Join 2,000+ forward-thinking M&A practitioners on M&A Science
Join now!

How to Improve Your Operational Performances Using Technology

Show Notes Of Podcast

What is the Role of a CTO?

The CTO position has evolved over the last decade - even more so over the last five years. Currently, there are three main responsibilities of CTOs:

  1. To be an integral part of the day-to-day running of the company; staying apprised of all major decisions and discussions of growth/development, as well as having a seat at the meeting table.
  2. To reduce risk.
  3. To drive revenue.

With data breaches, phishing emails, and hacking become all the more common, IT security measures and the role of the CTO (and the CIO) is increasingly critical. Security decisions need to be aligned with business goals and strategies; however, even when they are, they are often viewed as unpopular - at least initially. Today we will use knowledge from CTO Richard Itri to learn how to implement and align technology to improve processes, operations, and security.

With data breaches, phishing emails, and hacking become all the more common, IT security measures and the role of the CTO (and the CIO) is increasingly critical. Security decisions need to be aligned with business goals and strategies; however, even when they are, they are often viewed as unpopular - at least initially. Today we will use knowledge from CTO Richard Itri to learn how to implement and align technology to improve processes, operations, and security.

What is the Role of a CTO?

The CTO position has evolved over the last decade - even more so over the last five years. Currently, there are three main responsibilities of CTOs:

  1. To be an integral part of the day-to-day running of the company; staying apprised of all major decisions and discussions of growth/development, as well as having a seat at the meeting table.
  2. To reduce risk.
  3. To drive revenue.

While reducing risk and driving revenue are hallmarks of the position, ultimately, in order to accomplish the above, CTOs MUST prioritize running a stable, secure, operational environment. How is this done? The biggest initiatives are related to security and reduction of risk, which are constantly evolving, and “blocking and tackling.” This proactive approach keeps companies up and running.

Think, for instance, if your email system went down...imagine the enormous impact that could have on your business. Consequently, CTOs work diligently to strike a delicate balance between their IT investments and making sure these investments protect the daily operations, while still aligning with the business’s and management's expectations.

How Does One Build IT From Scratch? 

Building IT from scratch brings about both excitement and creativity, as well as challenges. The fun part entails the opportunity to create your own environment from scratch - not trying to fix or work around the problems of another platform.

However, CTOs must work diligently to align the infrastructure with the business’s goals and plans. Additionally, when building IT from scratch, the CTO must recognize that with innovation comes risk. Furthermore, another challenge is avoiding the pitfall of buying technology that will be redundant in a few years.

For Itri, this meant beginning with a private cloud-based platform because the public cloud was too green when he was building his IT. At the time, he saw the public cloud as a risk because there were not enough resources to support it.

Then, he built a security framework and continued to layer on details. Additionally, never owning physical hardware allowed him to run a very light balance sheet and use his financial resources more efficiently. As a result, his costs were related to per user chargers, which gave him a strong ballpark sense of what new users would cost the company. 

What Are The Biggest Challenges In Building and Implementing Infrastructure as CTO? 

By far, time is the biggest challenge in building and implementing infrastructure as a CTO. Namely, CTOs have a short window in which to work and make key decisions, and they must learn to pick their battles. This means they must examine risks and what they can backfill on Day 1.

A way to do this is by asking:

  • What can I do to make the firm secure and functional?
  • What can we backfill?
  • Spending time on the backlog of requests will create sensibility and allow you to deliver functionality. 

What Are The Biggest Security Threats in Business - Specifically Investment Banking?

