Why CIOs need to look beyond just ‘keeping the lights on’


3 May 2024

Ravi Malick. Image: Box

Ravi Malick discusses his role as global CIO at Box and why CIOs need to combine business and tech expertise in today’s threat landscape.

Ravi Malick is the SVP and global chief information officer (CIO) at cloud storage company Box. Prior to joining Box, Malick had experience across varied roles, including as SVP and CIO at Vistra Energy.

In his current role, Malick has dual responsibilities. Half of his focus is on internal operations, where he oversees IT and security measures. The other half consists of collaborating with customers, sales teams, product development and marketing teams.

“This split is what attracted me to the job,” he says. “However, internally, my CIO responsibilities primarily revolve around three core objectives: how to minimise risk, how to maximise value and how to manage cost.”

What are some of the biggest challenges you’re facing in the current IT landscape and how are you addressing them? 

A constant challenge is the pressure to keep costs down and for the last couple of years, that has been a primary focus of CIOs as macroeconomic trends have combined to create headwinds for many companies. Attention on efficient operations, reduction of technical debt and extending the life of existing assets have been the themes; however, it appears that an AI-driven shift towards investing in technology to unlock innovation and competitive difference is re-emerging. This requires the role of the CIO to expand far beyond traditional IT initiatives and ‘keeping the lights on’. As we face new challenges presented by generative AI and an ever-widening security threat landscape, CIOs must continue to adapt and evolve by combining both business and technology expertise to drive modernisation and protect against cybersecurity threats at all levels of the enterprise.

When it comes to managing the technology stack, CIOs have to strike a fine balance. The best-of-breed approach to technology that has evolved over time and been fuelled by the wide and easy availability of software, has created application sprawl. It is essential to understand that every application represents not only an entry point into the environment, but also one or more skillsets which must be possessed. More applications equate to more attack surfaces and greater costs to manage, resulting in a higher risk profile. The approach of solving every problem with a new application looks less like innovation and more like dysfunction.

For this reason (and others), the concept of simplification and consolidation in the tech stack continues to gain momentum – almost like a backlash against the abundance of SaaS. Still, you’re going to have some degree of application diversity. The trend I’m seeing is technology leaders analysing where they need agility (the latest and greatest) versus where they need stability (core products that you know you’ll use long-term). Consolidating and standardising where you can, while maintaining or even gaining a competitive edge in your market, is the goal and this dynamic is probably here to stay.

Click here to listen to Future Human: The Series.

What are your thoughts on digital transformation in a broad sense within your industry?

Digital transformation is part of the reason why I do this job. I love the pace of this industry – the pace of change, the pace of problem-solving and the pace of innovation. It feels like a big jigsaw puzzle and we’re all trying to figure out how everything fits together. Over the last 10 years, the tech industry has seen incredible disruption across the board and it’s only accelerating with AI.

At Box, we’re currently investing a lot of our energy in AI and ECM (enterprise content management) capabilities for the platform which is translating into use cases which will solve multiple business problems such as enterprise (not just IT) helpdesk, contract management for both customers and suppliers, and employee performance management – the possibilities of AI to drive both growth and scalability of the business increase with each passing day. My approach is to explore the possibility of using AI to do anything and everything right up to the point of human decision-making.

‘An AI-enabled bad process is just a bad process that runs faster’

What big tech trends do you believe are changing the world and your industry specifically?

It’s no secret that AI is a hot topic and is going to continue to be an area of sustained growth within the tech industry. However, CIOs must consider the benefits and implications carefully before looking to deploy within their organisation. While generative AI can definitely provide businesses of all sizes a way to scale, it’s not a silver bullet for organisations’ efficiency issues – an AI-enabled bad process is just a bad process that runs faster.

AI, particularly generative AI, has an inherent ability to extract profound value from content, but before this intelligence can be tapped into and extracted, you have to take a step back to look at content or ‘unstructured data’ from a strategic viewpoint. Organisations generate vast amounts of data – and 90pc of data is unstructured according to IDC, which predicted organisations would generate 73,000 exabytes of unstructured data in 2023 alone. Unstructured data is data within audio, video and documents such as sales presentations, corporate policies, financial projections and brand assets. It makes up the vast majority of data within an organisation but both its intrinsic and extrinsic value extends beyond just search.

Having a content strategy in place that helps unlock this value is what IT leaders should be thinking about, and I’m confident doing so will end up supercharging productivity for businesses. This is an urgent challenge for companies as they grapple with growing information silos, time spent on duplicated work, along with increased risk of security and compliance threats from sprawled content. Organisations who prioritise, manage and secure unstructured data will gain a distinct advantage, and those who don’t will be left behind.

‘The volume and sophistication of threats evolves every day, and it keeps CIOs and CISOs up at night’

What are your thoughts on how we can address the security challenges currently facing your industry?

Tangential to the greater conversation about AI is the issue of data security and privacy. In the midst of a fast-paced roll-out of AI, CIOs have to ask themselves, “Is my data secure? How can I be sure it’s not being leveraged by competitors to train their own models?” Right or wrong, there’s a lot of consternation about that topic, and who has access to data in general.

It will be interesting, as this space continues to evolve and develop, to see if public AI models become more tailored to specific industries and verticals, more focused in their areas of discipline. As they do, security and data privacy will have to evolve as quickly as the AI space itself.

Globally and regionally, there are nuances (and sometimes stark differences) in data privacy and residency rules. This is a very complex environment for a global company to navigate, because it can so easily go sideways. The movement of data as it relates to personal privacy is also incredibly important as we see more regulatory response in reaction to public concerns about how data is being used within AI models and in general.

The volume and sophistication of threats evolves every day, and it keeps CIOs and CISOs up at night. The more data you collect, the more risk you’re exposing yourself to, whether that’s legislative, regulatory or security-based. This year, I predict that data collection will get increasingly scrutinised and be something companies need to think hard about. We’re already starting to see a pushback on data collection, and that will absolutely continue.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.