Matthew Jamison, Principal, The Gunter Group April 2, 20254 Min ReadCharlotte Allen via Alamy StockIts never been harder to be a chief information officer. You have the demands of major digital-transformation projects that far too often fail to fully deliver on their promise. You have the give and take between user convenience and IT security in an era when, thanks to ransomware, breaches have never been more costly. You have talent gaps and budget limitations.And, you have unremitting requests from business units amid the emergence of generative AI, which has had the effect of releasing squirrels at a dog show.So, its no surprise that, while infamously short CIO tenures seem to be marginally longer than they were a few years back, their departures are often someone elses idea. How can a CIO avoid that fate?Dont try to be a technical wizard. The CIO job is mostly about communicating. You dont make it to the C-suite without proven technical skills. That background remains indispensable. But the CIOs job is to deeply understand the businesss goals and then guide the selection, implementation, and acceptance of technological solutions that best help the organization achieve those goals.The business environment is in constant flux. Technologies quickly evolve. Knowing the business requires constant dialogue with C-suite peers as well as business-unit leaders. That means taking the initiative to reach out to and drive strategic conversations with leaders across the organization to deeply understand what their functions do; what they hope to do; how theyre using technology; and how all that contributes (or may one day contribute) to the organizations overall strategic goals.Related:However, to grasp the technological state of the art, CIOs must rely on the deep dives of trusted IT architects and other specialists. Only then can CIOs serve as trusted intermediaries between business and technology experts. So, regardless of ones background, a CIOs communication skills and political savvy are vastly more prized than their technical knowledge.Also, a CIOs technical upbringing can color a worldview in unproductive ways. A CIO who came up through data-center management and infrastructure may be prone to invest in performance past the point of economic return. One who grew up in development may pour more money into custom solutions and user experience than pays off. Staying laser-focused on the companys strategy and business goals while understanding -- and communicating at a conceptual level -- how evolving technologies can meet those goals lets CIOs grow beyond their own backgrounds. Thats good for the company, and for the CIO.Related:Focus on strategy. That takes ruthless prioritization. Marketing wants a new automation platform. Finance and operations want a new security app. Product wants custom development for an R&D project. Business development wants IT due diligence for a prospective acquisition. Sales wants a new lead-generation system. Operations wants a new messaging app.Each may be a good idea in isolation. But approving them all would overwhelm the IT group even if one could budget for it all. Yet, so often, the CIO says yes, yes, and yes. Thats overpromising, which is a guaranteed path to underdelivering, disappointing and throwing the CIOs competence into question.A focus on strategy is crucial here. What is technologys role in the business? Unless youre a Spotify or a Netflix, technology is not what the business does, but rather an enabler of what the business does. For example, with a financial advisory firm, finding new customers to advise is the lifeblood, so it makes sense to invest in and support state-of-the-art analytics and lead-generation capabilities for the sales team and to hold off on that new messaging app for operations.Say no, then explain the strategic business reasons why. Vivid explanation must accompany ruthless prioritization. This takes us back to the importance of communication. Failing to deliver on too many yeses can doom a CIO. But saying no (or, with good ideas that rank as lower priorities for the time being, not yet) will disappoint, too. That can sour a business unit or administrative functions relationship with IT. At its worst, it can lead to rogue installations that bring security risks and maintenance nightmares.Related:The way a CIO avoids this is, yet again, by evangelizing the IT organizations alignment with the companys overall strategic goals. That means being firm and factual about where a rejected or waitlisted project sits on the long roster of prospective projects -- and why the ones above it are more important to the businesss success.It may mean describing the need to engage external partners or bring in outside resources. It certainly means explaining that each new system or API represents a long-term commitment of money and attention. And it could even mean reminding people that trying to deliver for everyone runs the real risk of delivering for no one.Failure to deliver due to impaired strategic vision, compounded by poor communication, is bad for the business and everyone involved. By constantly communicating, ruthlessly prioritizing, and focusing on projects that make the most strategic sense for the business, CIOs can make the right moves for their companies and help ensure that, when they do depart, they do so on their own terms.About the AuthorMatthew JamisonPrincipal, The Gunter Group Matthew Jamison is a principal at The Gunter Group, a management consultancy based in Portland, Ore. The former IT solutions architect helps CIOs and technology leaders align their efforts with enterprise strategy with a results-oriented understanding of the intersection between reality and architectural theory. With over 20 years of functional information technology experience, Matt is an expert in mapping technology solutions to business needs, with experience that spans multiple industries, including healthcare, telecommunications, and security and software.See more from Matthew JamisonWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Vendor relationships have been changing over the years, with more vendor organizations becoming consultative in nature. For decades companies have been adding a service arm to expand their share of wallet, a KPI that doesnt necessarily benefit customers. The ultimate test of a vendors value is the business value realized as the result of the partnership.Vendor relationships are more important than ever before, says AJ Thompson, chief commercial officer at IT consultancy any Northdoor. With technology solutions now so complex and constantly changing, he says you can't underestimate how important solid relationships between organizations and vendors have become. This is true in several ways. Tech is getting more complicated by the day, so vendors who really know their stuff are worth their weight in gold. They share knowledge and provide the support you just can't get elsewhere.One of the big benefits of a strong vendor relationship is that enterprises get early access to new technologies and features, which helps chief information officers stay current. Its also important to have trustworthy vendors that maintain decent security and compliance amid increasingly complex regulatory landscapes.When youve found good relationships, you end up with solutions that actually fit your needs and more wiggle room during implementation, says Thompson. Plus, when things go wrong -- and they always do -- problems get sorted much faster when you're on good terms.Related:Trust is the necessary foundation, which is built through open communication, solid performance, relevant experience, and proper security credentials and practices. [P]eople buy from people they trust, no matter how digital everything becomes, says Thompson. That human connection remains crucial, especially in tech where you're often making huge investments in mission-critical systems.For example, when Northdoor was implementing a complex solution for a client with an extremely tight deadline and hit a snag, its primary vendor's account manager brought in the senior engineering team within hours to resolve the issue.[That account manager] knew our business well enough to understand the stakes and trusted us when we emphasized the urgency, says Thompson. That kind of responsiveness simply doesn't happen with transactional vendor relationships. In fact, the client later mentioned that watching how our vendor partner responded during that crisis gave them more confidence in our overall solution than any sales presentation could have.Related:AJ Thompson, NorthdoorThats why Thompson invests significant time in regular face-to-face meetings with Northdoors key vendors discussing products and roadmaps and the people behind them.Vendors who don't hide their limitations and are upfront about their capabilities tend to earn trust quickly. Meeting SLAs consistently matters enormously, says Thompson.Those who [understand] the specific challenges of your industry are gold dust, particularly in IT and cybersecurity where proper security practices and the right certifications make all the difference to confidence levels.Ashish Malhotra, president at management advisory firm Ampalyst Advisors, says selecting a vendor and executing a professional services agreement is relatively straightforward, but getting it wrong is prohibitively expensive.In todays dynamic technology landscape, vendor selection is more critical than ever, says Malhotra. As companies increasingly favor a buy over build approach, choosing the right vendors becomes paramount.Vendors can provide significant value in several ways, such as providing access to global talent and ecosystems, having the flexibility to scale resources up or down as needed, and shifting human capital from fixed to variable costs.Related:Vendors can also help their customers address in-house skills gaps and reduce managerial overhead costs. Importantly, customers can benefit from the industry expertise gained from multiple client engagements and innovative problem-solving approaches while ensuring adherence to proven methodologies and upskilling internal staff in emerging technologies. However, most important of all is trust.Trust is fundamental in partnerships, but in customer-vendor relationships, it must be paired with verification. Third-party governance is a critical function that should remain independent of the outsourcing arrangement, says Malhotra. Yet, many organizations make the mistake of allowing vendors to self-govern through dashboards, report cards, and operational meetings leading to weakened oversight.An executive-level technology governance framework helps ensure effective vendor oversight. According to Malhotra, it should consist of five key components, including business relationship management, enterprise technology investment, transformation governance, value capture and having the right culture and change management in place.Beneath the technology governance framework is active vendor governance, which institutionalizes oversight across ten critical areas including performance management, financial management, relationship management, risk management, and issues and escalations. Other considerations include work order management, resource management, contract and compliance, having a balanced scorecard across vendors and principled spend and innovation.Vendors that excel in these areas build greater trust, says Malhotra. Trust is not an abstract concept -- it is measurable through quantifiable performance indicators.Igor Epshteyn, president and CEO at digital product engineering company Coherent Solutions, believes as AI, cybersecurity, and compliance requirements are growing more complex, cooperating with a trusted vendor means having a partner who can provide up-to-date solutions.For businesses cooperating with IT vendors, it is crucial to choose digital engineering partners who have a proven track record and recommendations and, importantly, can guarantee strong cybersecurity measures, says Epshteyn.The Biggest Mistakes Vendors MakeOne of the biggest mistake vendors make is failing to drive tangible value for customers. Instead, the relationship is more transactional in nature, with the goal of upselling and cross selling products or solutions regardless of how the implementation will likely playout in the long term.Over-promising and under-delivering, poor communication, being stuck in their ways or vanishing after the sale absolutely kill trust and damage relationships beyond repair, says Northdoors Thompson. Vendors who refuse to adapt to changing needs are a write-off, and those who focus too much on closing deals rather than providing ongoing support won't keep clients for long.Ampalysts Mahotra says one of the biggest mistakes vendors make is bundling their services into rigid, all-inclusive packages that customers cannot easily modify. This includes offering a 2% innovation credit that customers do not know how to utilize, embedding proprietary portals and tools that cannot be decoupled if the customer terminates the contract and structuring contracts that lock customers in rather than fostering loyalty through performance.Ashish Malhotra, Ampalyst AdvisorsWhile [bundled services] are marketed as value-adds, they often function as exit constraints. As customers mature in their procurement strategies, they prefer vendors who win future business through high net promoter scores and strong performance -- not those who rely on contractual entrapment, says Malhotra. He says that while customers must ensure vendors are not earning excessive margins, sustainable partnerships require vendors to maintain healthy profitability. A well-structured engagement should be mutually beneficial rather than a race to the lowest cost.Coherent Solutions Epshteyn says missteps in communication, unresponsiveness, and overpromising are quite common.Clients should receive regular feedback, and their issues should be addressed as soon as possible by a dedicated account manager, says Epshteyn. Vendors who aim to build long-term and trustworthy partnerships should make sure they deliver on their promises, set clear deadlines, and are transparent about challenges and changes.How CIOs Should Approach Vendor RelationshipsNorthdoors Thompson says CIOs should do their homework on both a vendors technical capabilities and how they treat their customers.Set clear expectations and measurable KPIs from day one so everyone's on the same page. Schedule regular reviews to keep things on track and nip problems in the bud, says Thompson. Try to create genuine partnerships rather than just transactions. Where appropriate, get vendors involved in strategic discussions [because] it leads to much better outcomes. And finally, put real time and effort into nurturing key vendor relationships. Theyre strategic assets that pay off tremendously.Ampalysts Malhotra says vendor selection should involve both threshold and comparative criteria. The threshold criteria are binary conditions that vendors must meet to be considered. Missing any of them should preclude a vendor from further evaluation. These criteria may involve environmental factors like political and social stability where the vendor operates, legal protections including robust regulatory frameworks and IP security, and company-specific requirements such as minimum revenue size, relevant domain expertise, compliance with industry regulations and talent availability.Once vendors meet the threshold criteria, they should be assessed using a ratings-based approach that considers the infrastructure and technology ecosystem, depth of talent and expertise, cost structure, and financial viability. Other important considerations include the labor pool size, literacy rates, and access to educational institutions as well as language and communication proficiency.Vendor selection is just the first step, says Malhotra. Managing these relationships is the companys responsibility and cannot be outsourced. This is where technology governance and third-party governance become essential in sustaining long-term, value-driven partnerships.As the tech landscape continues to evolve, strong vendor relationships become a critical differentiator.[Strong vendor relationships] not only help in navigating complex technological challenges but also drive innovation and create strategic value, saysThompson. By focusing on transparency, performance, and mutual growth, organizations can cultivate vendor relationships that significantly contribute to their success in the digital era."