  1. Phishing and business email compromise. Phishing and business email compromise is a top risk for all businesses and firms - not just investment banking - because phishing emails are getting better and better and the volume of them has increased drastically. Deploying a layered defense is critical when it comes to phishing emails. Tools should also be leveraged in order to look at the domain the emails are coming from.  Moreover, employees must be educated on the topic and informed of  new types of phishing emails because the technology alone will not be able to stop everything - you need people on board, too. 
  2. Client content. Client content and data is a top risk for investment banks. Email is such a commonplace way to communicate, but it easily puts content and data at risk. Once the data leaves the confines of the company’s walls, the company or firm can no longer control what happens to it. With this in mind, firms should move to sharing content through deal rooms because they can control who accesses the content. With a deal room, even if an email goes to the wrong person, the content is still secure because the person receiving the email will not be able to access it.

How Do We Address These Security Threats in Business and Investment Banking?

The challenge here is two-fold: first, the bankers need to change how they work and communicate. Historically, the client has preferred simplicity over security; however, it is in the client’s best interest to take the lead here from the banks.

At the same time, banks need to address security concerns with clients in a more proactive manner. Yes, secure methods do often mean extra steps, but these extra steps make a massive difference. For instance, clients can be annoyed by multi-factor authentication, but it protects their data. Remember when Colin Powell’s email was hacked and the consequences it had on the market? Had that information been stored in something other than email, it would have been much safer. 

What Causes Data Leakage and How Do We Hold People To a Higher Security Standard?

More often than not, data leakage is not because people are being malicious, but rather because people are making mistakes. In fact, Itri estimates about 50% of leaks are unintentional (i.e. someone mistakenly adds an incorrect party to an email). These mistakes can be mitigated by discussing security more - because let’s face it, people don’t like talking about and thinking about security.

People can be held to a higher security standard with the help of:

  1.  A business aligned strategy and diligence - Meaning companies and practitioners cannot continue down a road that can lead to security loss. For example, Outlook Anywhere in 2015 was being used, but it was not as secure as other methods for accessing emails remotely. Cutting this program might not seem business aligned because it would initially affect email access or might lead to a path with more steps; however, in the long run moving from Outlook Anywhere could protect data leakage and client content loss. In this example, and many others, people might complain about lack of convenience, but security is something that cannot be compromised. It is also important to note that it is usually just a small group complaining about the change - not everyone. This group can often be brought onboard by being completely transparent about why the change is happening (such as protecting data and assets). 
  2. Education - If employees have poor technology security habits at home/in their personal lives, they will bring these poor habits to the office, which puts everyone at risk - they will be the ones opening phishing emails and complaining about extra steps. Teaching proper security habits and explaining the rationale behind them will make for secure work habits and tech savvy employees. 

Additional Risk, Challenges, and Best Practices:

  1. Inside risks, both malicious and unintentional, must be at the forefront of CTOs’ minds. 
  2. There is a natural struggle between security, compliance, and usability. Industry practitioners call this the “tech trifecta.” You want the technology to be usable, yet compliant. Establishing equilibrium here is a challenge all CTOs work to overcome. 
  3. Perhaps one of the largest challenges is creating a repeatable business process to ensure data quality is consistent and accurate. Because data is critical to any organization, it must be consistent and accurate in order for strong day-to-day operations. 
  4. Vulnerability management is also essential. This means staying up-to-date on patching; most data leaks have been connected to machines that were accessed and not patched. Historically, patching once a quarter was the norm, but this frequency is no longer enough. 

The Future of Technology and M&A

Investment banking is ripe for disruption because it has been slow to innovate; therefore, investment bank firms that are willing to create a tone from the top of leveraging technology and data will see improved interactions with clients and be able to produce more insightful content for clients.

Additionally, because of cell phones and advancements in technology in our everyday lives, there is now more data to send and transmit. This can also be leveraged to improve interactions with clients by making information seamless and by being able to capture it.

Finally, as clients demand better content and ideas, and as portals to log into and run ideas themselves become more prevalent, banks that can take their “secret sauce” and plug it into a digital platform will be the ultimate game changers. 

Final Thoughts

While managing the risk of technology can be complex, technology has greatly advanced the world of M&A (though as noted above, there is still more work to be done). Now, tools make it easier to work with multiple data sets and surface new ideas that can help win deals.

