Tom Motzel

The Rise of the CDO: conflicts with CISO role?

Last Updated: June 4, 2019By
[glossary_exclude]CIOs have historically been responsible for delivering and maintaining information across the enterprise, including application development, network support, and IT governance. In the past, CIO’s were charged with aligning information with company objectives, but there were inherent gaps since business units “owned” the information and CIOs lacked depth of business context. Today, the effects of mobile, cloud and IoT, combined with advances in artificial intelligence (AI) require greater expertise.

The wave of digital transformation is compelling organizations to better recognize, organize, and govern the information streams they create, thereby demanding a more dedicated focus. It is the role of the Chief Data Officer (CDO) to recognize and communicate new value streams enabled by this data-rich environment.

The CDO has two primary objectives in overseeing company data: drive revenue generation and avoid risk. In order to accomplish these objectives, an organization must first identify, organize, and apply governance to information assets. Once accomplished, it becomes much easier to assign value, determine strategies and set budgets.


The first step for organizations in governing information is having a clear inventory of the data and information they possess, a categorization of that information, and an accurate accounting regarding the value of each. Neglect of these items will nearly guarantee a sub-optimal outcome for the business across many functions, including compliance, risk management, litigation, information value optimization, and overall operational efficiency.  According to DocAuthority, “Without knowing what you have, where it is, and who has access to it (and for what purpose) you cannot proceed with a meaningful information governance program.” The diagram below shows governance supports risk mitigation and increased value streams: “Housekeeping” begins with an assessment to take stock of all the organization’s disparate data sources and locations. Next, a “governance committee” along with content classification tools can be used to categorize information in a manner that supports particular business unit functions. This process helps bring about greater organizational awareness of information assets and establishes more accurate information asset values. The final step is establishing rules and procedures that will reinforce and maintain information governance across the enterprise.

It’s important to recognize the alignment of the CDO and the Chief Information Security Officer (CISO) regarding this objective. “We need to understand the core goals of security, which are to provide availability, integrity, and confidentiality (AIC triad) protection for critical assets. While they share this end goal, the CDO is tasked to expose business value and drive revenue from data, while the CISO is focused exclusively on security. The relatively new role of CDO is often perceived as a threat, but this foundational objective will ultimately give them common ground to work in harmony.


Re-imagining how the business can better serve customers in our new digital reality is the essential role of the CDO. As reported by Gartner in a 2018 study, Success Stories of CDO’s Driving Business Impact, 58% of the highest performers stated driving new solutions as their primary focus. Understanding the relationship between enterprise information and potential business value is of primary importance. “Moving the data office out from under the IT function sends a message that information management is a business function, rather than a technical one”. To ensure the proper focus of business innovation, it is highly recommended that CDO’s report to CFOs or CEOs and not directly to IT.

Uber remains one of the most familiar examples of the profound ways data-driven platforms can re-invent existing services. It is crucial for every business (big or small) that hopes to differentiate itself from competitors to be pursuing data-driven innovation strategies. Learning from outside case studies is an effective way of disrupting habitual thinking about your own information. The Board of Innovation provides additional digital transformation examples.


The CDO’s mission of finding and driving new revenue streams from organizational data adds a “viewpoint” to the CISO’s security mandate. Inevitable insights from this new focus will change the classification and valuation of data assets. Security objectives, priorities, and budgets, will shift to reflect this new reality. Investments will be redistributed to reflect both the risks and opportunities recognized by the CDO’s efforts.

Another, more specific benefit to the CISO is a more detailed accounting of personally identifiable information (PII). According to DocAuthority, “In a regulatory landscape where the onus is on ‘privacy by design’, the level of technical difficulty in addressing this issue will carry little weight in the courts.” The increased focus on governance and accounting of information as an asset supports the overall privacy, compliance, and risk mitigation efforts of organizations.


There are many evolving technologies that will continue to transform our thinking about the use of information and the protections it may deserve. A potential dichotomy to the alignment of CDO’s and CISO’s may be on the horizon according to Andrew Burt, Chief Privacy Officer and Legal Engineer at Immuta,

“Today, the biggest threat to our privacy and our security has become the threat of unintended inferences, due to the power of increasingly widespread machine learning techniques.”

As CDO’s scrutinize company data to find new value streams, they are often employing this tactic. Should future privacy laws shift in direct opposition to methods of inference, CISO’s could become the ‘watchdogs’ of ambitious CDOs.


The focus of this article is to familiarize the reader with the role of the CDO, their primary objectives and the challenges they face. The CDO must drive new revenue streams by leveraging organizational data with new digital capabilities to better serve customers. The first step is to identify, organize and govern the information so we can assign a value to these assets. Accomplishing these tasks helps us identify new value streams and mitigate risk. The advent of the CDO is new, but it will continue to proliferate quickly and soon become the norm.[/glossary_exclude]

recent posts

About the Author: Tom Motzel

Tom Motzel CIP is passionate about increasing awareness regarding the benefits organizations may gain from outsourcing IG strategy and implementation. Currently he is Principal, Consulting & Managed Services at Iron Mountain, IGDS. He may be reached at [email protected].