John Edwards, Technology Journalist & AuthorApril 2, 20255 Min ReadYuri Arcurs via Alamy Stock PhotoWhen it comes to business and technology tasks, many IT leaders believe they can do anything. While this may be generally true, it also opens a potential trapdoor. Actually, no leader can work effectively and efficiently without delegating specific tasks to qualified team members. Over time, failing to offload routine tasks to subordinates will prevent the leader from focusing on other, critical priorities.Even when an IT leader recognizes the need to delegate tasks, failing to provide sufficient guidance can lead to delays, warns Pavlo Tkhir, CTO at digital transformation company Euristiq, in an email interview. This includes failing to set deadlines, task priorities, and project goals. "It causes confusion, which slows down the process and kills motivation," he explains.Failure to CommunicateClear communication is essential, says John Kreul, CIO at insurance firm Jewelers Mutual. He advises IT leaders to spend time with team members in small group meetings, one-on-ones, and town halls to build trust and confidence. "The goal is to create an environment where the leader can listen to feedback, take and answer questions, and, ultimately, drive clarity and transparency," Kreul states in an online interview.If goals aren't effectively communicated, team members will be prone to making incorrect assumptions. This can lead to trouble when the leader realizes that project outcomes aren't aligning with broader enterprise objectives. "It obviously causes delays, because the team will need more time to figure out what they need to do," Tkhir says. "On top of that, it can really undermine your authority as a leader and damage overall team dynamics due to lost trust."Related:Customer-CentricityA major mistake many IT leaders make is failing to develop an Agile customer-centricity plan, whether it's for internal or external customers. "It's the starting point and the North Star when there's a question about direction or next steps," says executive team coach Keith Ferrazzi, via email.Theres a difference between what's urgent, whats important, and what's both, Ferrazzi says. "Being able to focus attention on the most pressing and high-value tasks that make up a sprint -- a practice of breaking-down complex projects into smaller, simpler sprints of work -- is essential." This is the key attribute in the most successful Agile teams.Intelligent DelegationThe ultimate goal should be seeing team members self-assign tasks, identify potential roadblocks, and allocate support, Ferrazzi says. He also believes that IT leaders should allow their teams to hold fellow team members accountable. "In this way, the team adopts 'teamship,' with a contract of peer-to-peer accountability."Related:Without driving individual and team connectivity, and getting close to what's happening, it's impossible to understand how the team really feels, Kreul says. Actively listen, assess how well team members understand current priorities, provide feedback and, finally, self-reflect on your performance as a leader, he advises. "The ultimate harm is low employee engagement, which leads to poor customer experiences, inconsistent execution, and regrettable turnover."All AboardLogical task delegation is essential. "You should provide context on tasks by outlining the 'why' of it and articulating main requirements and goals," Tkhir says. "You need to set clear deadlines and expectations, including key metrics." It's also important to create a check-ins schedule throughout the task completion period, allowing team members to know when they will have an opportunity to have their questions addressed.A leader should set guardrails yet allow the team to own their tasks and drive execution. "Empowerment will drive ownership and foster a curiosity to learn versus being told what to do," Kreul says. "Task ownership will allow personal and team growth through learning by doing -- critical experiences for growth."Related:An effective way to ensure successful task delegation is to encourage feedback and rapidly act on necessary changes or improvements. A post-task analysis can also help team members feel engaged. "Run a review session, where the team can share their perspectives on how the project went in terms of task delegation and completion," Tkhir says. "This is also a good way to facilitate open communication within your team or company."Ferrazzi says that IT leaders shouldn't micromanage Agile teams, but ask strategic and reflective questions at review points, such as: What did we achieve in the last two weeks? Where did we struggle and why? What will we achieve in the next two weeks?Parting ThoughtsLet go of the perceived need to control -- trusting your people is often hard, but it will lead to engaged and empowered teams, Kreul says. "Recognize and put your people first," he advises. "Recognition reinforces the value of your teams work and motivates future contributions."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

IT executives are under ever-increasing levels of strain. Chief information officers, chief information security officers, and chief technology officers are responsible for managing growing threat levels while juggling skill gaps and talent shortages. Even as awareness of the very real threats cyberattacks pose grows, the average C-suite remains indifferent until a crisis occurs.Studies indicate that people in leadership positions are expected to be more resistant -- perhaps even immune -- to the stressors that result in mental health problems. But IT execs appear to be particularly vulnerable given the novel and tenuous nature of their roles.The narrative emerging from both academic research and media reports suggests that they are being crushed by unrealistic job expectations.According to one report, 78% of CISOs were seeking a new role due to the stresses of their job. Depression, anxiety, substance abuse and even suicidality are rampant at both the executive level and among their subordinates.Industry leaders and external observers are now looking at how to address these issues -- through both systemic change and individual effort. Here, InformationWeek investigates the state of mental health among IT execs and their teams. Andrew Shatt, chief knowledge officer and co-founder of meQuilibrium; and Lincoln Stoller, a software company founder and psychotherapist, offer their insights on the nature of the problem and how to address it.Related:The State of IT Exec Mental healthIT execs have begun to raise the alarm -- they are not OK. A toxic conflagration of factors has resulted in a typical work environment that frequently results in severe mental strain.An onslaught of cyberattacks, severe staffing, and skills shortages combined with indifferent C-suites have created a set of stressors that are nearly impossible to cope with.A 2024 report on CISO burnout released by Vendict found that 80% of CISOs were highly stressed and 61% felt overwhelmed by the expectations placed on them. The problem has been brewing for some time -- even a 2020 report by Nominet found that 91% of CISOs were suffering from moderate to severe job stress.These problems run downhill -- 50% of respondents in the Vendict report said that team members had left due to stress. A 2024 Hack the Box report found that 90% of CISOs were concerned about stress affecting their teams. Per a report by Yerbo, 42% of IT professionals are burning out and considering quitting their jobs.Causes of Mental Health DeclineRelated:An enormous suite of issues have contributed to the mental health crisis among IT execs.Working conditions are of course a major factor. Their leadership positions are often lonely. They are part of the C-suite but often have little in common with their executive peers -- who are more likely than not to dismiss their concerns. And they are responsible for hugely consequential aspects of the business, keeping it secure from threats and managing highly technical projects with little support.We may understand that theyre more important than we thought they were, Shatt says. But the distance between them and the rest of the organization creates a greater mental health risk.Their personalities also play into the equation. CIOs, CISOs, and CTOs are highly independent people -- and some lack interpersonal skills. And they may view their ability to meet punishing deadlines and crushing workloads as a badge of honor.I see the CIO -- and the whole tech department -- as needing to become more personally capable in dealing with people, because theyre not really able to be isolated behind a computer anymore, Stoller says. Too many people are involved. If you go to school to be a computer engineer, they dont teach you about mental health, they dont teach you about management.Related:Theyre probably less people people than most others in the organization. Theyre more perfectionistic. They have to be very precise in what they do, Shatt adds. That can put them at greater risk of burnout, because theyre really giving more resources than they have.Vendicts report suggests that funding and staffing difficulties play a huge role in driving mental health decline -- both for these execs and their subordinates. The challenges of maintaining functional technological ecosystems are complicated by resource shortages, leading to long hours and an increased likelihood of errors.Easy solutions are in short supply, but a number of steps can be taken to address this crisis.Increased Funding and StaffingWhile it is likely the most challenging ask for current CIOs, CISOs and CTOs, increasing their funding and staff resources would likely go the furthest in mitigating the factors afflicting their mental health. According to Vendict's report, 45% of respondents said that increasing their resources would alleviate some of their stress.Funding for parsimonious solutions, such as AI programs that might be able to automate tasks that must be done manually by analysts, might serve as a compromise. If AI programs are able to eliminate the need to analyze every report manually, cyber teams are then able to turn their attention to the most pressing issues.Investment in both technological and human resources has a cascading effect. Alleviating strain on staff by improving the tools they have to execute their tasks and compensating them at fair rates reduces turnover rate. Encouraging them to stay through regular training opportunities can further facilitate a cooperative and enthusiastic workforce.Their bosses can then concentrate on big-picture issues.Open DiscussionIT execs can start the conversation themselves -- encouraging the discussion of mental health issues among their peers and subordinates. By sharing their own struggles, they can create an atmosphere where others can do the same.A CIO at a Minnesota insurance company shared a video describing his mental health challenges and found that his colleagues began sharing theirs as well.These discussions need not be limited to mental health -- dialogue about working conditions, conflicts and management of projects is also helpful. These conversations are unlikely to be easy and result in immediate solutions, though, Stoller is quick to note.Were in the stage where were moving toward manifest failure. In that process, there will be some people who will be raising their hands and saying, We have a better way. But most people wont be listening to them, because they haven't gotten to the point of giving up their authoritative roles, he says.Still, attempting to dissolve top-down methodologies is likely a good starting point for addressing pain points for both execs and their staff.Encouragement of Healthy HabitsAs IT ecosystems adjust to the increasing strain, it is incumbent upon leaders to both adopt mindfulness in their work and encourage it among their subordinates. According to the Splunk report, only 36% of UK businesses provide mental health support to their cyber teams.In the absence of formal programs, IT leaders can facilitate discussions about proper sleep habits, taking breaks when needed, and awareness of symptoms of stress. Organizing workshops to discuss these approaches -- and what additional steps may be needed -- can create space for employees at all levels to figure out what works best on both the individual and team level.This should be approached carefully, though, Shatt cautions. If anyone is going to get turned off by the concept of self-care, its going to be people in an IT role, he says. He suggests framing advice in terms of lifts and drags: what reduces their working capabilities and what increases them.I would encourage people to engage with disorder, because thats where things are happening that you dont understand, and thats where you need to be involved, Stoller adds.

Lisa Morgan, Freelance WriterApril 1, 20255 Min ReadDave Meyer, Chief AI Officer, ReveleerIn the healthcare industry, compliance falls short as an AI strategy. Chief AI officers, CIOs, and CISOs need to prioritize responsible AI usage to minimize potential data breaches that could not only lead to fines and litigation, but also reputational damage.Its really a trust factor, says Dave Meyer, chief data and AI officer at value-based care platform Reveleer. [Public healthcare information or] PHI is paramount in healthcare, so we have to treat it responsibly. No one in our organization, including data scientists, has access to anything they dont need to access. Data access needs to be strictly governed.Transparency is also critical because it reduces the risk of relying on what could be a hallucination.When we give AI results, or when we go through our data models, we support it with monitoring, evaluation, assessment and treatment (MEAT). So, for example, not only did we find the term, diabetes, in a patients chart, theres also an explanation of why we suggested this particular ICD [internal classification of diseases] code, says Meyer. That way, when AI provides suggestions, the human still decides whether the suggestion is valid or invalid. We're not trying to [replace] humans. We're trying to make their job easier and more accurate.Related:AI as a Problem-Solving ToolWhile the ability to quickly identify health conditions and find correlations is powerful, its considerably less helpful if users must then manually wade through volumes of information, which could be several hundred or more pages, to locate the references. Instead, AI can surface the references quickly, such as by identifying on what pages of a document, or pages within a set of documents, those references can be found.That sort of use case opens the door to GenAI, however, like in many other industry sectors, GenAI tends to be misunderstood. People who lack a foundational understanding of AI tend to believe that GenAI is the latest and greatest version of single technology called, AI versus another AI technique.I think people view GenAI as a panacea, and it is not a panacea, especially in the healthcare industry where you cannot just have a black box that says, Heres the answer, but were not going to tell you how we got there,' says Meyer. Were using it for evidence extraction from the chart which we can then double check for hallucinations. We take that evidence and run it through our models.However, Reveleer also uses AI for other techniques, such as rules, to pull evidence.Related:A lot of people think they can upload a chart and then ask GenAI for the answer. It will give you an answer that looks okay on the surface, but they are not production level, customer trustworthy answers that are in the percentile of accuracy that [is necessary] in the healthcare industry, says Meyer. Healthcare is a high stakes industry where youre trying to drive patient outcomes, and I dont think that GenAI can be trusted on its own to provide that answer.Some Healthcares Challenges and How to Address ThemOne of healthcares biggest challenges is failing to understand that the accuracy of a prediction can, and often does, vary with use cases. Since healthcare organizations need highly sensitive patient information to provide diagnoses and treatment, the confidence level matters greatly.Trust is a big factor, so being given a suggestion that is 70% accurate isnt good enough. The stakes are too high. You have to balance the sensitivity and security of the data with who has access to it, says Meyer.Of course, trust must be earned by a vendor, particularly when patient records are involved. In Reveleers case, customer trust in its AI capabilities has been earned in a stair-step fashion over time. Specifically, the company began by automatically routing patient charts, then later NLP techniques were added so patient information could be surfaced faster and validated. Now its AI provides automatic pointers to where critical information can be located.Related:One of the biggest challenges is getting the data in an organized format that is usable, says Meyer. In order to build any AI model, you need to have a large quantity of data, and you need to govern that data appropriately. Managing your data is really the foundation of everything before you start building models. You also need to make sure that you know how to handle the data well.In addition to getting the foundational elements right, its important to choose the right tool for the right job.Data science still is a good method for solving a lot of these problems. Everybody's trying to jump to GenAI as the solution. Don't force that if youre getting good results from data science, says Meyer. The same is true for rules-based systems. For example, if you see the word, blood pressure and the reading next to it says 120 over 80, you don't need a GenAI model to pull that out for you. Or, if the data is in a structured format, and you can pull it out without any AI.However, dont overlook the need for a human in the loop when it comes to AI.In the healthcare industry, machines need to be partnered with humans, because healthcare is too high stakes for a lack of human oversight. One suggestion may have a better than 90% confidence score while another only has a 50% conference score, says Meyer. AI can help you cut through the noise and surface the good stuff quickly, but its always going to need the human element. Were not trying to replace humans; were just trying to make them more efficient.