportunity.”
Having retired in 2012 as a CIO, Polatajko created a new opportunity for herself. “I’m very conscious of sharing and giving back. I thought one of the ways that I could continue to do that, although I wasn’t looking to do day-to-day job anymore, was at the board level,” she said. “Companies now are absolutely recognizing that what’s lacking at the board of directors table is technology. It stems from the cyber security slope that’s taking off, because when the board still thinks of technology, the first thing they think of is cyber security. They don’t necessarily think of all the other components of technology.”
In 2014 she joined the Canada Mortgage and Housing Corp. as a member of the executive and management committees, with the title of vice-president of IT. Since November 2016, her focus has been as a member of the board and risk committee at CDSPI, a non-profit that provides financial services to dentists.
Polatajko encourages other CIOs to do the same, as it’s a missing element at the board level, and they are in the position to do it. For her, it’s meant her career has evolved from somewhat hands-on to more strategic planning. “I am doing some work with boards on providing strategic advice and counsel to them. I’m continuing my career in a different way right now, and still feeling that I am involved with technology, which is what started me off with this.”
With notes from Brian Jackson
Help protect your data and comply with new regulations by improving your PC and Printer security
The consequences of a customer or company data breach can be catastrophic to a business of any size. The resulting damage to reputation, customer and the bottom line are just the tip of the iceberg. Businesses could pay the price of enormous penalties, imposed by strict new compliance regulations. As firewalls are no longer enough to protect your data, businesses must implement multiple layers of protection down to every network endpoint—from PCs to Printers—to build their defenses and address compliance requirements.
In today’s tech-enabled world, device proliferation is leading to complex multi-device and multi-platform infrastructures as businesses continue to focus on becoming more mobile and meeting the demands of their workforce. Every one of these devices is an access and exit point for company data and can come at a security cost. One of the biggest challenges facing companies today is how to control and secure data without disrupting business operations. Increasingly, data is being held and processed beyond the firewall boundaries, making the task of securing data more difficult for network defenders.
The rise of cyber-attacks has resulted in a wave of strict new data security regulations which are important to businesses around the world. New directives such as the EU General Data Protection Reform Act (GDPR) is not just relevant to organizations based in the EU but applies to any organization collecting data from EU residents.
The EU GDPR warn businesses of significant fines if they’re found to be non-compliant in the aftermath of an attack. These fines are on top of the financial destruction caused by the data breach itself. Other regulations such as The Directive on security of network and information systems (NIS Directive) impose new network and information security requirements on operators of essential services and digital service providers (DSPs). Organizations will be required to report certain security incidents to competent authorities or Computer Security Incident Response Teams (CSIRTs).
Some countries are also implementing these regulations ahead of them becoming enforced. For example, the Netherlands introduced the Breach Notification Law in January 2016 which dictates the reporting of breaches to a newly independent Data Protection Authority as mandatory. Failure to comply can lead to administrative fines of up to €810,000 or 10% of annual net turnover. The pressure is high.
Businesses must comply if they collect data in the EU
If an organization collects and uses personal data in the EU, they need to comply. This includes people buying goods and services as well as monitoring customer behaviour in order to use that data. For example, if your business tracks online activity to improve customer targeting. Even if your business is outside the EU, every device that can access customer data must be secure.
Businesses must be meticulous with maintaining documentation
The requirements related to maintaining documentation, conducting impact assessments and reporting breaches is time-consuming. Every time a new device is added to the network, it should be secured to your policies and monitored by a SIEM (Systems Information and Event Management) tool to track issues, enable remediation and support compliance reporting.
Businesses must report a breach within 72 hours
Businesses must notify the Data Protection Association without undue delay and – where feasible – within 72 hours. If they don’t, a reasoned justification must be provided. This new requirement has been introduced in order to protect the rights of individuals to know what is happening with their personal data and understand if the organizations that hold their data have the correct procedures, tools and products in place to monitor, identify risks, and stop attacks in order to protect customer data.
Businesses will pay heavy penalties if they do not comply
The new regulation is introducing a tiered approach to penalties and the severity of the breach will dictate the size of the fine. The maximum penalty to pay could be 4% of a company’s annual turnover up to €20 million1. As mentioned in some countries, like the Netherlands, even steeper fines have been introduced – up to 11% of annual revenue2.
When it comes to PC and Printer protection, there are practical steps to take to ensure your endpoints comply, in preparation for the introduction of these new regulations.
1. Prepare for compliance audits
To prepare for a compliance audit, IT teams should ensure they can effectively monitor their entire IT infrastructure including endpoint devices like PCs and Printers. They should also schedule regular assessments to keep every endpoint device, including the entire Printer fleet, in compliance with the policy.
2. Carry out a complete audit
IT teams must identify every device that can access their company and customer data and assess the level of security it has built in. It’s also recommended they use a fleet security management tool that can immediately identify new devices and automatically apply corporate security policy settings.
3. Embrace security by design
IT teams must put the right IT policies in place so that compliance requirements are not an afterthought but an intrinsic way that new devices and services are introduced into the network. Ensure you are able to monitor every device including your Printers and feed anomalies or incident information into your network-wide vulnerability assessment and monitoring tools, like a SIEM tool.
To mark 25 years of publishing for the most senior leaders in Canadian IT organizations, IT World Canada reconnects with faces from past covers and asks them to reflect on how the role of CIO has evolved in the past quarter-century.