In security, fringe groups are no longer ‘the main drivers of risk’

15 Jul 2022

Steve Watt. Image: Hyland

Hyland’s chief information officer explains why he believes the role of the CIO is changing and why investment in AI is key for security.

Steve Watt is the senior vice-president and chief information officer of Hyland, a software development company in the US. He has worked at the company for more than 18 years and his role is to lead change in the organisation.

“We build overall strategies and engage with and advise our line of business leaders on specific department IT strategy to bring value and manage risk while avoiding creating unnecessary roadblocks to getting business done,” he told

“We do this a couple of ways: by evaluating scope of solution, cost and risk, and then engaging discussion with the business through a variety of ways, such as sourcing technology reviews as part of our purchasing process, quarterly technology roadmaps with key business units, and solution guidance for core platforms.”

‘In security you can never rely on just one solution’

What are some of the biggest challenges you’re facing in the current IT landscape?

One of the biggest challenges we face is trying to match the speed that the rest of the business needs us to drive value and innovation. Delivering big bang at the end of a huge waterfall delivery project just isn’t as effective anymore. The business wants to see value being delivered continuously.

One way we are working to make that happen is that we are in the middle of reorganising our IT structure into product/process-aligned delivery teams. These are cohesive units in single reporting structures that include multi-discipline resources (solution/platform engineers, product owners, agile process managers, infrastructure, app development, integrations and more) who align to specific product themes that we deliver to the business.

For example, we have a team that is focused entirely on ‘quote to order’ and the best outcomes for that. That team’s work is done completely under an agile framework and does not have a ‘finish’, per se. The focus is to prioritise the right work and culminates in an ongoing backlog of features, improvements and fixes on which the team executes.

What are your thoughts on digital transformation?

Digital transformation to me means re-envisioning all your systems and processes to ensure you are squeezing every bit of efficiency and value out of your solutions with capabilities to meet your customers in the most effortless manner possible. Usually this takes place by redefining what outcomes mean success and then replacing, rebuilding and eliminating with a laser focus on those outcomes.

Our biggest current priority is involvement in a major systems overhaul that is key to our own digital transformation strategy, necessary to support our growth and drive us forward into our next generation of products known as the Hyland Experience Platform (HxP). There’s intense pressure to digitally transform and become more agile, because there is an intensifying need to deliver continuous value.

Achieving this transformation ultimately improves employee performance by removing barriers and allowing teams to self-serve both within and outside IT with focus on outcomes. Additionally, by having the right resources engaged directly and focused on those outcomes, teams become a tightly functioning unit with narrow vision of what success looks like.

How can sustainability be addressed from an IT perspective?

We focus on sustainability in two facets, the first being our own creation of waste and how we handle it. We partner with certified e-waste recyclers across our global locations to ensure our e-waste is dealt with in a manner with the least ecological impact.

Secondly, many of our cloud suppliers also have their own sustainability goals with many reaching net-zero emissions. I think the only way we continue to work towards this is to try wherever we can to look for those suppliers who have made commitments to limit their ecological footprint.

What big tech trends do you believe are changing the world?

I think the role of CIO is changing, as digital enablement has become a core tenet of every part of a business, whether you’re talking about the customer/product side of the business or back-office systems.

Staying in front of those technologies and the rapid changes that come with them has never been a larger undertaking as the number of choices and unique solutions to business problems is growing.

From a customer point of view, we spend a lot of time not figuring out if a solution can meet core requirements but instead looking to see what feature differentiation exists that drives the highest amount of value.

We still see value from investing in platforms, but we’re simultaneously putting a lot of pressure on our platform suppliers to be just as innovative as the smaller competitors so that we can still see a continuous value stream from our investment.

One other change we’re seeing is that, in the past, IT was often seen as the beginning and the end of digital initiatives, responsible for the selection, implementation and ongoing support of all technology platforms.

That won’t scale today and stifles business. Increasingly, a large population of employees that are technologists are embedded in the business. In turn, a big part of what we focus on now is how do we help guide and coach the business in their use of technology and really empower them to be able to drive their own processes without IT being the bottleneck to the speed at which they need to do business.

How can we address the security challenges currently facing your industry?

The stakes around securing the intellectual property of yourself and your customers has never been greater. Rapid digital enablement pushing more IT capabilities into the business side of an organisation and balancing that with the increased scrutiny and oversight rightfully being applied to security takes a tremendous amount of time and effort.

I only see that continuing to increase as the sophistication of attacks and maturity of the groups behind them has begun to rival any well led organisation. We are getting far away from the idea of fringe groups and individuals being the main drivers of risk.

The groups responsible today are well funded and well trained, and have developed well thought out roadmaps of technology and targets. In the B2B space, we are all part of someone’s supply chain so coordination between companies will be key in our ability to defend against these risks.

Companies today are going to have to continue to protect themselves through many layers of protection in their security suites with well-developed teams and practices.

In security you can never rely on just one solution, but you need overlapping functionality that creates a web of protection.  Also continued research and investment in AI/machine learning security capabilities is key.

While that technology may not be mature enough yet to stand alone, it is definitely beginning to significantly augment the capabilities of existing teams as the mountains of information and the speed of that information becomes exponentially harder to filter and correlate to threats within the environment.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.