The role of CIO has expanded as more data is at risk
As security and governance have moved front and center, the role of the CIO has also expanded beyond its traditional roles, into providing education on security at every level and every corner of the organization. Companies doing an assessment of their existing data and its risk profile are realizing they have more data at risk than they previously thought, says Perry Kramer, vice president and practice lead at Boston Retail Partners, which found in its 2015 POS/Customer Engagement Benchmarking Survey that payment security is among CIOs top three priorities for 2016, with big topics of discussion focusing on encryption and tokenization. Major types of data at risk, he explains, include credit and debit account numbers, gift card numbers, personally identifiable information (also referred to as PII data), proprietary merchandise/product data and financial plans.
"Retailers literally have hundreds of thousands of access points, as well as a large portion of their staff that are not highly trained in the use of technology," he says. "So they must make every effort possible to lock down peripherals and every risk point." CIOs are challenged to fight for the budget and resources to maintain multiple layers of security, he adds, which goes hand-in-hand with allowing the business to operate with the flexibility and functions it needs to succeed.
Omnichannel creates both challenges and opportunities
The good news is, the CIO relationship with line-of-business colleagues has improved enormously at most retailers, including better communication, says Lawrie, which will be crucial to collaborating on issues such as making inventory data more accessible to customers and integrating channels. What is still challenging, however, is how to create the business case for new technologies when even limited deployment can have risks. "Some of them you have to try out to see if you have a business case at all," he explains. "It's hard to tell how it will affect conversion or average order value, for example, doing a pilot."
In general, CIOs must continue to educate the key executives in their organization on the risks and their plans to address those risks, says Kramer, and they need to engage technology partners with the expertise in this rapidly changing area to reinforce and help execute those plans.
"As organizations continue to push for omnichannel capabilities, the CIO must be cognizant of how increases in data security may impact the ability to provide this type of functionality," he says, adding that a true unified commerce architecture, if implemented correctly, can actually serve as an enabler of both enhanced information security and a seamless shopping experience. "It can minimize customer datastores, control the flow of payment data through a single gateway, and provide a single version of the truth as it relates to business rules."
Sign up for Computerworld eNewsletters.