Digital Transformation Advice for CIOs and CISOs


by Wendy Pfeiffer

| min

Wendy Pfeiffer has been delivering operational excellence while driving IT innovation for the past two decades in her roles with Yahoo, CISCO Systems and Go Pro. Now CIO at Nutanix, a leading Cloud Transformation specialist, Wendy gives her expert opinion on how to successfully deliver innovation while maintaining security and operational resilience.

How CIOs and CISOs are Having to Adapt as FS Firms Race to Modernise

The concept of digital transformation is pretty much at the top of the agenda for almost all financial services firms. However, in order to understand how CIOs and CISOs should approach this challenge we first need to understand what is really meant by digital transformation.

In my view it can take three forms:

  1. creating application capabilities that didn’t exist before and offering them to customers and prospects 
  2. changing the mode in which we operate from on-prem to public cloud
  3. or changing our perspective in terms of how we run and secure our applications in our data.

It’s this last mode that puts pressure on the traditional CIO and CISO roles. Especially when we think about the various modes in which applications are developed and run.

Traditionally in I.T, applications were developed in a mode that assumed that there were fixed infrastructure capabilities and applications had to be good citizens, citizens in terms of their use of infrastructure capabilities such as storage, compute scale and so forth.

In public cloud, applications are not built to be constrained around those infrastructure resources. But instead, applications need to scale out, particularly as they’re being accessed by a potentially much broader scale of mobile users.

Bring those things together and we start to think about using DevOps approaches to build applications that we want to run native in public cloud. We think of traditional software development and traditional infrastructure operations approaches for developing applications that run on premise.

Each of those starts with an architectural premise that then requires different security considerations and different security architecture.

So now as we’re running in this mixed mode you find that you can’t pour new wine into old wine skins, just as the old method of securing the perimeter and establishing a DMV did.

This mixed mode brings new questions which we need to find answers for. What is the DMV in a hybrid mode? What really is the perimeter in a mobile to core mode?

So, what we see is the CISO role itself changing.  But what we also see are additional roles and additional locations for those roles.

At Nutanix I have a CISO who reports to me in the corporate I.T. sense. We also have a Chief Product Security Officer who reports directly up to senior leadership, who’s responsible on the product side.

We’re starting to see this model become highly relevant for FS companies which offer products that need to be secured, as well as internal corporate systems.  

The bottom line is digital transformation is coming to that CISO role. This means that the modern CISO needs to have global data privacy expertise and understand these mixed modes.

The Need for FS to Work Within Their Ecosystems 

Financial services firms have a deep expertise in their own ecosystem. They understand how the ecosystem of applications and technologies and cloud is currently balanced. And one of the things that’s important when you introduce new technology or when you adopt new ways of working is to ensure that the new entrant doesn’t overwhelm the  ecosystem, that there is still plenty of resource for all of the key players, that things are balanced, that the new player integrates well.

One of the most useful things for me has been to understand the dynamics of my existing ecosystem and then to create controls that ensure that as I introduce new technologies or new modes of working into that ecosystem, that they’re essentially obeying the rules.

By obeying the rules, it gives us an opportunity to judge their true effect, to tune things that we need to tune.

To draw an analogy from nature, mammals were introduced into the dinosaurs’ ecosystem and at first, they were nothing but a little distraction. But eventually they ended up eating all the food and taking all the fuel.

So firms need to be conscious of the transition, be conscious of the health of the ecosystem and then ensure that you still have the right things in place to support your financial institution with all the vagaries and changes in today’s market climate.

Building the Foundations for a Cloud Strategy That Can Grow with Your Needs

If you think about your hybrid cloud, it’s like a house and the foundation of that house has to be strong. In particular, it has to be strong as the house grows and as it expands.

Here at Nutanix we offer three things that create that strong foundation.

The first is an operating system that runs well across every mode. That could be hardware from Dell, Novo, HP, or IBM Power, which all also run well in public cloud such as GCP or AWS.

This means that you need that common substrate – or the foundation layer. This second layer is the hypervisor. Hypervisors are incredible. They allow us to make very efficient use of hardware or physical resources.

Equally if you’re operating infrastructure in a hyper converged mode, then you need a hypervisor that is both aware of the capabilities of that hardware and operating system while also being aligned with them architecturally.

The last layer is having visibility and control of that foundation. Here at Nutanix we have a product called PRISM which gives visibility across any of those systems that are running AOS and AHB.

That visibility allows us to understand use of system resources, health systems and to dynamically expand and extend those things. So, having that common foundation does some incredible things.

It relieves our people from the responsibility of having to understand multiple technologies, multiple hardware, multiple modes, storage, networking and computer systems.

The second thing it does is it ensures that management is much more streamlined and then ultimately as well, it gives us a common substrate against which to integrate.

Now we think about building the money part of that house. Nobody cares about the foundation really. When we move into the house, we want to play in the media room, or we want to have gourmet meals in the kitchen.

So, those rooms are akin to the business services that all of us are trying to deliver. We want to make sure that as those capabilities expand the foundations were built to last and can accommodate our needs.

It’s not about going to set it and forget it but making sure its built correctly and will withstand the pressures that the world puts on our businesses.

Following holding senior positions at CISCO Systems, Yahoo and Go Pro, Wendy Pfeiffer is now CIO at Cloud Transformation specialists, Nutanix.

© 2021 Nutanix, Inc.  All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.