Toggle Menu
Request a demo Contact us Resources

Kathleen Randall, CISSP, CISA, GSNA – EVP North America, SureCloud


Has it already been more than a week since the Gartner IT Symposium/Xpo in Orlando? The messages from the conference are still resonating with the leaders we met at the trade-show.

This was my first of these annual IT Symposiums, and it was power-packed! The conference was a great mixture of both day-in-the-life education, IT strategy concepts, emerging trends, as well as inspiring thought leadership concepts to motivate “out of the box” thinking.



Here are the key themes that stood out to me:

Cybersecurity and privacy are top of mind.

Those at the previous years’ events shared with me that the level of interest in cybersecurity and data privacy dramatically increased this year. CIOs and CTOs far outnumbered the CISOs in attendance at this tradeshow, but the majority of conversations at our booth were about how their teams were managing cybersecurity risk, IT compliance, and data privacy.


It’s all about the data, how to use it to continuously improve.

At the conference, what we heard a lot was the word “platform.” But the keynotes, strategic, and innovation conversations were all about data and how to use the data to improve your business outcomes. This is absolutely relevant in Integrated Risk Management, the Gartner-named concept that is much more than its IRM Magic Quadrant Platform review contains. Ultimately, platforms are the means to the end–not the end. The end is about the data. Airbnb, Rent the Runway, 23andMe, Google, and even Gartner, at their core, are all data companies. They harness data to change the customer’s life by bringing ease, time savings, better decisions, and value that they did not realize before.


Many companies still struggle to understand “risk”.

Many talks at the Gartner conference focused on enabling the CIO to have an influential conversation with company executives to push the digital transformation agenda. However, the challenge is that many executive leaders still don’t fundamentally understand what “digital risk,” “cybersecurity risk,” and other IT-related risks mean.

During Sam Olyaei’s excellent presentation “Five Questions on Security and Risk That CIOs Must Be Prepared to Answer at Your Board Meetings”, I sat next to a CIO at a midsize healthcare provider. He is educating his management team first on the meaning of IT risk before he can set up the argument to justify the investment. I have worked in the field of IT risk, audit, and compliance for almost 20 years, and I will say anecdotally: yes, more and more organizations are risk-aware and risk-minded. However, most companies are still focused on the operational risks like regulatory risk, supply chain risk, etc. As vendors in this space, it’s our responsibility to make this advancement of risk insight easier on companies.


Malcolm Gladwell: “Digital transformation for disruptive technologies takes years, even decades”


I’ll preface what I’m about to say that in full disclosure, I’m a huge Malcolm Gladwell fan. As a data geek, I buy into theories that are fueled by data and research. Malcolm’s keynote presentation cited numerous examples of where game-changing advancements in innovation and technology took years, and in some cases, multiple iterations, to take hold and become commercial. ATMs took 20 years to be accepted as mainstream banking. Audiobooks took Gladwell himself 20 years to figure out how best to market and monetize this medium for his publications. Why? Game-changing technologies don’t have a “strategic home.”We don’t know how to use, market, and sell these innovations because there is not a precedent for the model. Gladwell challenges us to ensure that we think differently about new disruptive technology. We can’t assume the status quo for a new innovation’s business and consumption model will apply – as many times they don’t.


Leaders have a social responsibility to evolve what “good” looks like.

Jennifer Hyman, CEO and co-founder of Rent the Runway, and one of Time Magazine’s 100 Most Influential People also gave a memorable presentation. At the time of this posting, she is a young CEO of a company valued at $1 billion. Most importantly, she also recognizes that as the CEO of a growing company, she has an opportunity to influence the lack of equality in American society today. As described in this New York Times opinion, she realized it was fair practice for companies to offer full company benefits to salaried employees, but not to field, plant or manufacturing workers. She said on stage, “We already have inequality within companies. It’s called compensation. My compensation is much higher than a warehouse worker. And it should be because I am the CEO. But what I felt uncomfortable distinguishing between is the value in my humanity. I don‘t think that my having a child is more important than any person in my organization having a child…”. Rent the Runway now provides equal family leave, sick leave, and sabbatical benefits to all workers in the company. This is what she felt was the socially and morally right thing to do, but she also found that their staff attrition rates declined, and employee productivity increased as a result.



Learning how to fully utilize a Gartner Magic Quadrant.

Several Magic Quadrants were launched at Expo; Solutions for IT Risk Management, Cloud Infrastructure, Integrated Risk Management. Most companies use these analyst reports to simply choose to evaluate the top right “leader” solutions and then down-select a vendor from there. I heard firsthand from a CIO in the market for a risk management solution how this scenario plays out. He simply decided on an industry “leader,” and now greatly regrets that decision. He wishes he’d been more careful in shortlisting vendors utilizing more of the tools Gartner provides. Solution seekers do not realize they can filter the Magic Quadrant how the solutions stack rank against their own needs.

Bottom line – Magic Quadrants are a powerful tool in your quiver to cut through vendors’ marketing messaging, but only when you use them appropriately.

It’s been wonderful to hear from our colleagues and peers during the Expo and afterward as we continue the discussion. I look forward to next year where we will see what data and risk management trends have taken hold in the next 12 months and see where the IRM market evolves.


About SureCloud

SureCloud is a provider of cloud-based, Integrated Risk Management products, which reinvent the way organisations manage risk. SureCloud’s products and services are underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to support existing business processes without forcing organisations to engage in costly business change programmes. SureCloud has been recognized in the 2019 Gartner Magic Quadrant for Integrated Risk Management Solutions.


How can we help?