Why Resilience Must Become a Board Issue!

In this digital age and outcome-driven economy, the onus is on enterprises to consistently and continuously outdo themselves. However, investments in delivering flawless digital experiences are often diverted to security and/or other departments. Consequently, topics like performance and reliability take a backseat in favor of seemingly more pressing initiatives.

A recent enlightening conversation on LinkedIn with my friend Scott Moore ⚛ spurred me to examine this matter; the topic was: "Performance is nice to have, but security is a must. This is why it will always be of higher priority to the executive level at any company."

Rise of the Chief Information Security Officer

A role that has dynamically evolved to address security dilemmas is the Chief Information Security Officer (CISO). This evolution highlights an urgent necessity for a new leadership role, the Chief Resilience Officer (CRO), which is instrumental in ensuring that businesses stay adaptive and thrive amidst the constantly transforming environment.

At the onset of the 21st century, the burgeoning Internet emerged as a double-edged sword. Companies realized that safeguarding digital assets was imperative, not just a choice. The CISO emerged as a sentinel against the rising tide of cyber threats and data violations. With escalating security breaches, security vaulted to a top-tier concern in corporate boardrooms. Boards must be confident that security risks are managed, as any oversight can have legal repercussions directly impacting them individually.

The Case for a Chief Resilience Officer

Today's business terrain is as turbulent as the cyberspace of the early 2000s. Modern-day enterprises are wrestling with various challenges – from cybersecurity menaces and regulatory shifts to the enormous reliance on 3rd parties, internet complexity, Internet stack explosion, cloud providers, CDN, and DNS providers to global crises like pandemics. This is where the term "resilience" becomes paramount.

The realm of a CRO includes preparing an organization to navigate these challenges and fine-tune its operations. This role is not restricted to security but encompasses business continuity, disaster recovery, risk management, and organizational flexibility.

Reflecting on my journey back in 1999, I was tasked to create the "Quality of Services" team responsible for monitoring DoubleClick services from an end-to-end perspective. Our charter was to ensure SLA adherence, maintain exemplary uptime, synthesize tracking data to gauge the system's well-being, and build, buy, deploy, and use every monitoring tool needed to ensure our reliability. We were the single pane of glass that allowed us to understand how the entire stack was working (or not).

There has been an eruption of monitoring and observability tools. In a quest for agility, many enterprises have adopted a decentralized modus operandi for monitoring. It no longer surprises me when I encounter a company that uses four different APM solutions and is disconnected.

However, this has created a scenario where tools are used more for exculpation than problem-solving (Mean Time to Innocence, MTTI), which has two significant consequences:

·      Customers and thus the bottom line bear the brunt, while an internal blame game threatens an organization's revenue, brand, and operational efficiency.

·      Enormous investments in monitoring tools leave the management perplexed about persistent issues, instigating doubts regarding these solutions' ROI (Return on Investment).

Embracing resilience at the board level

I am not advocating for either a centralized or decentralized approach to monitoring. I am spotlighting the importance of the Chief Resilience Officer role (monitoring is not as sexy). This role's significance is on par with that of the CISO in the early stages of the Internet surge. A Monitoring / Observablity Data Czar, someone that can connect the dots and be a Watchdog!

Organizations need to be agile, robust, and resilient to weather the unpredictable storms of the business world. Companies can protect and grow revenue and brand equity by integrating a CRO into the organizational fabric. Boards must grasp how urgent this is. I am fortunate to have been backed by visionary leaders in the late 90s who recognized performance as a business differentiator, and our reliability metrics were discussed at the board level. In a world of constant disruption, embracing resilience becomes the key to survival and success.