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Lisa Morgan, Freelance WriterMarch 31, 20259 Min ReadAndrea Danti via Alamy StockThreat actors are using AI to launch more cyberattacks faster. Recently, theyve employed autonomous AI to raise the bar even further, putting more businesses and people at risk.And as more agentic models are rolled out, the malware threats will inevitably increase, putting CISOs and CIOs on alert to prepare.The increased throughput in malware is a real threat for organizations. So too is the phenomenon of deep fakes, automatically generated by AI from video clips online, or even from photographs, which are then used in advanced social engineering attacks, says Richard Watson, EY global and Asia-Pacific cybersecurity consulting leader. We are starting to see clients suffer these types of attacks. With agentic AI, the ability for malicious code to be produced without any human involvement becomes a real threat, Watson adds. We are already seeing deepfake technology evolve at an alarming rate, comparing deepfakes from six months ago with those of today, with a staggering improvement in authenticity, he says. As this continues, the ability to discern whether the image on the video screen is real or fake will become increasing harder, and proof of human will become even more critical.Autonomous AI is a serious threat to organizations across the globe, according to Doug Saylors, partner and cybersecurity practice lead at global technology research and advisory firm ISG. Related:As a new zero-day vulnerability is discovered, attackers [can] use AI to quickly develop multiple attack types and release them at scale, says Saylors. AI is also being used by attackers to analyze large scale cybersecurity protections and look for patterns that can be exploited, then developing the exploit, he adds. How AI Attacks Can Get WorseI believe it will get worse as GenAI models become more commonly available and the ability to train them quickly improves. Nation-state adversaries are using this technology today, but when it becomes available to a larger group of bad actors, it will be substantially more difficult to protect against, Saylors says. For example, common social engineering protections simply dont work on GenAI-produced attacks because they don't act like human attackers.Though malicious tools like FraudGPT have existed for a while, Mandy Andress, CISO at search AI company Elastic, warns the new GhostGPT AI model is a prime example of the tools that help cybercriminals generate code and create malware at scale. Like any emerging technology, the impacts of AI-generated code will require new skills for cybersecurity professionals, so organizations will need to invest in skilled teams and deeply understand their companys business model to balance risk decisions, says Andress.Related:The threat to enterprises is already substantial, according to Ben Colman, co-founder and CEO at deepfake and AI-generated media detection platform Reality Defender. Were seeing bad actors leverage AI to create highly convincing impersonations that bypass traditional security mechanisms at scale. AI voice cloning technology is enabling fraud at unprecedented levels, where attackers can convincingly impersonate executives in phone calls to authorize wire transfers or access sensitive information, Colman says. Meanwhile, deepfake videos are compromising verification processes that previously relied on visual confirmation, he adds. These threats are primarily coming from organized criminal networks and nation-state actors who recognize the asymmetric advantage AI offers. Theyre targeting communication channels first because theyre the foundation of trust in business operations.How Threats Are EvolvingAttackers are using AI capabilities to automate, scale, and disguise traditional attack methods. According to Casey Corcoran, field CISO at SHI company Stratascale, examples include creating more convincing phishing and social engineering attacks to automatically modify malware so that it is unique to each attack, thereby defeating signature-based detection.Related:As AI technology continues to advance, we are sure to see more evasive and adaptive attacks such as deepfake image and video impersonation, AI-guided automated complex attack vector chains, or even the ability to create financial and social profiles of target organizations and personnel at scale to target them more accurately and effectively for and with social engineering attacks, says Corcoran. An emerging threat is AI-enhanced botnets that will be able to coordinate attacks to challenge DDoS prevention and protection capabilities, he adds.How CIOs and CISOs Can Better Protect the OrganizationOrganizations need to embrace AI for Cyber, using AI particularly in threat detection and response, to identify anomalies and indicators of compromise, according to EY's Watson.New technologies should be deployed to monitor data in motion more closely, as well as to better classify data to enable it to be protected, says Watson. Organizations that have invested in security awareness and are moving accountability for certain cyber risks out of IT and into the business are the ones who stand to be better protected in the age of generative AI, he adds.As cybercriminals evolve their tactics, organizations must be adaptable, agile and ensure they are following security fundamentals.Security teams that have full visibility into their assets, enforce proper configurations, and stay up to date on patches can mitigate 90% of threats, says Elastics Andress. While it may seem contradictory, AI-powered tools can take this one step further, providing self-healing capabilities and helping security teams proactively address emerging risks.Reality Defenders Colman believes the best protection strategy is a layered defense that combines technological solutions with human judgment and organizational protocols.Critical communication channels need consistent verification methods, whether automated or manual, with clear escalation paths for suspicious interactions, says Colman. Security teams should establish processes that adapt to emerging threats and regularly test their resilience against new AI capabilities rather than relying on static defenses.Stratascales Corcoran says well-resourced organizations will be well-served by leveraging AI across vendor products and services to stitch telemetry and response together. They also need to focus on cyber hygiene. Organizations should ensure they protect their people and give them the tools, processes and training needed to combat social engineering traps, Corcoran says. "AI-enhanced automated vulnerability exploitation only works if there are vulnerabilities, he adds. Shoring up vulnerability and patch management programs, and pen-testing for unknown gaps will go a long way toward defending against these types of attacks.Finally, Corcoran recommends a zero-trust mindset that narrows the aperture of access any attack can achieve, regardless of the sophistication of AI-enabled tactics and techniques. ISGs Saylors recommends continuous vigilance of an organizations perimeter using attack surface management (ASM) platforms, and the adoption and maintenance of defense-in-depth strategies. Common Mistakes to AvoidOne big mistake is believing generative AI is nowhere in the organization yet, when employees are already using open-source models. Another is believing autonomous threats arent real.Companies often get a false sense of security because they have a SOC, for example, but if the technology in the SOC has not been refreshed in the last three years, the chances are its out of date and you are missing attacks, EYs Watson says. [You should] conduct a thorough capability review of your security operations function and identify the highest priority use cases for your organization to leverage AI in cyber defense."Over-reliance on point solutions, regardless of their capabilities, leads to blind spots where adversaries can exploit using AI-enhanced techniques.Defending against AI-based threats, like any other, requires a system of systems approach that involves integrating multiple independent threat detection, and response capabilities and processes to create more complex and capable defenses, says Corcoran. Organizations should have a risk and controls assessment done with an eye on AI-enhanced threats. An independent assessor who isnt bound to any technology or framework will be best positioned to help identify weaknesses in an organization's defenses and look at solutions for processes, and technology.Elastics Andress says companies often underestimate the severity of AI-enabled threats and dont invest in the proper tools or protocols to identify and protect against potential risks.Having the right guardrails in place and understanding the overall threat landscape, while also properly training employees, allows companies to anticipate and address threats before they impact the business, says Andress. Threats dont wait for companies to be ready. Leaders must be prepared with the proper defenses to identify and mitigate risks quickly. Security teams can [also] leverage GenAI, he adds. It gives us an ability to be proactive, better understand the content of our environments, and anticipate what threat actors can do.Aditya Saxena, founder at no-code chatbot builder Pmfm.ai,says organizations are unnecessarily creating vulnerabilities by relying more on AI generated code and implementing it without review.LLMs arent infallible, and we risk inadvertently introducing vulnerabilities that could take down systems at scale, says Saxena. Additionally, bad actors could train models around subtly exploiting vulnerabilities. For example, we could have a version of DeepSeek that intentionally corrupts the code while still making it work, he adds.Up until last year, we were mostly using AI as an assistant to speed up the work, but lately, as agentic AI becomes more common, we could be inadvertently trusting software, like Devin, with sensitive information, such as API keys or company secrets, to take over end-to-end development and deployment processes.The biggest mistake companies can make is underestimating the evolving nature of threats or relying on outdated security measures, says Amit Chadha, CEO at L&T Technology Services (LTTS).Our advice is clear: Adopt a proactive and cybersecure AI-driven approach, invest in critical infrastructure and threat intelligence tools, and collaborate with trusted technology partners to build a resilient digital ecosystem, says Chadha. But the most important factor is the human element as [most] cybercrimes happen due to human errors and mistakes. So workshops must be conducted for all employees to educate them on cybercrime prevention and ensuring they do not become the unwitting agents of a leak or data breach. In this case prevention is the cure. ISGs Saylors warns that organizations are not prioritizing basic maintenance of their cybersecurity stack and taking basic precautions, such as running VM scans and patching at least critical issues immediately.We have seen multiple examples of very large companies that are months to years behind on patching because the apps team wont let us do it, or they are running N-3 versions of software because it is too hard to upgrade, says Saylors. Those are the organizations that have already been hacked. AI attacks will just increase the speed and severity of the damage if they become a serious target.He also thinks boards of directors should be educated on the continually advancing nature of cyberattacks being generated by AI and GenAI platforms. The board of directors has the responsibility to prioritize funding for cyber transformation, says Saylors. Start a quantum resiliency plan now, and ensure you have multiple copies of immutable backups.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorMarch 31, 20255 Min ReadAndrey Suslov via Alamy Stock VectorAgentic AI uses sophisticated reasoning and iterative planning to autonomously solve complex, multi-step problems. By absorbing massive amounts of data from multiple sources, the technology can build strategies, analyze challenges, and execute tasks in an almost endless range of business and research sectors, including supply chains, cybersecurity, and healthcare.Traditional AI systems typically excel at narrowly defined tasks under tightly controlled conditions, says Michael Craig, staff scientist at AI drug discovery firm Valence Labs. Agentic AI systems aren't restricted to a single, narrow purpose. "They can identify which questions to explore, what experiments to run, and how to adjust a methodology as new data emerges," he notes via email.Agentic AI functions like a workflow compared to other AI applications, says Joe Fernandes, vice president and general manager at enterprise open-source software provider Red Hat's AI unit. "Rather than a typical generative AI model generating a single response to a question, an agentic AI system may execute several steps on its own to complete the task," he explains in an email interview. This could include analyzing the request, mapping out a strategy, and executing the task, which in itself could be calling out to additional models or external systems, such as a search engine or querying a database.Related:A Force MultiplierWhen fully realized, agentic AI can be a force multiplier to an extreme degree, Fernandes says. "Looking at it from the perspective of a traditional enterprise IT organization, it's like having an incredibly specialized individual -- or team of individuals -- that doesn't mind having the same task, every day, with no creativity or scope expansion."Given its powerful and wide-ranging abilities, agentic AI presents an opportunity to advance scientific research by analyzing petabytes of data, formulating hypotheses, and pinpointing salient patterns in an asynchronous manner. "This has the potential to accelerate advancement in data-heavy fields like biology, chemistry, and drug discovery," Craig says. "Furthermore, agentic AI can update plans based on intermediate findings without needing continuous human supervision, which can result in a broader exploration of possible solutions." Perhaps most importantly, by testing ideas in simulated environments, agentic AI can lower reliance on expensive wet lab experiments, improving the likelihood that subsequent experiments will drive insight.Agentic AI can also free IT team members from maintenance and other low-level tasks, Fernandes says. Instead, staff can work on integrating new systems or applications, engaging more closely with customers, and handling other important duties. "In this scenario, agentic AI takes on the unpleasant tasks of IT work and lets a technology organization drive incredible value for the broader business rather than being stuck in cycles of system maintenance."Related:Over time, agentic AI has the ability to improve its performance by learning from experience, becoming increasingly effective at achieving desired outcomes, says Marinela Profi, global AI market strategy lead at business analytics software and services provider SAS in an online interview. "For example, it might reschedule deliveries to avoid traffic or change a factorys production plan if demand rises."First AdoptersInitial agentic Ai adopters will likely be enterprises looking to maximize their AI investments, boost productivity, and tackle complex business challenges, predicts Lan Guan, chief AI officer at business advisory firm Accenture. "These organizations are particularly interested in solutions that can scale across multiple functions and operate with minimal human oversight," she notes via email.Related:Enterprises across a wide range of verticals are most likely to be the first to commit to agentic AI, eying the potential for reduced costs, Fernandes says. "Looking at agentic AI in the long term, its feasible that almost every organization in nearly every industry can benefit from adopting agentic AI agents in some fashion."First StepsThe best way to get started with agentic AI is by establishing a strong foundational infrastructure and resilient data management practices, Guan says. "Organizations are at varying stages of readiness, and those with a robust enterprise platform architecture are better positioned to ensure seamless accessibility to foundation models."An easier approach to agentic AI is simply experimenting with the technology. "The good news here is that much of the innovation surrounding agentic AI, and AI in general, is happening in open source," Fernandes observes. He points to several emerging agent tools/ frameworks, including CrewAI and LangChain, among many others.On the downside, agentic AI faces some of the same challenges as other generative AI use cases. "The underlying GenAI models need to be trained and tuned on your data and deployed for inference across a hybrid environment that may extend from public clouds, to private data centers and out to the edge," Fernandes explains. "This needs to be done in a cost-effective way to ensure a positive ROI, which is a challenge given that this generally requires accelerated compute hardware, namely GPUs."Adopting organizations also must possess the internal skills and resources needed to effectively train models on their data, as well as a clear deployment strategy. "AI agents offer a solid pathway to production AI, but the constantly evolving market, from new model introductions and technologies to training and RAG-type techniques, means that most IT organizations are currently being very deliberate in their pursuit," Fernandes says.About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

With more AI models emerging, how do CIOs and CISOs at enterprises go about establishing security guardrails to reduce risks as the technology gets deployed?

