Top Strategic Priorities for CTOs

The Bocada Team | September 12, 2017

We see three big trends receiving laser focus from CTOs: cybersecurity, enterprise digital transformation, and regulatory requirement compliance. While these challenges are diverse, they all rely on flawless execution of one core technical competency: enterprise data protection. Nailing data protection is a ‘non-negotiable’ issue for technology organizations. Before taking on these three key strategic initiatives, CTOs must have confidence in their data protection operations. Having the right reporting and operational oversight can be the difference between bulletproofing your IT infrastructure and leaving it completely vulnerable. 


Experts predict that cyberattacks will cause economic losses in line with catastrophic natural disasters like Superstorm Sandy. The enormous costs of cyberattacks – reputational, stock, customer, operational and remediation – moved cybersecurity and incident response planning into the Boardroom. CTOs are now required to report on the state of their corporation’s data backup and recovery capabilities as part of intensified cyberthreat protection efforts.

The June NotPetya cyberattack led Merck and FedEx to announce that financial projections might not be met due to the cost of fixing affected systems. In fact, as of early August, Merck was still struggling to entirely restore manufacturing, packaging and active ingredient operational systems and processes frozen by NotPetya.

CTOs recognize that having a data protection policy is no longer enough – they need accountability throughout their IT operations. Having enterprise reporting systems in place that regularly audits data protection operations will allow CTOs and IT staff to focus on higher priorities around cybersecurity. Getting clear reporting is the difference between having a disaster recovery plan and verifying disaster recovery operations.

Digital Transformation and Cloud Migration

IDC estimates that as of 2017, 65% of large global enterprises have committed to a digital transformation (DX). CEOs lean entirely on their CTOs to devise this approach from scratch, no small feat considering that this involves the assessment and integration of systems, technologies and processes across all levels, departments and geographies in which an organization does business.

The speed at which this transformation is happening – or expected to happen – is staggering. IDC’s 2016 Datacenter Survey found that organizations expect their data volume to grow by 52% in the next 12 months! Technology organizations in huge corporations are expected to add capacity, technology-enabled new business processes, and leverage new infrastructure simultaneously. This complexity and need for speed puts pressure on technology organizations and creates risk. With all these moving parts, data protection can be overlooked.

Making data and platform decisions requires a sound foundation in data protection. Without an automated process in place to monitor your data protection operations, you’ll be flying blind on the impacts of your DX initiatives. Getting reporting in place before making such large changes will give you benchmarking opportunities as well as more confidence in the ability to roll back changes if something goes wrong. If you are moving your data from a physical infrastructure to the cloud and your backup volume suddenly doubles – or worse, cuts in half – you need to know!

Meeting Data Compliance Obligations

In addition to delivering on business growth objectives and cybersecurity, you are faced with the ever-present need to comply with government regulations. Consider the European Union’s General Data Protection Regulation (GDPR), a law instituted by the EU to strengthen data protection for all EU residents. Under the GDPR:

  • Article 32 requires that organizations have data backup and restoration capabilities readily available in the event that data is lost, altered or breached; and
  • Individuals have a “right to erasure,” in which consumers can demand you delete all of their personal information. This rule requires your company to prove every data instance has been deleted, including backup copies.

GDPR compliance has many twists and turns, some of which addresses knowing what you have backed up, and where it’s stored. Without systems in place to report on your data backup at an enterprise level, you’ll never know how well your company complies with this portion of GDPR regulations. The penalties for non-compliance can be harsh. Organizations caught non-compliant by May 25, 2018 can face fines as high as 4% of annual revenue.

The Bulletproof CTO

Of course there is no way to bulletproof your technology office. Cybersecurity, digital transformation and regulatory requirements are complex initiatives that affect every aspect of what you do. But the buck stops with the CTO – you will be in the hot seat if things are missed or mistakes are made. Give your team the tools to make sure data is protected and then maintain accountability through executive level enterprise reporting. As you execute on these seismic shifts in technology operations, we encourage you to ask:

  • How can we achieve greater accountability from, and visibility into, our data protection operations?
  • How can we automate audit and regulatory compliance reporting obligations?
  • How can we gain visibility into the entire enterprise data protection environment, independent of geography, organization, and backup tool?
  • Do we have the capability to validate backup infrastructure and process investments while showing ROI over time?
  • How can we spin up reports at a moment’s notice to respond to any data crisis or audit request?

Are you unsure of how to answer these questions? If so, we encourage you to schedule time for a personal demo of the Bocada system. When tested in your native backup environment, you’ll see right away just how healthy your backup systems and protocols really are.