What's Your Job?
Home Depot had its infamous data breach in 2014. Soon after, the then-current CIO lamented publicly about the lack of investment in security by his bosses (tip: publicly complaining about your bosses is not a good way to keep your job). He was quoted as saying (and I’m paraphrasing here) that when he asked for more money for additional funds, he was told that “Home Depot’s job is to sell hammers.” That sounds harsh at first, but it actually makes sense. Home Depot’s job IS to to sell hammers (and other tools). The CIO’s job is not to create a wholly-contained IT security apparatus within Home Depot, it is to buy and implement the best-in-breed security solutions available, and let the experts run it. By definition, this means moving on-premises solutions to a secure cloud area (Salesforce, Oracle, Amazon, Microsoft, etc.) and let them keep the data secure.
It is common for individuals in a company to lose sight of the overall mission. People get down into the details of their own jobs, and leadership does not do enough to reiterate the corporate mission. When I worked for an insurance company, I used to often ask my team members, “What is your job?” and I’d get all sorts of answers. My response was always the same, “NO! Your job is to sell insurance.” Not literally, of course, but to support the mission of the company. If we don’t sell insurance, we don’t have jobs. For IT, that meant creating a safe, stable platform on which to conduct our business and to create a pleasant user and employee experience. Simple, no? Not in practice, but that single-minded focus helps crystalize the overall mission of the company.
Every IT department loves to believe it is the second coming of IBM. While there are many smart and talented people in IT departments the world over, they really can’t withstand the constant onslaught of motivated (and sometimes state-funded) hackers, who have all the time in the world. Cloud companies have teams of experts working 24x7x365 to keep their clouds secure. It is easier and cheaper for a company – any company – to rent space on one of those clouds and reap the benefits of mutually shared security. There is safety in the herd. Not to mention, renting space in the cloud is FAR less expensive than dealing with a data breach.
As a side note, the CISO of Home Depot had left in February of 2014 to join… Equifax.