Dave Link, CEO, ScienceLogicMarch 28, 20254 Min ReadMopic via Adobe StockA hallmark of successful innovation is when organizations get good enough at solving todays challenges that theyre able to focus on future technology investments and use cases. When the forecasting becomes long-term, we get into the realm of futureproofing, where CIOs and their teams weigh specific near-term IT choices and investments to support far-off leapfrog innovation objectives.Futureproofing in the age of AI adds a layer of uncertainty when it comes to planning for fast-evolving capabilities and use cases that may not exist yet. However, enterprises can gain confidence in future-proofing AI by rethinking how they gather and organize the underlying data that feeds AI.Futureproofing for the UnknownIT innovation is about meeting current enterprise needs while also expanding whats possible to achieve through technology in the future. Previously, futureproofing entailed keeping licenses up to date, anticipating software upgrades or end of life issues, and adding infrastructure to meet planned new capacity demands.Now, AIs autonomous and scalable nature is transforming these future innovation strategies. The same self-learning algorithms and auto-resolution schema that allow humans to step back and let AI make more decisions and autonomous insights are also complicating predictions for where AI should be taken, or be allowed to take itself, into the future.Related:Think of future-proofing AI as a spin on the DevOps principle of designing for the unknown, in which developers design applications with the hopes that they will remain interoperable with future technologies. Today, it has become a issue of futureproofing for the unknown, given the highly autonomous nature of AI and the endless possibilities for new use cases.The more we understand this constantly evolving nature of AI -- a market poised to realize a compound annual growth rate of 37.3% through 2030 -- the more we grasp how future-proofing has less to do with the programming and licensing level, and more to do with the data and infrastructure level. Software has evolved from an application-centric to a data-centric design, with data becoming a foundational input for application development.Supporting AI Evolution Through Extensibility at the Data LayerThe irony of future-proofing AI is that supporting its long-term growth requires precise, immediate IT adjustments. CIOs, CTOs and other technology leaders must ensure their teams are covering essential bases at the data layer to ensure flexibility. It's what we call extensibility to accommodate new and potentially unforeseen use cases for AI.Related:Achieving extensibility begins with ensuring consistent data standards and availability at all times. To innovate and grow, AI systems need unfettered access to databases and sources, requiring consistent standards and metadata across different systems for reliability. Furthermore, data should be secured with dynamic authentication protocols that facilitate smooth and safe access.Particularly for AI, its essential to add proper business context to data without over-formatting it. This is ultimately the most critical balance to strike in future-proofing AI: The just right amount of data cleansing and formatting can position data for broad reuse as AI systems innovate. Too little formatting leaves the datas relevance indecipherable; too much formatting and the data becomes too rigid for AI to leverage for novel applications.Unsurprisingly, human analysts have historically managed this nuanced balance. However, recent developments in unsupervised AI have unlocked algorithms that can now analyze unlabeled data to derive emerging structure and patterns.Leveraging New Capabilities and Use CasesGiven that 90% of data generated by organizations today falls firmly within the unstructured category, proper extensibility at the data layer that incorporates both structured and unstructured data for AI processes can drive powerful new applications in the enterprise.Related:For instance, generative AI can now automate many IT operations functions, creating an educated and context-aware support tool that redefines the status quo of what's typically expected from an AI advisor. This is possible thanks to data pipelines that rapidly pull in structured and unstructured data sources and render them into a highly usable framework for GenAI to independently manage configuration analytics, bug reports, knowledge base resolves, standard operating procedures, and service-level agreements.Another example, AI-powered digital twins can harmonize structured and unstructured data together to model the behavior of new infrastructure and systems before theyre built. This allows teams to proactively manage operational issues such as limiting process interruptions and minimizing downtime in a power utility.Future-proofing AI starts with future-proofing AI data. While the finer details can be left to team specialists, C-suite tech leaders must grasp the importance of data extensibility efforts, as successful implementation ensures AI's future.When organizations modernize their data architectures with AI innovation in mind, they lay the foundation for new capabilities and use cases to flourish. And given that most enterprises keep their data archived for at least seven years to align with federal compliance standards, this foundation is constantly expanding. The sooner organizations streamline data management for AI, the faster they can future-proof investments and unlock new value.As AI levels the playing field, the software and technology ecosystem evolve rapidly, only scratching the surface of its transformative potential. These shifts are disrupting traditional boundaries, and the race for unique innovations is unfolding in real time.About the AuthorDave LinkCEO, ScienceLogicA technology advocate committed to innovative IT management solutions that leapfrog paradigms and optimize business outcomes, David Link is founder and CEO at ScienceLogic, a global leader in automated IT operations and observability. Throughout his career, Dave has worked to solve the pressing problems facing IT organizations delivering smarter and more targeted IT management tools to the market. Leveraging market transitions in cloud, AI, and analytics, he continues to scale ScienceLogic with a laser focus on customer success. His proven leadership integrating technology, product, and business model shifts has been instrumental to the company's consistent growth and leadership presence.See more from Dave LinkReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Mary E. Shacklett, President of Transworld DataMarch 28, 20256 Min ReadWavebreak Media ltd via Alamy StockOnce an on-premises room with a collection of IT equipment, the data center is being reimagined into a virtual DC that embraces the cloud as well as on-prem assets. It is also moving into areas such as building design/construction, energy consumption/sustainability and facility management.In this expanded environment, CIOs and IT are finding themselves in new, hybrid relationships with facility managers, cloud operators, construction engineers, IT vendors and heating, ventilation and air conditioning (HVAC) vendors.How do these data center changes impact budget thinking, presentations to the board, strategies and operations?First, Some ContextIn September 2024, IBM was still defining a data center as "a physical room, building or facility that houses IT infrastructure for building, running and delivering applications and services. It also stores and manages the data associated with those applications and services.", saying that data centers had evolved into remote facilities or networks of facilities owned by cloud service providers (CSPs) that hosted virtualized IT infrastructure for the shared use of multiple companies and customers.This is the definition that most of us who work in IT are used to. CIOs also understand what the data centers expansion into the cloud portends, although our CEOs and C-level peers might not understand.Related:The physical data centers that companies operate have provided the low-lying fruit for meeting corporate sustainability goals that boards and regulators have encouraged. These easy gains in sustainability were facilitated by eliminating physical storage and servers and replacing them with cloud services or virtualized operating systems and applications. The net and tangible results of these moves were reductions in on-prem data center energy consumption and physical floor space.Corporate management and boards were delighted with these sustainability gains. Nonetheless, they still dont understand the long-term implications of cloudifying IT and virtualizing assets, how these trends have changed fundamental thinking about data centers.Should this matter to CIOs?Yes, because when CIOs present data center status and requests to the board, the CEO, other C-level executives and stakeholders, they must talk about everything that represents the companys total IT investment in the data center, no matter where those technology assets are.What the Data Center Is TodayMost modern CIOs think about the data center as a concept more than as a physical thing. IT understands it must manage all the technology that the company invests in, whether the tech is in a physical on premises room, in a cloud, or even in tangential data center facility infrastructure like an HVAC system and new data center construction.Related:Including all these areas under the heading of data center has major ramifications for the budget, for data center strategy, and for day-to -day operations.Adopting a Global Data Center ApproachAs they think beyond the traditional boundaries and definitions of data centers, CIOs are adopting an all-encompassing approach to data center management that is global to the company. Key points that should drive this approach include:Educate management. Most corporate boards and managers still think of the data center as a physical facility. They dont see how moving more IT to the cloud or to enterprise edges changes this. It's because they don't have the day-to-day responsibility to manage all this technology sprawl. Managing the sprawl falls on IT, so its incumbent on the CIO to educate the board and senior management on how the concept of managing a data center has changed. One great way to approach the conversation is from the standpoint of security. The company must be able to secure all of its assets, no matter where they are. Management and the board will certainly agree.Related:Work with users to secure IT assets. The cloud, together with citizen development -- where users independently subscribe to their own cloud services without IT necessarily knowing -- have generated a need to uncover and secure all these assets, which should be under enterprise IT management. As part of data center expansion within the enterprise, IT should reach out to user departments and use zero-trust networks, which can identify the additions of new assets that IT might not know about, so these assets can be securely and properly managed.Update job descriptions. Historically, a network specialist or a security expert was focused on internal IT networks and security and then developed skills and used tools for these areas. Now, with more IT moving to the cloud, IT asset management and toolset knowledge should be expanded so that IT security and network staffs can effectively manage cloud-based IT. Position descriptions most likely need to be updated so they encompass these areas, and IT staff members may need to be upskilled in cloud management tools and techniques.Collaborate with facility and HVAC vendors. CIOs and their systems and storage managers must gain knowledge and actively collaborate with building contractors, HVAC suppliers, electricians and the entire corporate facilities group, because planning for new or expanded data centers or data center improvements require it.If a new data center, data center expansion or improvement is planned, simple elements like whether to have a light-colored roof, which can reflect sunlight away from the data center and reduce heating levels inside, are important. So are decisions on sub-floor cooling systems and power feeds for data center servers and storage. HVAC units can become major topics. For instance, understanding the location of the data centers hot spots. Those are areas most likely to generate excess heat, such as heavy-process servers and storage). And, whether your staff is planning to rack more storage to concentrate hotspots in fewer areas. Or can your HVAC system be adjusted for this? The goal is to have max-capacity HVAC working in data center hot spots, and lower HVAC activity in areas of the data center where little heat is being generated. IT doesnt have the bandwidth or skillsets to address all these environmental issues on its own, so it must develop working knowledge and collaborate with vendors and facilities experts.Develop working relationships with vendors. IT has a tendency to vet vendors, define service-level agreements (SLAs), sign contracts and move on. Since so much IT is being placed in the hands of vendors, this dynamic must change.Vendors should be brought into IT projects and project planning. They should minimally be communicated with on a monthly basis to review the status of the systems and services they provide. The emphasis should be on a continuous working relationship, with the vendor and IT designating point persons on their respective staffs to coordinate and direct communications.SummaryData centers are evolving into ecosystems of diverse IT assets and personnel that span clouds, facilities, vendors and services.When CIOs talk about the data center, they should present it as an active and holistic ecosystem of inter-related assets and personnel so upper management and the board can better understand what the data center is becoming, and why IT makes its data center budget requests.In addition to furthering data center understanding at the top of the organization, IT skillsets and job responsibilities will require upskilling and realignment.About the AuthorMary E. ShacklettPresident of Transworld DataMary E. Shacklett is an internationally recognized technology commentator and President of Transworld Data, a marketing and technology services firm. Prior to founding her own company, she was Vice President of Product Research and Software Development for Summit Information Systems, a computer software company; and Vice President of Strategic Planning and Technology at FSI International, a multinational manufacturer in the semiconductor industry.Mary has business experience in Europe, Japan, and the Pacific Rim. She has a BS degree from the University of Wisconsin and an MA from the University of Southern California, where she taught for several years. She is listed in Who's Who Worldwide and inWho's Who in the Computer Industry.See more from Mary E. ShacklettReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorMarch 28, 20255 Min ReadBorka Kiss via Alamy Stock PhotoThe software development team's goal should be to deliver stakeholders a flawless app. That's all well and good but then a bottleneck suddenly appears. What happens next depends on how well the team leader handles the situation.Software development, although younger than traditional manufacturing, is now critical to the modern enterprise, says Mitchell Johnson, chief product development officer at supply chain management platform provider Sonatype. "While manufacturing has been optimized over centuries, software development is still catching up, despite its foundational role in business success," he explains in an email interview. "The stakes are enormous, as enterprises now rely on software for everything from product innovation to operations."The best way to eliminate a software development bottleneck is to prioritize clear, consistent communication and to make progress visible to the entire team, says Matej Bukovinski, CTO of software development firm Nutrient. "Ongoing asynchronous communication is truly effective for frequent updates, because it allows team members to share progress and next steps without disrupting their workflows," he notes via email.Practices such as daily async updates, scheduling work early to ensure visibility, and maintaining a dynamic Kanban board will reveal bottlenecks as they emerge, Bukovinski says. "When you use these approaches, combined with periodic team sync-ups for deeper discussions, you can create a transparent and collaborative environment that mitigates bottlenecks before they can escalate."Related:"When you focus on early visibility and collaborative problem-solving, you foster agility, which allows the team to quickly adapt and address issues without slowing down overall momentum," Bukovinski says.First StepsThe best way to eliminate software development bottlenecks is to automate as much as possible, advises Elliot Peele, senior manager of software development at statistical software development firm SAS. "If there's a process you have to do more than once, automate it," he recommends in an online interview. "Enable software developers to focus on writing code rather than performing repetitive tasks."Reliable automation is essential for eliminating bottlenecks, Johnson says. "Modern development cycles often grind to a halt when manual processes in testing, operations, or security cant keep up with the pace of code generation." By automating critical tasks such as dependency management, vulnerability detection, and risk remediation, teams can move faster without sacrificing quality or security.Related:What makes automation highly usable is a foundation of reliable, accurate data. Automated tools are only as good as the insights theyre built on and leveraging solutions that draw from the best data ensures high-confidence results, Johnson says. "For example, automating high-confidence upgrades and waivers minimizes wasted effort and keeps development workflows smooth."Automation is effective because it moves the mundane task to the responsibility of the robot rather than the creative developer, Peele says. "Additionally, automating tasks makes them more reliable and repeatable, as humans are inherently error prone."Preventing Future BottlenecksDevelopers can play a critical role in preventing future bottlenecks by proactively maintaining the quality and security of their codebase, Johnson says. "Engaging with tools that provide insights into the software supply chain, regularly updating dependencies, and participating in thorough code reviews are all ways developers can contribute to a smoother development process."Creating a culture of shared responsibility can also help. "By collaborating across teams, developers can identify inefficiencies and resolve issues early, reducing the likelihood of bottlenecks escalating further downstream," Johnson explains. "Continuous improvement practices, like retrospectives and feedback loops, can help teams stay agile and address potential challenges before they impact development cycles."Related:Bukovinski stresses the need for teams to embrace proactive interaction habits supported by project management and communication tools. "This is where your operations team can play a big role in communication success," he notes. Sharing regular updates ensures that the entire team is aware of progress and potential blockers, enabling quick action when needed. "Keeping the Kanban or sprint board up-to-date and pushing incomplete work early ensures that dependencies and feedback loops are handled efficiently."Async communication also reduces the cognitive load created by constant meetings, giving developers more focused time for problem-solving. "A culture of transparency and collaboration supported by these habits helps the team stay resilient and adaptable," Bukovinski says.Emerging ToolsAs new technologies become available, particularly AI tools, start thinking about using new approaches, such as reusable robots and other processes that developers can leverage to improve their speed and efficiency, Peele says. "If you can avoid writing automation twice, you can save significant effort, avoid duplication, and build general purpose tools to help everyone."Peele has one final bit of advice: "Start simple, and don't try to solve all your problems with AI -- you'll get there eventually."