In 2015, Mary Cecola, CIO of Antares Capital, was faced with a dilemma.
At the time, the middle-market private equity firm was a unit of GE Capital. Then GE decided to sell Antares to the Canada Pension Plan Investment Board (CPPIB) in a deal valued at about $12 billion.
"There were some unique challenges with the Antares divestiture," Cecola says. "The Antares infrastructure was all run by GE. We had an 18-month transition services agreement. I was brought in four months into that. I was the only IT employee, and my goal was to ensure Antares was a standalone business by February 2017."
Part of the transition agreement was the understanding that Antares couldn't run dual networks. GE's IT would pull out on a Friday and Antares' new IT shop would be up and running on Monday when employees came in.
"Security, printers, desktops, phones, Wi-Fi ports — we had to put that all in on a weekend across five different cities over a period of seven weeks," Cecola says.
As a result, Cecola was faced with the rarest of cases for most CIOs: greenfield infrastructure, greenfield technology and a greenfield staff.
"Greenfield was a real responsibility," she says. "I didn't want to build things that would be safe and comfortable. I didn't want to create technical debt for the organization."
Cecola felt it was essential to build an infrastructure for Antares Capital designed to support mobility. She notes that Antares deal teams can move through and close a deal in six to eight weeks, and they need their technology and applications to support that.
The only way to make it happen was to go cloud-first. Cecola plotted her first steps with care.
Step one: Security
On the hiring front, her first move was to recruit an information security officer, as being entirely in the cloud required layering security all the way through its implementation. Cecola wanted security laced into everything her new team would build and design.
"You want an information security officer that's able to design security from the bottom up, be a key part of discussions with the team, and able to talk to regulators and auditors, align with those groups," Cecola says.
To thrive, she says, an information security officer with a cloud-first mindset must be able to move away from discussions about whether the cloud is safe and instead be freed to work with stakeholders to understand what is necessary to ensure the organization is safe and then take steps to meet those specific needs.
From zero to infrastructure, with an assist from managed services
Meanwhile, Cecola had to get started on Antares' new infrastructure. She wanted her new team to focus on applications — things that change the business — rather than running the business. She opted to bring in a managed services provider (MSP), Avanade, to take care of the infrastructure components.