Critical Event Management, Cybersecurity, Risk Intelligence

Managing Risk and Resiliency: A Fireside Chat with Former U.S. Federal CIO Suzette Kent

By Shannon Gallo

OnSolve Nexus 2021 brought customers together for a two-day virtual conference focused on managing uncertainty this year and beyond. OnSolve Chief Marketing Officer Sue Holub sat down with keynote speaker Suzette Kent, former U.S. Federal Chief Information Officer, for a fireside chat and customer Q&A session. What follows are the highlights of their discussion.

Sue: When you look into the future, what ways do you think AI-powered technology will be used across government agencies and organizations to mitigate crises or solve problems on a large scale?

Suzette: When we looked at some of the processes involved in the pandemic, such as vaccine distribution, healthcare and unemployment, we realized getting those legacy systems to scale to unprecedented volumes and share information just took too long or did not work. In places where we could, we accelerated the process with advanced, modern technology and the use of data. The pandemic gave us an opportunity to leapfrog some of those legacy situations. We also realized the importance of data reliability. For critical services delivery, we need a modern platform at the ready that is scalable, flexible and resilient, as well as easy to use.

Sue:  If you were working with one of our customers as a consultant today, what would you tell them are the key ingredients to maintain resilience in the face of digital disruption or other kinds of threats?

Suzette: It’s having modern systems that scale, having access to information and having a workforce that understands those systems. Also, having a delivery platform that doesn’t require significant training or complex onboarding. It has to let you be nimble, regardless of the situation.

Another important thing we saw is having risk intelligence to understand the risks to your employees, your customers and to the services you deliver. When you have flexibility and you’re monitoring those risks, you have more time to react, and you can reduce the likelihood of negative impacts.

Sue: What strategies can we use to overcome the hesitancy (to use AI) due to the fear of tracking, privacy intrusion, etc.?

Suzette: That gets back to the data-trust equation and ensuring you are confident in how the information will be used. Especially on the government side, we spend a lot of time talking about privacy laws and the purpose of data collection. It’s really about achieving and communicating clarity of intent, so that people understand that the data will be used to help someone, to prevent loss of life or to keep someone safe. I expect we will see other advances in technology that support individuals’ ability to have more control over their privacy.

Sue: What are your thoughts on communications, planning and execution of community messaging during the COVID pandemic? Early on, there was some public confusion regarding trusted information at all levels of local, state and federal government. How do we use technology to better inform impacted communities?

Suzette: We always have to ask: Does the platform from which you’re consuming information have a defined purpose to inform you? Also, does that platform have a responsibility as to how they inform you? In some instances, there were actually disinformation campaigns. Because of this, one of the critical discussions revolved around how to find reliable data. It goes back to that data-trust equation. We always have to ask: Is the communicator sharing information with you in a way that has high integrity and a defined purpose?

Sue: How do we move forward with combating cybersecurity problems across the U.S. and globally?

Suzette: One of the things I’ve been an advocate for in both the public and private sectors is this: don’t ever think of cybersecurity as a finite project. It is a discipline and something we must consider every day. What became really important during the pandemic was learning to treat cybersecurity the same at home as you do at work. I would see people work in a secure environment and follow every protocol, but then at home they wouldn’t have their router password-protected, and they’d keep sticky notes with all their passwords written down. Human behavior is the hardest part. But there are also things we could do with technology to strengthen identity and access. The cybersecurity challenge will not stop. But that means how we manage access, how we protect data and how we authenticate an individual will need to continue to advance.

Sue: How does one retain a position as a trusted source after a loss of trust in the data being presented?

Suzette: I’ll go back to transparency and authentic communications. In almost any situation, you know the first information that you get is incomplete and sometimes absolutely wrong. The important thing is to be transparent. Communicate what you know, with the caveat that it is not complete and there will be more to follow. You want to establish that you are acting with purpose to ensure your people take measures to be safe. Transparency and being authentic in clarifying what you know and what you don’t know should be the basis of all strategic communications.

Sue:  OnSolve serves a wide variety of organizations. We have customers from industries as diverse as government, healthcare, consumer packaged goods, etc. As someone who has worked with a wide variety of organizations, including in your recent role as CIO for the federal government, what’s the common thread across these organizations when building resilience?

Suzette: It should be driven by the mission the organization is on and the people they are serving. In both government and the private sector, I’ve been fortunate to see so many people who are absolutely passionate about their mission. They want to delight their customers. They want to bring value to their constituents. They want to do things that help their customers’ businesses be successful.

That purpose should be what drives your priorities. It should guide not just resiliency planning, but also overall business operations. It helps you answer questions like: Where might we have to make a trade-off? What risks are we going to monitor? How impactful will they be to the outcome we’re trying to achieve? These are important dialogues. The companies who have been most successful, regardless of the situations they’ve encountered, have their core values driving all the actions they take.

For a detailed look at the pillars of resiliency, read the recent guest blog by Suzette Kent.