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Carrie Pallardy, Contributing ReporterMarch 27, 20255 Min ReadMichael Ventura via Alamy Stock PhotoThe US General Services Administration (GSA) announced plans for an overhaul of the Federal Risk and Authorization Management Program (FedRAMP). The new approach, dubbed FedRAMP 20x, will lean into automation to make authorization simpler, easier, and cheaper while continuously improving security, according to the GSA press release.InformationWeek spoke to four leaders in the private sector about the anticipated changes to FedRAMP, the potential impact, and how CIOs at government contractors can prepare.The ChangesFedRAMP was first established in 2011, about midway through Jonathan Alboums 11-year government career. He held multiple senior IT positions within the government, including CIO of the United States Department of Agriculture (USDA) before making the switch to the private sector in 2018, giving him exposure to FedRAMP as both buyer and service provider.Since the inception of the program, GSA has been trying to continue to make it better.I really see these changes as a continuation of those overarching efforts, Alboum, currently the Federal CTO at ServiceNow, tells InformationWeek. ServiceNow provides an AI platform, and it has 100 authority to operate (ATO) letters on file with FedRAMP.FedRAMP 20x has five main goals. The first focuses on automating the validation of FedRAMP security requirements. Under this new framework, more than 80% of requirements could transition to automated validation.Related:The second goal aims to reduce documentation requirements if companies pursuing FedRAMP authorization can demonstrate their existing best practices and security policies.Continuous monitoring is also one of the primary objectives of FedRAMP 20x. The updated model is promising a simple, hands-off approach that that leverages secure by design principles and automated enforcement.Through FedRAMP, GSA has played a role between contractors and government agencies. FedRAMP 20xs fourth goal emphasizes more direct relationships.A major objective is to reduce third-party involvement of the FedRAMP team in favor of more direct agency-provider interactions, Shrav Mehta, CEO of Secureframe, an automated compliance platform, explains in an email interview. Secureframe intends to pursue authorization under the new FedRAMP model.The final goal centers on innovation. Under FedRAMP 20x, companies will undergo automated checks and be able to make changes without additional oversight, granted they follow an approved process for doing so.As is often the case, more automation comes with the possibility of fewer staff. Federal News Network reports that FedRAMPs program management will be staffed by a few federal employees.Related:The Potential ImpactWhile the FedRAMP authorization process could look quite different with more automation, the underlying intent remains the same.You're always going to have a set of guardrails, a set of compliance rules that everybody's going to have to play by, says Kevin Orr, federal president for RSA, an identity security solutions company.RSA ID Plus for Government is FedRAMP authorized, and Orr has coached a number of companies through the process. He has seen firsthand how long it can take. It's anywhere from 18 to 24 months, he shares. I've been through this four times.Increased automation that cuts down on the amount of paperwork, time, and labor involved in achieving FedRAMP authorization could result in a less expensive endeavor.Today, there are nearly 400 FedRAMP authorized services, according to the FedRAMP marketplace. If the process becomes more efficient, and less expensive, more companies might be interested in pursuing authorization.The byproduct of that could be greater competition. [It] could be greater availability of capabilities that just don't exist today in the government sphere, says Alboum.Related:Continuous monitoring could offer advantages over a manual audit-based approach. We develop software and capabilities in a continuous manner. We're constantly improving them. So, a continuous authorization management approach is really much more appropriate, says Alboum.The hope is that continuous monitoring will lead to a more robust cybersecurity posture across the cloud-based tools in use within government agencies.There is optimism among companies that have achieved FedRAMP certification in the past. Sumo Logic, a cloud-native, machine data analytics platform, achieved FedRAMP Ready designation in 2019 and FedRAMP Moderate authorization in 2021.We need to maintain rigor in how we're evaluating technology to ensure that it's a secure solution for government agencies. But ultimately we're very welcoming of efficiencies gained throughout the process, Seth Williams, the companys field CTO, tells InformationWeek.What Comes Next?The promise of a less burdensome FedRAMP authorization process is exciting for government contractors, but there are still unknowns.We're a little bit in the wait and see [mode] because the devils in the details Exactly how are we going to do continuous monitoring? Orr asks. I don't think anybody really wants the government inside your network telling you what you do. But at the same time, we all stand up and sign up for a security pledge to make the nation a [safer] place. So, somewhere in between is probably the truth, and we'll see what comes out of it.It also remains to be seen how automation is applied and how it works in practice. What will the impact of reduced FedRAMP staffing be? What will more direct relationships between government agencies and contractors look like?The future of FedRAMP is likely going to be shaped with input from industry stakeholders. FedRAMP working groups will gather input from industry, ensure equal access to information, encourage pilot programs, and provide technical guidance before formal public comment and release, according to the GSA press release.GSA notes that low-impact service offerings will not require agency sponsorship under FedRAMP 20x, but relationship building will still be important as FedRAMP evolves. Some of that connection will be formed within those working groups. And contractors who want to work with government agencies will need to demonstrate the value of their service offerings.It's one thing to say, I want to work with the government, or I have the capability to work with government. Well, how does it provide value to a government agency? says Alboum. Relationships are still going to be very important, especially as we go through this period of significant change.How can government contractors, and companies eager to secure government customers for the first time, prepare?For government contractors, success will depend on their ability to provide immediate, comprehensive security insights and adapt to more dynamic compliance expectations, says Mehta.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Brian Bronson, Chief Executive Officer, Orion InnovationMarch 27, 20252 Min ReadAleksey Odintsov via Alamy StockWe need to do something with AI. This familiar refrain came from a client recently but with an unusual twist. Instead of developing their AI LLM as quickly as possible, they wanted to build a governance framework first to guide their AI initiative.This conversation sparked an important realization: Strategic AI governance, when done right, serves as a powerful technology enabler.The pressure to adopt AI has reached a fever pitch; organizations feel they dont exist if theyre not doing AI. However, this pressure often leads to rushed implementations that can damage a business or product roadmap rather than enhance it.A healthcare provider that we recently spoke with learned this the hard way.After rushing out with a new AI transcription system to keep pace with a competitor, the system had to be shut down when they discovered it inadvertently included sensitive patient information in meeting summaries.The takeaway: Successful AI implementations share a common thread. They treat governance as an acceleration framework, not an obstacle. This requires fundamentally rethinking how we approach technology governance.Strategic ReviewsTraditional yes/no governance approaches don't work for AI. A more effective strategy focuses on a development program that creates clear pathways to deployment based on risk levels and business impact. For example, projects using established AI models with limited customer impact can move through a rapid approval process, while those involving sensitive data or custom AI development receive a more thorough review. A financial services client adopted this model with remarkable results; their teams quickly identified the appropriate governance pathway for each AI project, eliminating the uncertainty that typically slows implementation.Related:Regular strategic reviews prove crucial. Brief, focused assessments of new AI capabilities and their business impact help catch potential issues early while identifying new opportunities. Beyond bureaucracy, it's about creating feedback loops that accelerate safe deployment while driving innovation. Teams can spot potential issues before they impact operations, transforming governance from a checkpoint into a competitive advantage.The most successful organizations have made their governance programs into strategic assets. The key question shifts from How fast can we implement AI? to How can our governance program enable faster, safer AI adoption?Start With the Business CaseA critical starting point is clear business objectives rather than technology. When teams propose AI implementations, the first question should be, What specific business process are we trying to enhance? This clarity helps build focused governance around real needs rather than hypothetical risks.Related:The enterprises succeeding with AI aren't those moving the fastest; they're moving strategically. Instead of viewing governance as a necessary burden, they should see it as a way to accelerate their AI strategy. Effective governance enables sustainable innovation that minimizes risks. In an environment where everyone feels pressured to claim they do AI the real competitive advantage comes from doing it strategically and systematically.This insight from that initial client conversation holds true: Strategic AI governance, properly designed, becomes the very engine that drives innovation forward.About the AuthorBrian BronsonChief Executive Officer, Orion InnovationBrian Bronson is CEO of Orion Innovation, a leading digital transformation and product development services firm with over 6,400 associates worldwide. A seasoned technology industry executive, Brian previously served as EVP of US Telecom, Media, and Entertainment at Capgemini, and led Radisys as President & CEO through a strategic transformation. With over 25 years of global leadership experience, Brian focuses on helping organizations maximize the impact of next-gen technologies like GenAI to drive innovation and growth.See more from Brian BronsonReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Lisa Morgan, Freelance WriterMarch 27, 20258 Min ReadNils Ackermann via Alamy StockData silos have been plaguing organizations since before the data analytics gold rush. Sadly, data silos remain an issue in many organizations, which calls into question the reliability of AI outputs.Data silos are making it much harder for agents to get unified insights based on a holistic view of the data about an object of interest, such as a customer or an employee, or just a single user, says Michael Berthold, CEO and co-founder of data analytics platform provider KNIME. For example, agents struggle with isolated data sources, [like] a human having to go to the CRM to see information about a company and the current contract history, then go to the support system to find out more about ongoing technical issues, and then also check the online forum to see if employees of the customer posted something there.According to a recent Gartner survey, 63% of organizations either do not have or are unsure if they have the rightdatamanagement practices for AI. In fact, Gartner predicts that through 2026, organizations will abandon 60% of AI projects unsupported byAI-ready data.How Data Silos Form and What to Do About ThemTool vendors are trying to make the flow of data between systems easier by providing integrations with other tools. Similarly, an agent will benefit from having one place to go to get information about a customer.Related:Michael Berthold, KNIMEMichael Berthold, KNIMEIn an ideal world, all data would be integrated. That was the promise of data warehouses years ago, and its still what is being promised. Especially companies with more legacy data and systems will continue to have data silos, says Berthold.AI models require high-quality data to deliver optimal performance. Poor data leads to underperforming models, which can cost organizations tens of millions of dollars or more, according to Gordon Robinson, senior director, data management R&D at data and AI solution provider SAS.Inconsistent data across silos means different parts of an organization may track similar data independently, leading to discrepancies and the lack of a single source of truth, says Robinson. Data silos also can lead to incomplete AI model training. When AI models are trained on fragmented data rather than a comprehensive dataset, they fail to reach their full potential and deliver optimal insights.Josh Weinick, a sales engineer at AI-powered cybersecurity automation platform Blink Ops has seen cases in which a chatbot is unable to provide accurate customer support because it doesnt have access to sales or product data living in another departments separate system.Related:Most silos are caused by a mix of legacy infrastructure, organizational culture and inconsistent data standards. When teams cling to their own systems and definitions, or when older technology doesnt integrate well with modern AI platforms, its easy for silos to form, says Weinick. Mergers and acquisitions can also play a role. Newly acquired business units often bring their own tech stacks, which stay isolated unless leadership prioritizes integration.Without leadership buy-in and a culture of data sharing, departments tend to guard their data.Ashwin Rajeeva, co-founder and CTO at enterprise data observability company Acceldata says data silos restrict AIs access to complete, high-quality data, which leads to biased models, inconsistent insights and unreliable automation.Fragmented datasets make it difficult for AI agents to understand context, reducing their effectiveness in decision-making and business impact, says Rajeeva. Eliminating silos is essential for AI to scale, improve efficiency and deliver meaningful enterprise value.The root causes of the data access problem are legacy infrastructure, multi-cloud environments, decentralized data ownership and weak governance.Related:A data-first AI strategy focused on governance, interoperability, and observability is key. Enterprises should implement automated data quality checks, real-time monitoring and lineage tracking to ensure AI models operate on accurate, consistent data. Aligning data strategy with business objectives and fostering cross-functional collaboration accelerates AI adoption and impact, says Rajeeva.Gokul Naidu, senior manager at SAP says silos can cause gaps in model training and may require manual consolidation or cross-team requests.By the time information is merged, it may already become outdated, slowing the feedback loop for AI driven optimizations and reducing potential ROI, says Naidu. When I wear a FinOps hat I see that silos obscure the value of unit economics, such as cost per transaction, cost per user, and limit the ability to measure how each service or feature contributes to overall business value.In his view, cultural resistance to sharing, a lack of standards and governance, legacy apps and technical debt contribute to data fragmentation, making it difficult to establish a unified data strategy. To overcome them, he suggests doing the opposite, which is promoting a culture of sharing, having a unified data strategy, and using automation and observability.Paul Graeve, CEO at IT system data services provider The Data Group points to SaaS systems. Specifically, organizations are not investing the time, energy, and money necessary to load SaaS data into a data warehouse where the organization can own the data, clean it, and effectively use the data for any important business initiative.Your data is locked away in all these SaaS platforms scattered around the globe. This can be scary considering your data is your most valuable asset, says Graeve. The only way you can effectively and efficiently use your data for AI, analytics, portals -- for any initiative -- is to consolidate all your data into a one-version-of-the-truth data warehouse. Until you have your data in one place where you can see it, fix it, enrich it and efficiently use it, youre going to struggle successfully implementing any AI initiative.Paul Graeve, The Data GroupPaul Graeve, The Data GroupArmando Franco, director of business modernization services at TEKsystems Global Services, says data silos limit access to comprehensive training data, reducing model accuracy, and introducing inconsistencies due to conflicting governance and duplication. They also create inefficiencies in automation and decision-making, as AI agents require real-time access to unified data. Additionally, fragmented data poses security and compliance risks, potentially leading to regulatory violations if governance is not properly enforced.These challenges stem from outdated IT infrastructure, business unit fragmentation, and a lack of a unified data strategy, says Franco. Legacy systems were not designed for interoperability, while different departments using specialized tools create barriers to integration. Without centralized governance, enterprises struggle with inconsistent data management, and siloed AI initiatives lead to duplicated efforts and conflicting model outputs. Addressing these issues requires modernizing IT systems, fostering cross-team collaboration, and implementing a cohesive data strategy.Why Some Enterprises Struggle More Than OthersThe longer an organization exists, the more likely it is to be struggling with data silos.If a company has been around for a while, it will have different tools and systems, and the act of unifying it all is doomed from the start. Even worse, if that company bought a couple of other companies in recent years that brought along their own tools and data solutions, says KNIMEs Berthold. Dont dream of waiting for the famous data warehouse to solve everything. Dont try to put a bandage on the problem by starting to copy around data so it all creates a data swamp in one central location.Instead, its important to have a data integration, aggregation and analytics layer in place that allows everybody and AI agents to access a unified view. Berthold says organizations should ensure the technology in that layer is well-documented so future colleagues can understand its functionality and update it as data moves or new data sources are added.According to SAS Robinson, data silos within organizations often form around products or business functions, so many organizations still struggle to unlock the full potential of their data.The best way to overcome these challenges is by implementing a strong data governance framework within your organization. With increasing regulatory demands and the rising frequency and cost of data breaches, robust data governance is no longer a choice -- its a necessity, says Robinson. A successful data governance program starts with understanding what data you have, assessing its quality and tracking how it is used across the organization.Additionally, techniques like entity resolution can help create a single, unified view of data by integrating information from disparate silos into a centralized repository. However, many organizations have yet to invest in strong data governance. Meanwhile, AI governance is emerging as a crucial focus, especially as new AI regulations continue to evolve.Effective AI governance must be built on a solid foundation of robust data governance, says Robinson. If you havent invested in data governance or your current platform lacks robustness, this should be your top priority. Its no longer optional. Its a fundamental necessity for any data-driven organization today.In addition to that, Blink Ops Weinick says organizations should prepared to invest in modern data integration and metadata management and put strong security and governance frameworks in place from the start, so fears around compliance or breaches dont create massive delays.Most importantly, focus on cultivating a cross-functional mindset, says Weinick. Demonstrate quick wins by bringing together two siloed data sets to address a pressing business problem, then celebrate and scale those successes across the enterprise.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

The question is no longer "Are we compliant?" but "Are we truly resilient?"

