Modern CIOs striving to develop and implement next-generation digital platforms face a difficult challenge: Construct these IT software applications as quickly as possible, but still provide adequate protections for both corporate and customer data.
For Deutsche Bank’s chief information officer Frederic Veron, these digital business strategy responsibilities are built into his job title: In addition to CIO, he is also “Head of Safety and Soundness” at the German financial services company. In this role, he provides production assistance for all of the bank’s IT systems — from development to launch.
“The role of the (Safety and Soundness) organization is to support those systems day in and day out, but also to work with the teams developing the next version of the systems to make sure they are being developed correctly,” Veron said during an interview at the MIT Sloan CIO Symposium in Cambridge, Mass., last week.
For example, the Safety and Soundness team is involved in the planning, the design and testing of new software being incorporated at Deutsche Bank. The mission: To ensure reliability, resiliency, flexibility and optimal performance of the software, Veron said.
One of the end goals is to provide direction early on in the software development lifecycle to incorporate the appropriate level of security from the very beginning.
To get there, Veron said three factors are vital: hyper-awareness, operational readiness and the ability to fail and learn fast. He discussed the importance of these factors in a session he led at the MIT Sloan Symposium, titled Safe and Sound Software for Digital Execution:
Hyper-awareness. Many organizations remain in the dark about how end users are using their software and other technology, Veron said. It’s important to become “hyper-aware” of how their software is used day in and day out, connecting the dots all the way to the customer.
This hyper-awareness is made more necessary — and complicated — due to software industry trends, Veron said: As the amount of new software being developed increases exponentially, the majority of software developers are inexperienced and self-taught.
“We need to know our software much better than ever before,” Veron said.
Operational readiness. It sounds simple, but a big part of the CIO role is making sure IT operations are working properly, and running securely as part of a company’s digital business strategy. But this work really begins in the strategic planning stages, Veron said.
This is where the “safety and soundness” part of the CIO role comes into play, Veron said: By working with developers early on in the process to shape planning, CIOs can provide input to make the sure IT is ready to run properly and safely right from the get-go.
After all, it’s up to the CIO to remain aware of system vulnerabilities and be proactive about doing something about them, Veron said.
“Not just when things happen, but before things happen,” Veron said.
Fail fast, learn fast. Incorporating strategies such as Agile and DevOps are invaluable to digitized companies, Veron said. These strategies allow the organization to make decisions quickly, and to focus on the most viable aspects that need to be improved.
This cuts down on lead time and instead of long, expensive multi-year projects, they are done incrementally so the company sees real value from the changes, and fast, Veron said.
‘Raise the bar’ for digital business strategy
During his presentation, Veron was clear that software quality is important to achieving all of these goals and helping CIOs “raise the bar” for their company’s digital transformation.
In his years as an IT leader, he has deployed platforms and practices to determine software quality during the development stages. If a piece of software under development has a high-risk score, Veron said, companies should put off using it or wait until the fixes are made to do so.
As part of their digital business strategy, companies should also tap into the data available in their own systems to make improvements, Veron said. Readily available data can be used to create predictive analytics to identify vulnerabilities automatically.
By examining how their systems are used every day, CIOs can develop parameters outlining baseline operation procedures that can identify system breaches or vulnerabilities quickly, then be proactive about fixing them.
“I don’t think IT organizations have done a good job of mining that data and running the analytics on it to predict how the system is going to behave, or to avoid incidents,” Veron said.