The increasing prevalence of big data initiatives and the adoption of generative AI technologies are causing security leaders, such as Chief Information Security Officers (CISOs), and Chief Data Officers (CDOs) to collaborate more closely. While both roles involve overseeing data generation, storage, and usage within an organization, their goals often differ. While CISOs focus on protecting data from compromise and breaches, CDOs aim to enable access to data for various use cases, leading to a growing tension between the two roles.
According to Mike Scott, CISO at data security company Immuta, there will soon be a “point of reckoning” where the differing objectives of CISOs and CDOs collide. CISOs are primarily concerned with controlling access to data, while CDOs are focused on leveraging data to create revenue streams. This divergence in objectives has shaped the evolution of the CISO and CDO roles within organizations. Despite the ongoing push to align security with business needs, the CISO role remains predominantly technology-focused and has become even more so in recent years.
A survey conducted by leadership search firm Heidrick & Struggles revealed that only 5% of US CISOs currently report to the CEO, down from 8% in 2022. The data also indicated a decrease in the percentage of CISOs reporting to the Chief Information Officer (CIO), with more now reporting to the Chief Technology Officer (CTO) or a senior engineering executive. In contrast, a survey of Chief Data Officers (CDOs) at Fortune 100 companies conducted by NewVantage Partners revealed a different trend. Approximately 43.3% of CDOs now report to the CEO, president, or COO of their organizations, demonstrating a shift in how the role is perceived and a commitment to delivering business value.
The growing importance of data in driving business success is a significant factor contributing to the diverging priorities between CISOs and CDOs. CDOs often have a direct line to top management due to the incentives associated with investing in data. This gives their messages more attention compared to the messages of CISOs or Chief Security Officers (CSOs). CISOs need to be more involved in the work of CDOs, particularly in light of the increasing interest in big data and generative AI initiatives.
Adrian Estala, Field CDO at data analytics firm Starburst, highlighted the need for both CISOs and CDOs to have a comprehensive understanding of an organization’s data assets and architecture. While CISOs focus on identifying risks and implementing controls to protect data, CDOs prioritize fast and efficient data access for customers. Both roles share concerns about data flow, origin, and usage. Estala likened the CISO to a police officer who enforces rules and regulations and the CDO to a paramedic who offers assistance in times of need.
To facilitate effective collaboration, there are several ways that CISOs and CDOs can support each other in achieving their respective goals. CDOs can reduce the burden on CISOs by being mindful of data movement and finding solutions that work directly with data at the source. This reduces the need for the security team to recreate controls for data that is copied and moved around the organization. On the other hand, CISOs can better understand the mission of CDOs and implement controls that enable safe data usage without stifling innovation. This may include access control measures and self-service options for data teams to easily enable, control, and revoke data access.
Although tensions may exist between CISOs and CDOs, it is a positive sign that indicates the roles are fulfilling their intended purposes. The CISO’s responsibility to provide a “bump in the road” ensures that the CDO doesn’t bypass security measures in favor of speed and innovation. According to Adam Strange, principal analyst at Omdia, the role of the CDO is relatively new, and role definition is crucial. All stakeholders, including the CISO, CDO, CIO/CTO, and business leaders, need to determine their responsibilities within the cybersecurity framework to work collaboratively toward securing data.
In conclusion, the growing significance of big data and generative AI technologies necessitates closer collaboration between CISOs and CDOs. While their objectives may differ, finding common ground and shared responsibilities is essential for effective data governance and management. By understanding each other’s missions and supporting one another, CISOs and CDOs can navigate the evolving landscape of data security and utilize data to drive business success.