[Virtual Event] Cyber Resilience in 2025: How to Keep Business Moving When Everything Else is Collapsing

James M. Connolly, Contributing Editor and WriterMarch 26, 20258 Min ReadCagkan Sayin via Alamy Stock[This article was updated on March 26, 2025, with more recent content]Those wondering about the role of the CIO in the digital age need only look at the keyword in the middle of the title: Chief "information" officer. The corporate world actually isnt just about being digital or data driven. That digital data represents what the organization actually knows: Information about itself, its customers, and its employees, and how that organization does business moving forward.So, the CIO that some organizations virtually locked in the data center for years is today involved in everything from payroll to cybersecurity, e-commerce to environmental, social and governance (ESG) initiatives. Their domain extends from coders to clouds.Oh, and the CIO is also now the point person for AI initiatives and defending against AI abuse.This Quick Study takes a look at the role of the CIO these days as recorded by the writers who contribute to InformationWeek. The roles and responsibilities have changed dramatically and surely will continue to shift as the job itself morphs in the years ahead.CIOs, Their Jobs, and the Expanding C-SuiteCISOs in 2025: Evolution of a High-Profile RoleOver the past decade, the chief information security role has evolved from being a supporting position under the CIO or chief risk officer to a core member of the executive team.Emotional Intelligence: An Often-Overlooked IT Leadership SkillStrengthening your emotional intelligence can help you become a more effective and respected leader. Getting started is as easy as mastering a few key attributes.Changing Role of the CIOChief information officers need to lean into the leadership aspects of their role to deal with ongoing changes. Here are five strategic areas to focus on in your job.The CIO Playbook, and the Seldom Run Plays with Big PayoffsIf you want to move beyond just being a CIO in an organization, you have to stretch your boundaries.Bridging the Divide: How to Foster the CIO-CFO PartnershipBuilding a future-proof enterprise through strategic leadership collaboration between the chief information officer and chief financial officer, says the CIO of Workiva.First Days on the Job as a CIOBecoming chief information officer is a goal for many IT professionals. But what do you do when you finally get there?Why Some Newer C-Suite Titles FailCorporate C-suites continue to expand, but the success rate of the newer positions depends on many things.The Value of the Fractional Chief Technology OfficerA fractional CTO can be a great solution to help limit risk, manage teams, and develop cost-effective strategies to help meet the technology demands of an evolving business.Achieving CIO Balance: IT Meets the Business WorldCIOs are being pushed to deliver value to the business and stay on top of technical issues. How can they do both?Todays Blueprint for CIO success: A Shift in MindsetChief information officers can help lead organizations through todays complex macro environment, if they broaden their purview to areas that deliver business outcomes faster.Lessons from Banking on the Role of the Chief Risk OfficerBy using cutting-edge data, analytics, and AI technology, chief risk officers can help their organization drive more effective risk-management strategies.Hey, CIO, We Need AIThe CEO/CIO Dynamic: Navigating GenAI ImplementationBy working together, CEOs and CIOs can fully leverage the benefits of generative AI to drive innovation, improve efficiency, and stay competitive in the market, says KPMG.Leading as a Future-Ready CIO in an AI-Driven WorldCompanies are rethinking their partnership structures, with ecosystems leading as transformative new business models across various industries.How CIOs Can Navigate Their Jobs in the AI EraThe sudden and explosive popularity of AI among the public surprised many, including CIOs. With changing tech priorities, where should CIOs be prioritizing their efforts to be successful? The CIO of Experio offers a look.Reshaping the CIO's Playbook for the AI AgeIn this landscape of rapid change, the impact of generative artificial intelligence (GenAI) on the role of the chief information officer is profound and far-reaching, according to EY.Fake News, Deepfakes: What Every CIO Should KnowAI advances are making fake news and deepfakes easier than ever. Most organizations arent prepared enough, yet.How Will AI Change the CISO Role?Artificial intelligence arms both defenders and threat actors, rapidly reshaping the cybersecurity landscape. Inevitably, the chief information security officer role must adapt to keep up.How CDAOs and CIOs Can Divide Data and Analytics ResponsibilitiesThe division of responsibilities between CDAOs and CIOs is often disputed, which can create tension and hinder operations, Gartner says. A better approach is to split the work and collaborate as peers.How, When, and Why to Hire a Chief AI OfficerTo develop an effective AI strategy, organizations should consider hiring a permanent CAIO who can align AI initiatives with long-term goals.CIOs and the Great Talent CrunchTaking a Deep Dive into People SkillsThe fundamental people skills -- or chops -- are communicating, collaborating, being a team player, and listening, with the ultimate goal as connecting.Do Women IT Leaders Face a Glass Cliff?Are organizations more likely to promote women to top IT management posts during hopeless crisis situations? Apparently, yes.4 Ways to Create a Workplace that Fosters Diverse LeadersResearch finds that there arent enough women in leadership positions. Here are four ways leaders can create a workplace that fosters more diverse leaders.Soft Skills: The Ultimate Force Multiplier for ITAs the job market shifts and new doors open, its critical for IT leaders to hire talented tech pros who are empathetic, forthcoming, and invested in helping the end user through their work.CIOs, Innovation, Their Budgets and ROIThe Case for a Fractional CIOWhat is a fractional CIO and when does hiring one make sense versus taking on a full-time executive?IT Leaders as Advocates for Continual ChangeWhile IT leaders have their finger on the pulse of tech advances, its crucial to work closely with business leaders ensuring strategy is aligned with business outcomes.CEOs Deploy CIOs for Digital LeadershipSuccessful CIOs must become agents for change, bolster their collaboration prowess and adopt a business first mindset, as CEOs lean on them to lead digital transformation.CIOs and the Right Tech in the Right Place5 Ways a CIO Can Assess the IT Landscape in a New RoleOnce settled into a new workspace and role, IT leaders can begin to assess how their new department works (and doesn't) in five key areas.ITs Key Role in Planting ESG EffortEnvironmental, social and governance (ESG) is an emerging area of focus for companies that could loom large in the future. How can CIOs plan for this today?CIO Compensation May Soon Be Tied to Green Data CentersLike it or not, the potential of green data center savings puts CIOs on the front line in the fight for sustainability.The Voices of Today's CIOsIntel CIO Motti Finkelstein on C-Suite Communication, Sustainable AI, and FutureFinkelstein must lead the chip giants IT team as the company embarks on its sprawling and ambitious foundry goals.Technology Leadership: The Sky Isnt the LimitHere are six lessons that flying taught me about being a leader, says the CIO of Nutanix.Former Microsoft CIO Jim DuBois Dishes On AI and Future of ITThe industry veteran and author looks beyond hype around generative language models as businesses begin adopting emerging technologies at a feverish pace.Q&A: Aflac US CIO Shelia Anderson Talks AI, Data, and CloudAutomating claims processing and other functions currently see more play with the insurer than ChatGPT, but Aflacs AI journey is still underway.Q&A: US Patent and Trademark Office's CIO on Cloud and DevSecOpsJamie Holcombe talks about developing a software factory drawing upon DevSecOps methodology and GitLab to help it modernize software development within his agency.About the AuthorJames M. ConnollyContributing Editor and WriterJim Connolly is a versatile and experienced freelance technology journalist who has reported on IT trends for more than three decades. He was previouslyeditorial director of InformationWeek and Network Computing, where heoversaw the day-to-day planning and editing on the sites. He has written about enterprise computing, data analytics, the PC revolution, the evolution of the Internet, networking, IT management, and the ongoing shift to cloud-based services and mobility. He has covered breaking industry news and has led teams focused on product reviews and technology trends. He has concentrated on serving the information needs of IT decision-makers in large organizations and has worked with those managers to help them learn from their peers and share their experiences in implementing leading-edge technologies through such publications as Computerworld. Jim also has helped to launch a technology-focused startup, as one of the founding editors at TechTarget, and has served as editor of an established news organization focused on technology startups at MassHighTech.See more from James M. ConnollyReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Lisa Morgan, Freelance WriterMarch 26, 20257 Min ReadJacob Lund via Alamy StockLow-code/no-code platforms have given rise to the citizen developer -- a power user of tools such as Microsoft Excel. In other cases, this person tends to be someone who needs an immediate solution, has an idea in mind, and isnt afraid to try something new to turn their dream into a reality.Citizen developers arent a threat to professional developers because they dont understand software architecture and the hand-written code it would take to customize the app. Theyre simply a less expert member of the workforce who happens to understand the context of a task, workflow or technology, and are motivated to make improvements on their own.In many cases, citizen developers arent left to their own devices. Theyre using wizards and visual tools instead of writing lines of code. In some organizations, citizen development has been enabled by IT and developers in a way that benefits both professional and citizen developers.For example, a citizen developer might build a solution that may eventually need a professional developers expertise to take it to the next level. The beauty of the center of excellence approach is that professional developers can spend more time on difficult problems while citizen developers solve the simple ones. If the organization has standardized on a platform, then handoffs between citizen developers and professional developers are seamless. It is common, however, for enterprises to use more than one low-code/no-code solution.Related:The best citizen developers have some traits in common, though their roles may differ. A proactive mindset and a love of learning help.Traits of An Effective Citizen DeveloperBrett Smith, distinguished software developer at data and AI provider SAS, believes effective citizen developers are usually subject matter experts on the business problem and possess a basic understanding of programming concepts. They are also problem solvers who are self-motivated and have a growth mindset. Notably, they can learn new skills quickly and are not afraid to experiment with new technologies.Citizen developers have a deep understanding of the business problem and the domain. They [can] communicate effectively with IT teams, which helps to ensure the solutions they develop are aligned with the needs of the business, says Smith. It's critical that enterprises provide citizen developers with the tools and resources they need to be successful. This includes access to training and support, as well as creating a culture that encourages innovation and experimentation.Related:Brett Smith, SASBrett Smith, SASNick Vlku, VP of product growth at end-to-end AI search and discovery platform provider Algolia, says citizen developers hold different roles such as product managers, project managers, designers and analysts, to name a few. One common trait is that they're intensely solution-oriented with an intrinsic drive to tackle business challenges, he adds.I've witnessed this firsthand, like watching a non-technical product manager who taught themselves SQL simply because they needed better answers to their data questions, says Vlku. These individuals are natural problem solvers who take initiative. Rather than waiting for help, they actively search for no-code solutions or teach themselves low-code approaches they find online.Their ability to focus on solving the problem at hand will become even more valuable with the rise of AI-assisted development tools and coding applications, Vlku says.Citizen developers will naturally incorporate these advances as additional tools to help them achieve solutions more efficiently, says Vlku.However, the enterprise also has a role to play. Vlku says enterprises should actively support and cultivate citizen developers, as they represent highly valuable employees who prioritize efficient problem-solving.Related:There's a notable challenge: these individuals often undervalue their technical capabilities, placing software engineering on a pedestal that makes them doubt their own abilities or feel uncomfortable embracing their problem-solving approaches, says Vlku. Organizations need to take specific actions to nurture this talent.First, enterprises should explicitly recognize and reward this initiative during performance reviews, acknowledging the solutions delivered and the innovative approaches used to achieve them. Second, they should streamline access to necessary tools and platforms.While determined citizen developers might find ways around organizational barriers, removing these obstacles upfront will encourage more employees to step into this role, says Vlku. This support is particularly important because citizen developers tend to doubt their technical legitimacy despite their demonstrated ability to deliver solutions. By creating an environment that actively validates and enables their efforts, organizations can help overcome this self-doubt and expand their pool of effective citizen developers.Karl Threadgold, managing director at Oracle NetSuite provider Threadgold Consulting, says the most effective citizen developers tend to have four defining traits: a problem-solving mindset, a strong understanding of business operations, a willingness to collaborate with IT and a hunger for learning.The most successful citizen developers deeply understand their organizations workflows, pain points and inefficiencies. They dont just automate processes for the sake of it; they focus on solving real business challenges, says Threadgold. Rather than working in isolation, they engage with IT teams to ensure their solutions are scalable, secure and aligned with governance policies. Given how quickly no-code and low-code tools are evolving, top citizen developers continuously upskill to stay ahead.The reason successful citizens outperform their peers is that they create solutions that are technically sound and strategically relevant.They dont just build the bare minimum, says Threadgold. They go above and beyond and build what the organization needs to thrive. Their ability to communicate with IT teams also helps prevent shadow IT issues, ensuring their applications integrate seamlessly into the broader tech landscape.The enterprise also has a role to play here, which is enabling this broader base of problem-solvers.Many enterprises still take a passive approach to citizen development. [They assume] that providing access to low-code tools is enough -- it's not, says Threadgold. They need to provide clear training structures, chances for people to work alongside experienced developers, and have clear collaboration frameworks in place. These people are often hungry to learn and develop their skills, so enterprises need to put structures in place to help them thrive. Without clear governance, training and collaboration frameworks, businesses risk ending up with fragmented, unsustainable solutions.How Citizen Development Is EvolvingAI capabilities have been added to all types of software, including low-code/no-code platforms. According to SASs Smith, adding AI helps citizen developers solve more complex problems. It also helps them write more code, faster -- but its double-edged sword.The increase in the amount of code a citizen developer produces could introduce more bugs and vulnerabilities than normal. There is a risk of overwhelming test and security teams with sheer volume of code to review and test, says Smith.Fundamental skills in AI, security and testing will support citizen developers in creating better applications and help avoid the introduction of bugs and vulnerabilities. Additional skills in project management and communication aid citizen developers in working effectively with IT teams to ensure that solutions are aligned with business needs.Algolias Vlku believes citizen development is still at the innovators stage.The proliferation of low-code and no-code tools is helping those without technical backgrounds bring their areas of search expertise directly into search platform development with less reliance on developers and engineers, says Vlku. Gen AI tools may also be accelerating this trend. Eventually, we foresee pre-built agents will be prepared and ready to support development, and citizen developer roles will be to invoke those agents.Nick Vlku, AlgoliaNick Vlku, AlgoliaHowever, like professional developers, citizen developers should understand the basics of AI and how it can help them.Citizen developers should focus on understanding and leveraging AI-powered development tools, as these represent a significant new frontier in problem-solving capabilities. The current technology landscape offers AI solutions that can assist with UI development and troubleshooting, presenting opportunities to enhance productivity even further, says Vlku.Rather than viewing AI as a separate skill to master, citizen developers should approach it as an extension of their existing problem-solving toolkit. By staying informed about and experimenting with these emerging tools, they can amplify their ability to deliver solutions efficiently.Threadgold says his organization sees citizen development moving beyond simple workflow automation to more complex applications integrating AI, data analytics, and API-driven solutions.With this shift, new skills such as data literacy, AI and automation, and APIs and integrations are critical. Citizen developers should understand how to effectively work with structured and unstructured data, use the AI tools included in low-code/no-code platforms and ensure solutions connect with enterprise systems.Citizen development is more than just helping non-technical staff to build applications. Its about helping people improve their skills and create a culture of innovation, says Threadgold. With the right support, enterprises can harness this movement to drive real business transformation.