The CIO Must Take Charge of the Organization’s Application Portfolio (Security Intelligence)


here was a time when every application used in the enterprise application portfolio was either selected and deployed by the chief information officer (CIO) or at least vetted under the management of IT. The advent of software-as-a-service (SaaS) computing options led to the rise of shadow IT, which has allowed individuals to make their own decisions about what applications met the needs of their departments.

Today the practice has morphed to a somewhat more controlled version in which departments still exercise relative autonomy because they control their own IT budgets. This trend has put distance between the CIO and the enterprise application portfolio.

As applications become more specialized to support highly targeted functions, they are also increasingly connected to other applications and datasets in the enterprise. That means the marketing automation system that maintains sales-related data likely accesses product information from supply chain systems and customer data from accounting systems. The connections simplify and accelerate operations. Without adequate oversight and control, however, they can open channels for possible data breaches.