In the future, technology will be utilized not just to organize data, but also to produce new insights. Of course, CTOs will continue to play a prominent role in all of this, working to align goals and improve revenue, while also maintaining robust security measures.

Previous Episode
Next Episode

With data breaches, phishing emails, and hacking become all the more common, IT security measures and the role of the CTO (and the CIO) is increasingly critical. Security decisions need to be aligned with business goals and strategies; however, even when they are, they are often viewed as unpopular - at least initially. Today we will use knowledge from CTO Richard Itri to learn how to implement and align technology to improve processes, operations, and security.

What is the Role of a CTO?

The CTO position has evolved over the last decade - even more so over the last five years. Currently, there are three main responsibilities of CTOs:

  1. To be an integral part of the day-to-day running of the company; staying apprised of all major decisions and discussions of growth/development, as well as having a seat at the meeting table.
  2. To reduce risk.
  3. To drive revenue.

While reducing risk and driving revenue are hallmarks of the position, ultimately, in order to accomplish the above, CTOs MUST prioritize running a stable, secure, operational environment. How is this done? The biggest initiatives are related to security and reduction of risk, which are constantly evolving, and “blocking and tackling.” This proactive approach keeps companies up and running.

Think, for instance, if your email system went down...imagine the enormous impact that could have on your business. Consequently, CTOs work diligently to strike a delicate balance between their IT investments and making sure these investments protect the daily operations, while still aligning with the business’s and management's expectations.

How Does One Build IT From Scratch? 

Building IT from scratch brings about both excitement and creativity, as well as challenges. The fun part entails the opportunity to create your own environment from scratch - not trying to fix or work around the problems of another platform.

However, CTOs must work diligently to align the infrastructure with the business’s goals and plans. Additionally, when building IT from scratch, the CTO must recognize that with innovation comes risk. Furthermore, another challenge is avoiding the pitfall of buying technology that will be redundant in a few years.

For Itri, this meant beginning with a private cloud-based platform because the public cloud was too green when he was building his IT. At the time, he saw the public cloud as a risk because there were not enough resources to support it.

Then, he built a security framework and continued to layer on details. Additionally, never owning physical hardware allowed him to run a very light balance sheet and use his financial resources more efficiently. As a result, his costs were related to per user chargers, which gave him a strong ballpark sense of what new users would cost the company. 

What Are The Biggest Challenges In Building and Implementing Infrastructure as CTO? 

By far, time is the biggest challenge in building and implementing infrastructure as a CTO. Namely, CTOs have a short window in which to work and make key decisions, and they must learn to pick their battles. This means they must examine risks and what they can backfill on Day 1.

A way to do this is by asking:

  • What can I do to make the firm secure and functional?
  • What can we backfill?
  • Spending time on the backlog of requests will create sensibility and allow you to deliver functionality. 

What Are The Biggest Security Threats in Business - Specifically Investment Banking?

  1. Phishing and business email compromise. Phishing and business email compromise is a top risk for all businesses and firms - not just investment banking - because phishing emails are getting better and better and the volume of them has increased drastically. Deploying a layered defense is critical when it comes to phishing emails. Tools should also be leveraged in order to look at the domain the emails are coming from.  Moreover, employees must be educated on the topic and informed of  new types of phishing emails because the technology alone will not be able to stop everything - you need people on board, too. 
  2. Client content. Client content and data is a top risk for investment banks. Email is such a commonplace way to communicate, but it easily puts content and data at risk. Once the data leaves the confines of the company’s walls, the company or firm can no longer control what happens to it. With this in mind, firms should move to sharing content through deal rooms because they can control who accesses the content. With a deal room, even if an email goes to the wrong person, the content is still secure because the person receiving the email will not be able to access it.

How Do We Address These Security Threats in Business and Investment Banking?

