What’s the Difference Between the Chief Data Officer and the CISO?

By: Larry Loeb| - Leave a comment


The chief information security officer (CISO) has become a widely accepted role in the enterprise space, but what about the chief data officer (CDO)? The CDO role is newer and could be less understood by stakeholders. Today, there are only about 1,000 chief data and chief analytics officers in the world, according to Gartner.

By 2019, CIO reports, Gartner has predicted 90 percent of all global enterprises will have appointed a CDO. But what the CDO’s responsibilities will be and how companies will manage any overlap of duties, such as governance, data risk and compliance, are still a mystery.

What Does a Chief Data Officer Do?

The role of the CDO will vary based on industry. Most financial services organizations will use a CDO to manage data risk and compliance. But CDOs in health care organizations, for example, will be tasked with driving cost efficiency and cost reduction. And in the media and marketing industries, CDOs will be expected to increase revenue.

CSO noted that each of these roles requires different skills, and the most desired skills change just as quickly as technology. The CDO’s technical capabilities, for instance, are not as important as they once were.

The best CDOs and CISOs realize that they need to work together to drive advancements in the enterprise. Changes in customer behavior and desires can disrupt anyone, and all stakeholders must be kept in the loop and fed the information critical to their needs.

While a CISO may make a good effort to secure data with perimeter security, the CDO sees the business needs of the users and will usually concentrate on in-house matters.

CDO and CISO Interactions

In the fall of 2015, IBM held a CDO Strategy Summit that showed a growth in attendance of 75 percent. In total, 31 industries were represented, ranging from retail and health care to banking and consumer goods.

One of main takeaways from the summit was that the role of the chief data officer can mean different things to different organizations; it may even go by different names. But whatever the title, it needs to have a strong business case for control over analytics within the enterprise.

In the future, CISOs will still retain their influence over the technical aspects of an enterprise’s data. The CISO will remain the one responsible for enterprise data security, even as the CDO finds innovative new uses for that data. This can mean they may act from opposing perspectives at times, with the CISO pulling one way and the CDO pulling another.

The CISO and CDO may sometimes share responsibilities but report to different executives. In a financial services enterprise, for example, the CDO might report to the CFO in order to make sure regulatory needs are met, but the CISO still assures the data used by the CDO is safe.

It’s All About Change

The CDO role is a reaction to the many changes affecting enterprises today. Increasing the efficiencies of how the enterprise functions is at the base of the role. Complacency is not an option anymore — proactive methods for the use and administration of enterprise data are both required and useful.

Topics: , , ,