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorMarch 26, 20255 Min ReadLiubomyr Vorona via Alamy Stock PhotoA long-dormant IT project that suddenly springs back to life can be both welcome and challenging. Teams must be reassembled, abandoned timelines reconfigured, and technologies and methodologies updated to reflect current practices and standards.The best way to launch a project revival is to look backward. "Conduct a thorough project reassessment to identify the root causes of delays, then re-prioritize deliverables using a phased, agile-based approach," suggests Karan Kumar Ratra, an engineering leader at Walmart specializing in e-commerce technology, leadership, and innovation. "Start with high-impact, manageable milestones to restore momentum and stakeholder confidence," he advises in an online interview. "Clear communication, accountability, and aligning leadership with revised goals are critical."Shanna Rahming, senior vice president of managed services for SDI Presence, an IT consulting and managed services provider, and former CIO for the State of Nevada, agrees that it's important to understand what actually caused the delay. Was it a lack of resources, such as funding, skills, tools, hardware, or staff? "After you know why it's off track, you can then determine what needs to be done to get the project completed," she advises in an online interview.Related:Once the delay's cause has been clearly defined, seek information and insights from the original team, Rahming advises. "Then the stakeholders and executives need to have that information communicated to them."The next step should be performing a root-cause analysis. "Identify whether the delay stemmed from unclear requirements, technical debt, resource gaps, or scope creep," Ratra says. "Engage stakeholders, document findings, and reset priorities based on what delivers the most value in the shortest time."Team RebuildingIts usually best to retain past core team members who understand the projects history and complexities but augment the team with new expertise where gaps exist, Ratra says. "Fresh perspectives often drive innovation and problem-solving, while experienced team members ensure continuity."Recall past team members, yet supplement them with new members with similar skills and project experience, recommends Pundalika Shenoy, automation and modernization project manager at business consulting firm Smartbridge, via email. "Outside perspectives and expertise will help the team."While new team members should be welcomed, try to retain at least some past contributors to ensure project continuity, Rahming advises. Fresh ideas and insights may be what the legacy project needs to succeed but try to retain at least some past contributors to ensure project continuity, Rahming advises. "The new team members may well bring a sense of urgency, enthusiasm and skills ... that weren't present in the previous team at the time of the delay."Related:Avoiding MistakesThe biggest mistake team leaders make is rushing into execution without first addressing root causes. "Restarting a project without fixing systemic issues, such as poor communication, unrealistic timelines, or unclear scope, can lead to repeated failures," Ratra warns. IT leaders must also avoid setting overly ambitious goals. "Start small, show progress, and scale up."Its easy to focus on simply catching up with deadlines or scrambling to get back on track, but if the underlying issues aren't addressed, the same problems will likely surface again, cautions Anbang Xu, founder of JoggAI, an AI-based video platform provider. "IT leaders sometimes ignore team dynamics, communication issues, or technical debt in favor of focusing on just getting the project finished," he explains in an email interview. "This can create a cycle of delay, further burnout and, ultimately, project failure."Related:Shenoy says the two big mistakes he repeatedly sees are adding additional resources without understanding the real issues and overcommitting without team consensus.Final ThoughtsTransparency and trust are essential for successful project recovery, Ratra says. "Leaders should foster an open culture of accountability and communicate realistic goals with stakeholders." Leveraging automation tools and using AI-driven project monitoring can also help identify bottlenecks early, ensuring the team remains on track and responsive.To keep the relaunched project on track, it's important to establish and monitor a detailed communication plan that regularly shares critical information with team members, Rahming says. There should also be buy-in from technology and business stakeholders.Build a unified staff culture that's committed to succeeding or failing as a team, Shenoy says. "Encourage transparency and active collaboration across the team and stakeholders."Managing delayed projects requires a deep understanding of adaptability and resilience, Xu observes. "In a fast-moving field, like AI, setbacks are inevitable," he notes. "But the ability to pivot, reassess, and lead your team with confidence makes all the difference."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Nathan Eddy, Freelance WriterMarch 25, 20255 Min ReadMohd Izzuan Roslan via Alamy StockFinance and IT leaders are shifting their approach to retaining top technology talent as traditional methods of salary increases and financial incentives alone are proving insufficient.This is prompting companies to focus on career development, workplace culture, and employee engagement.Meanwhile, demand for tech talent remains strong as companies across industries continue to prioritize hiring, according to CompTIAs latest analysis of US Bureau of Labor Statistics data.With demand outpacing supply in key areas like AI and cybersecurity, businesses are competing for top talent while also increasing job postings to meet future workforce needs and tech professionals are expecting meaningful growth opportunities.Chief financial officers and HR leaders must work together to implement strategies that prioritize professional development, mentorship, and internal mobility.Professional Growth Prioritized Over Pay One of the most effective ways to retain IT professionals is by offering clear career development pathways.According to TEKsystems State of Digital Transformation Report, 82% of digital leaders are poised to reskill or upskill their workforce.Cosmin Pitigoi, CFO at Flywire, emphasizes that employees are more engaged when they have continuous opportunities to strengthen their skills and expand their experiences. One of the best ways to keep top talent engaged is to have a clear professional development pathway and provide them opportunities to keep strengthening their skills and rounding out their career experiences, he says in an email interview.Related:Leslie Deutsch, vice president of people strategy at TEKsystems, says upskilling has become a major priority. Offering continuous learning and upskilling programs helps employees feel valued and invested in, she explains via email.Mentorship also plays a key role in this strategy, with Pitigoi stressing the importance of both formal and informal mentoring relationships to provide long-term career guidance.Ive benefited from a doors always open philosophy in my career and pay that forward in my current role, he says.He says when IT professionals feel they have support and guidance, they are more likely to stay engaged with their employer.Collaboration Between IT, Finance LeadersBalancing cost control with investments in professional development requires close collaboration between IT and finance teams.Both Deutsch and Pitigoi emphasize that talent retention should be viewed as a strategic investment rather than an expense.Related:Organizations should be leveraging data and analytics to understand how development is impacting productivity and have that inform any investment, Pitigoi says.Deutsch highlights the importance of forming cross-functional teams that include IT, finance, and HR stakeholders.These collaborations ensure that professional development investments align with both financial and operational goals, maximizing their impact on workforce retention.Another key aspect is fostering an owner mindset among employees, where individuals take responsibility for improving efficiency and identifying new ways to work smarter.Flexible Work, Internal Mobility, and Employee RetentionBeyond professional development, flexibility in work arrangements continues to be a crucial factor in IT retention.Remote work and hybrid models are now expected benefits rather than perks; IT professionals, in particular, value autonomy and flexibility in managing their workloads.Implementing hybrid work models that allow employees to balance in-office and remote work is essential, Deutsch says.Internal mobility also plays a significant role in keeping employees engaged.Deutsch and Pitigoi both stress that organizations must create clear pathways for employees to move into new roles and take on greater responsibilities.Related:As part of this, organizations should encourage leaders to allow their best talent to move on to other roles, which is hard to do, but best for allowing talent to develop through diverse opportunities, Pitigoi says.This approach not only keeps employees engaged but also reduces the need for costly external recruitment.Deutsch adds that companies should structure internal mobility programs with well-defined career pathways and transparent role expectations.Creating clear pathways for career advancement within the organization encourages employees to take on new roles and responsibilities, she says.CFOs, CIOs, and HR Leaders Shape Talent RetentionRetaining IT professionals requires collaboration across multiple leadership roles.According to Deutsch, CIOs, CFOs, and HR leaders each play a unique part in crafting effective retention strategies. CIOs drive technological advancements and provide necessary tools, CFOs align financial resources with retention strategies, and HR leaders create a positive workplace culture, she says.Pitigoi says he agrees, adding that product and data analytics leaders also contribute by identifying innovation opportunities and ensuring that investments align with business needs.A few key factors of success are having a clear collaboration framework between departments, making data-driven decisions together, and having clear role accountability with implementation, he says.Consistent communication among these stakeholders ensures that employee experience remains a top priority.Overcoming the Challenges of a Culture-Driven Retention ModelHowever, shifting from a pay-driven retention model to one focused on engagement and culture comes with challenges.Employees accustomed to salary increases as a primary motivator may take time to adjust to a new approach that prioritizes career development and well-being.Prioritizing engagement and well-being over financial incentives requires open communication and transparency, Deutsch says.Organizations must build trust by explaining why they are making these changes and how employees will benefit in the long run.Recognition and rewards programs are also effective in reinforcing engagement; while salary growth may be slowing, companies can still show appreciation through meaningful recognition initiatives.Implementing systems that recognize and reward employee contributions in meaningful ways fosters a sense of appreciation and belonging, Deutsch says.Pitigoi emphasizes the importance of enabling employees to focus on high-value work. Employees who feel they are making an impact are more likely to stay with their organization.Investing in systems, automation, and tools helps your best talent focus on doing work they enjoy rather than more mundane tasks, he says.Measuring the Success of New Retention StrategiesFor companies transitioning to culture-driven retention strategies, measuring success is critical.Deutsch suggests using employee engagement surveys, tracking professional development participation, and analyzing internal mobility rates. HR leaders can deploy surveys to measure how happy and productive employees feel at the office, she says.If employees are using professional development resources and moving into new roles, it indicates that the strategy is working.Pitigoi notes that financial metrics also play a role: Organizations should assess how investments in career development impact recruitment and retention costs. If done right, investments in flexible work, upskilling, and internal mobility can have a direct impact on lowering external recruitment costs, he says.About the AuthorNathan EddyFreelance WriterNathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin.See more from Nathan EddyReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Applications are developed and installed, but few companies evaluate them for true usefulness. Think in terms of the abilityof an app to deliver tangible and optimized value to the end business.Some of the characteristics of tangible, optimized value for applications include:Is the application easy for people to use?Does the application perform consistently well, with a minimal need for maintenance?Is all the functionality that an application contains fully used?What measurable gains does the application provide to the business?Is the application scalable?Ive visited with IT departments and asked them about these application usefulness questions. I cant think of one of them that told me that they checked for usefulness beyond making sure that user friendliness and ease of navigation were present in app user interfaces. To a lesser degree, they looked at how many times an application needed to be fixed or maintained.Does Usefulness Really Matter?The Merriam Webster dictionary defines usefulness as: The quality of having utility and especially practical worth or applicability.Almost every new IT application that is deployed has utility, applicability and some practical worth, but is that all there should be to useful?Related:Here is a real-life example:A healthcare company has a very user-friendly web portal that delivers a self-service feature for customers. Customers fill out their names, phone numbers, email addresses, and physical addresses for identity verification and mail/credit card verification. But that app overlooks that there are rural and some urban customers who get their mail at a postal box, and not at their physical address. These customers need two address entries on the form. There is no way for these customers to work with the online app, and they have to call a human agent, because the app isnt able to handle the exception.There are other situations as well, like the financial analytics report that was supposed to test-drive all risk scenarios, with a drill-down into the details. Yet, that is only being partially used to get a top-level picture. Or there is the workflow automation in a warehouse that was supposed to deliver a 30% savings in human labor, but it's failing the business because the automation is incapable of addressing special handling requirements, and humans must jump in.Most CIOs have seen examples like these in their own companies. Unfortunately, the hard realities of heavy IT workloads make considering the idea of true application usefulness more aspirational than practical.Related:Despite this, however, there are several practical steps that organizations can take.Building Usefulness into Application DevelopmentTo improve application usefulness without incurring significantly more expense and work hours for IT and the user side of the business, here are five simple steps that can be taken to improve app usefulness:1. Understand the business for today and for the future. Its common practice in projects to define the business metrics that an application should deliver, and then to measure expectations against performance once the app is in production. This telltale production feedback gives insights as to how well an app is delivering the business value that was promised.Beyond metrics, however, you can create more business usefulness by ensuring that senior developers, business analysts and user project members are well versed in the particulars of the business for which the app is being developed. They not only should understand the business strategies and pain points for today, but also that they are projecting what the business strategies and pain points will be in the future.IT can accomplish two important things if it emphasizes business thinking during the application development process: That the app will be highly relevant and responsive to business needs today; and that the app will be constructed in a way that it can be extended or scaled for future anticipated needs that will prolong the apps useful life.Related:2. Learn from your help desk and your customer service center. The maintenance and enhancement tickets and requests coming into the IT help desk from users, and the feedback and customer surveys that front-facing customer service agents get, can inform IT and users about where the organizations pain points, and process failures are; and how new applications can eliminate these pain points.The idea is to bring help desk and customer service data into initial application design meetings so lessons learned can be incorporated into upfront application design. In this way, the risks of pain point and process failure repetitions can be lowered, and usefulness can be enhanced.3. Meet regularly with middle management. Middle managers are the movers of daily operations. They have their boots on the ground, they know the internals of the business, and they know where applications have failed them in the past. IT leaders should make it a point to meet with these managers often and to cultivate good working relationships. This builds a cooperative spirit and improves everyones working knowledge of the business and IT.4. Include training in project plans.Training should be projectized and redefined as a QA function. If the training is performed and users are then tested on how well they learned and can execute an apps total functionality, business value and app usefulness will increase.5. Stress workflow and app simplification in all development efforts. Workforce critical thinking and basic comprehension skills are declining, and businesses are feeling this. Its all the more reason to simplify applications and also the business processes that they enable.Applications are more rapidly adopted when users understand and feel confident using them. The sooner apps are adopted, the sooner that they can begin paying dividends to the business.