The challenge here is two-fold: first, the bankers need to change how they work and communicate. Historically, the client has preferred simplicity over security; however, it is in the client’s best interest to take the lead here from the banks.

At the same time, banks need to address security concerns with clients in a more proactive manner. Yes, secure methods do often mean extra steps, but these extra steps make a massive difference. For instance, clients can be annoyed by multi-factor authentication, but it protects their data. Remember when Colin Powell’s email was hacked and the consequences it had on the market? Had that information been stored in something other than email, it would have been much safer. 

What Causes Data Leakage and How Do We Hold People To a Higher Security Standard?

More often than not, data leakage is not because people are being malicious, but rather because people are making mistakes. In fact, Itri estimates about 50% of leaks are unintentional (i.e. someone mistakenly adds an incorrect party to an email). These mistakes can be mitigated by discussing security more - because let’s face it, people don’t like talking about and thinking about security.

People can be held to a higher security standard with the help of:

  1.  A business aligned strategy and diligence - Meaning companies and practitioners cannot continue down a road that can lead to security loss. For example, Outlook Anywhere in 2015 was being used, but it was not as secure as other methods for accessing emails remotely. Cutting this program might not seem business aligned because it would initially affect email access or might lead to a path with more steps; however, in the long run moving from Outlook Anywhere could protect data leakage and client content loss. In this example, and many others, people might complain about lack of convenience, but security is something that cannot be compromised. It is also important to note that it is usually just a small group complaining about the change - not everyone. This group can often be brought onboard by being completely transparent about why the change is happening (such as protecting data and assets). 
  2. Education - If employees have poor technology security habits at home/in their personal lives, they will bring these poor habits to the office, which puts everyone at risk - they will be the ones opening phishing emails and complaining about extra steps. Teaching proper security habits and explaining the rationale behind them will make for secure work habits and tech savvy employees. 

Additional Risk, Challenges, and Best Practices:

  1. Inside risks, both malicious and unintentional, must be at the forefront of CTOs’ minds. 
  2. There is a natural struggle between security, compliance, and usability. Industry practitioners call this the “tech trifecta.” You want the technology to be usable, yet compliant. Establishing equilibrium here is a challenge all CTOs work to overcome. 
  3. Perhaps one of the largest challenges is creating a repeatable business process to ensure data quality is consistent and accurate. Because data is critical to any organization, it must be consistent and accurate in order for strong day-to-day operations. 
  4. Vulnerability management is also essential. This means staying up-to-date on patching; most data leaks have been connected to machines that were accessed and not patched. Historically, patching once a quarter was the norm, but this frequency is no longer enough. 

The Future of Technology and M&A

Investment banking is ripe for disruption because it has been slow to innovate; therefore, investment bank firms that are willing to create a tone from the top of leveraging technology and data will see improved interactions with clients and be able to produce more insightful content for clients.

Additionally, because of cell phones and advancements in technology in our everyday lives, there is now more data to send and transmit. This can also be leveraged to improve interactions with clients by making information seamless and by being able to capture it.

Finally, as clients demand better content and ideas, and as portals to log into and run ideas themselves become more prevalent, banks that can take their “secret sauce” and plug it into a digital platform will be the ultimate game changers. 

Final Thoughts

While managing the risk of technology can be complex, technology has greatly advanced the world of M&A (though as noted above, there is still more work to be done). Now, tools make it easier to work with multiple data sets and surface new ideas that can help win deals.

In the future, technology will be utilized not just to organize data, but also to produce new insights. Of course, CTOs will continue to play a prominent role in all of this, working to align goals and improve revenue, while also maintaining robust security measures.

What is DealRoom?

Stay up to date on M&A Science

Sign up to be on the M&A Science email list and receive notifications on the latest publications

Join 2,000+ forward-thinking M&A practitioners
7

Get weekly updates about M&A Science upcoming webinars, podcasts and events!

Subscribe

I don’t want to get updates  
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.