Lisa Morgan, Freelance WriterMarch 25, 20258 Min Readdesigner491 via Alamy StockTodays professionals are under constant pressure to improve their efficiency as the pace of business accelerates. Burnout is a common thing as workers try to multitask across several platforms and communication channels, often simultaneously, amid personal challenges such as caregiving and in-office politics. Notably, burnout symptoms differ, depending on whether employees work from home (WFH) or have been subject to return to office (RTO) mandates.Burnout differs between settings and how an employee is working, says Nicole Issa, founder and licensed psychologist at The Center for Dynamic and Behavioral Therapy. Remote workers can experience burnout due to a lack of work-life boundaries, social isolation and the pressure to be constantly available via tech. Office-based employees often struggle with long commutes, loss of autonomy, and workplace stressors such as micromanagement or rigid schedules. Both environments become a perfect storm for burnout, but the triggers do differ.Justina Raskauskiene, human resource team lead at ecommerce marketing platform Omnisend, agrees.How burnout manifests depends on the work environment, says Raskauskiene. Remote workers often risk blurring the lines between work and personal life, feeling like they [must] always be on, or unable to distance themselves from work. All of this makes it more likely theyll work overtime. Plus, its no secret that fewer in-person interactions often equal poorer emotional well-being. In-office employees, on the other hand, may struggle with burnout due to a demanding company culture, excessive workloads or even the stress of a mandatory RTO policy. Reduced flexibility always carries the risk of contributing to employees stress and dissatisfaction.Related:Many employees are now in the sandwich generation -- caregiving for children, parents or both.As our population ages, more and more employees will become caregivers. This isnt just a personal crisis; its a ticking time bomb for our economy, says Jennifer Fink, community educator at Alzheimer's Association. Seventy three percent of employees have some sort of caregiving responsibilities. Employees with caregiving responsibilities cost their employers an estimated 8% - an additional $13.4 billion per year! By creating a caregiving-friendly workplace, organizations can unlock employee potential, reduce frustration and boost their bottom lines. [C]reating a caregiving-friendly culture isnt expensive especially when the return on the investment is considered.Related:Katie Roland, chief human resources officer at KCSA Strategic Communications, says burnout occurs when employees feel they are giving more than they are getting.It can happen because they are actually overprogrammed and dont feel compensated enough, or because they are working in a hostile environment and are masking all day, says Roland. It can be because they have responsibilities in life and at work, and they do not have the flexibility to manage both the way they feel they need to, making them feel constantly inadequate. Essentially, burnout is exhaustion.Many seasoned leaders are instinctively doubling down on RTO, implementing technology to oversee productivity, and demanding respect.What organizations need to understand is that employees who are trusted to do their job, and manage their life as needed, will produce far more for you than someone you try to control and monitor, says Roland. Nobody likes to be micromanaged. Instead figure out how to partner with your employees to find solutions that work on both ends.What HR/Hiring Managers Should Do About ItSusan Snipes, head of people at Remote People, says HR leaders need to be prepared to address burnout in all its forms for both in-office and remote team members.Related:Flexibility is the word of the day! Flexibility should be incorporated into all aspects of the employee experience from benefits to policies and procedures, says Snipes. Benefits like hybrid work, flexible schedules, and mental health days go a long way toward preventing employee burnout.Nicole Issa, The Center for Dynamic and Behavioral TherapyNicole Issa, The Center for Dynamic and Behavioral TherapyThe Center for Dynamic and Behavioral Therapys Issa suggests that chief human resources officers (CHRO) and hiring managers could approach burnout as a strategic issue rather than individual failings.This means being proactive about identifying risk factors and offering flexibility where possible, says Issa. Trying to build a company culture that prioritizes well-being should be top of the list for companies now. For remote employees, organizations should set clear expectations around availability, encourage a digital detox and provide routes for social connection. For in-office workers, offering hybrid working models, focusing on meaningful in-person collaboration and ensuring workload balance is key.Utilizing Data Is Also ImportantAbsenteeism, tardiness, lack of vacation usage, etc. all can help identify the potential issue -- there may be an issue with individuals or potentially managers, says Fran Maxwell, global lead at business consulting firm Protiviti. If they have a robust people analytics function, they can proactively determine which employees could start to become burnt out and can work with their managers to proactively support their employees. This would include looking at time, assuming the organization tracks time, or more simply looking at vacation time accrued and taken.MDR provider Expel discovered that quantifying workloads creates a common language between technical teams and business leaders. According to Amy Rossi, chief people officer at Expel, the most effective solution combines data with empathy.Organizations need metrics to identify burnout risks objectively, but they also need leaders who understand the human elements at play, says Amy Rossi, chief people officer at Expel. By adapting capacity utilization formulas to track workloads, teams can turn burnout from an abstract concern into concrete data that can inform staffing, scheduling, and resource allocation decisions. This approach has revolutionized how we manage and reduce burnout across both remote and in-office settings.Omnisends Raskauskiene says HR can monitor employee sentiment and job satisfaction through surveys and by encouraging leaders to keep an eye on employees moods.Educate them how to notice early burnout signs and react appropriately, says Raskauskiene We also encourage managers to hold regular one-on-ones, where both sides can share any struggles or concerns. Ultimately, it comes down to fostering a culture of open communication and direct feedback.In addition to establishing clear work hour timeframes, Omnisend promotes emotional well-being initiatives, such as offering psychological support and funding therapy.Provitis Maxwell recommends that leadership model the right behaviors and ensure they demonstrate that taking time away from work is both encouraged and important. He also says organizational leaders should ensure managers are properly trained on spotting burnout signs and how to prevent and support employees that are showing symptoms.However, leaders need to be patient.Fran Maxwell, ProtivitiFran Maxwell, ProtivitiBe intentional and start with leaders. Clearly articulate the expected behaviors at each level within the organization and hold each other accountable for those behaviors, says Maxwell. It is important to remember that its not going to change overnight, and people need to be communicated to, at a minimum, seven different times before the change will sync in.Alzheimer's Associations Fink warns that caregiving is tough -- a juggling act that can drain a person emotionally, physically and financially.When youre constantly putting out fires for others, your own well-being often takes a backseat. Neglecting yourself hurts everyone, says Fink. Thirty to 40% of caregivers struggle with depression and emotional stress. Theyre more likely to be in poor health, which means higher healthcare costs for your company. Taking care of your caregivers just makes sense. Its an investment in your people that always pays off in the end.For WFH employees, Mike Szczesny, owner and vice president at EDCO Awards & Specialties, recommends having clear working time boundaries and promoting the need to step away from the desk for regular breaks to alleviate always-on fatigue. Also promote virtual activities that build up a sense of belonging in the team and align goals for a greater purpose.For in-office employees, organizations should shift their attitudes toward working hours and consider more flexible hybrid arrangements. They should also create work environments that make people more productive while also enabling them to relax and provide reassurance to address issues concerning being present in the office for long periods of time.He also says active internal organizational strategies for preventing burnout should include regular pulse surveys, encouraging use of mental health services, and granting employees the freedom to customize their job.People operations or talent acquisition leaders and all other leaders must act with compassion, candor and genuine appreciation of their employees actual requirements, says Szczesny. Applying bespoke solutions, encouraging collaboration and giving control to employees can improve resilience and productive behavior that is sustainable over the long term.Lisa Sterling, chief people officer at survey and people analytics company Perceptyx, says organizational leadership should be open and direct about burnout.Talking about the symptoms and signs openly demonstrates to people that its important and top of mind. Further, it is important to establish clear expectations as well as boundaries, so people know what to expect. Leaders [must] demonstrate the desired behaviors first and foremost, says Sterling. Create a space for individuals to lean on and receive support from one another. By fostering these relationships people can leverage each other and share their feelings and thoughts with one another which can lead to a culture of empathy and fostering a sense of belongingness.What Happens When Burnout Is IgnoredIgnoring burnout can be very costly to an organization, and it doesnt always take the form of quiet quitting.Ignoring burnout will eventually have costly consequences for businesses when its not dealt with, says The Center for Dynamic and Behavioral Therapys Issa. Employees who feel unsupported will disengage, leading to quiet quitting and high turnover. The best employees are often the first to leave when they feel undervalued or overworked. This can set off a vicious cycle of higher workloads and reduced morale.Instead, companies should be creating a culture of psychological safety where employees feel heard and supported.A company's negligence in fixing persistent burnout patterns will result in lower employee output, greater employee attrition and a lesser reputation for the firm as an employer, says EDCO Awards & Specialties Szczesny. Not addressing burnout during these times of vigorous competition for talent may translate to the loss of valuable employees to firms that take their health and wellbeing seriously.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Nathan Eddy, Freelance WriterMarch 24, 20255 Min ReadWavebreakmedia Ltd FUS1407 via Alamy StockCloud storage was once hailed as a cost-effective solution for businesses, but hidden fees and unpredictable costs are causing widespread financial strain.More than half of businesses globally have experienced IT or business delays due to unexpected cloud storage expenses, and 62% of organizations exceeded their cloud budgets last year, according to a report from Wasabia.As chief information officers and IT leaders reassess cloud spending, many are looking for new strategies to prevent waste, improve forecasting, and better manage their data storage policies.Soumya Gangopadhyay, technology strategist at EY, points to a lack of financial transparency and poor forecasting as key reasons why cloud costs spiral out of control. Certain issues arise when organizations dont track IT costs in a way that enables breaking out expenses to support analysis or forecasts, he says. Data egress fees, complex storage tiering, and sudden spikes in data processing all contribute to budget overruns.He cautions that without clear visibility into usage and cost structures, companies would struggle to predict expenses, leading to unforeseen financial burdens.Egress Fees, Over-Provisioning Drive Up CostsOne of the biggest financial pitfalls in cloud storage is egress fees, the costs incurred when transferring data out of a cloud providers ecosystem.Related:These fees, often overlooked in budgeting, can add up quickly and disrupt IT operations.Will Milewski, senior vice president of cloud infrastructure and operations at Hyland, notes businesses frequently underestimate the impact of egress fees. With regulatory shifts like the European Data Act prompting major providers to adjust these fees, organizations are still challenged by unanticipated usage that drives up costs, he says via email.He explains IT leaders can mitigate these impacts by consolidating data within a single ecosystem, employing intelligent tiering strategies, and utilizing data compression or deduplication techniques.Beyond egress fees, companies are also over-provisioning cloud resources, paying for storage they dont fully utilize.Many organizations, eager to embrace cloud agility, end up spending more than necessary due to a lack of integrated visibility across their data assets.Cost overruns often stem from over-provisioning, unpredictable data growth, and the complexity of managing diverse data workloads, Milewski says. By leveraging unified platforms, companies can streamline workflows, improve forecasting, and right-size storage needs.Related:The Challenge of Cloud Cost TransparencyWhile cloud providers offer cost management tools, many organizations find pricing models too complex to navigate effectively.Gangopadhyay explains some cloud providers obscure costs through complicated pricing structures, making it difficult for IT teams to plan accordingly. Not all providers offer robust tools for forecasting costs based on usage patterns, which is another factor organizations should consider when working with a cloud provider, he says.Milewski echoes this concern, pointing out that cloud providers are offering more AI-driven cost management tools, but expertise is required to use them effectively. Were seeing cloud providers introduce reserved pricing models, savings plans, and AI-driven cost dashboards, he says. However, many pricing structures remain complex, requiring organizations to build in-house expertise or partner with specialized vendors.Without dedicated cost management teams or external partners, businesses often struggle to fully optimize cloud spending.IT Leaders Take Control of Cloud CostsCIOs and IT leaders can execute several proactive measures as they look to regain control of their cloud budgets.Related:Gangopadhyay suggests implementing real-time monitoring tools, resource tagging taxonomies, and predictive analytics to improve cost forecasting. Organizations need to have a clear understanding or adherence to existing capabilities and performance -- without it, engineering workload performance can be a challenge, he says.By leveraging historical data and automating governance policies, businesses can eliminate waste and prevent unexpected cost spikes.Milewski advises companies to audit their storage policies and shift to a more strategic, tiered approach. Optimizing storage begins with aligning data policies to actual usage, he says. Prioritizing high-performance tiers for critical content while shifting less-accessed data to real solutions ensures cost efficiency without compromising performance or compliance.He also highlights automation and AI-driven insights as key tools for identifying redundancies and reducing expenses.Another crucial step is building a chargeback model that aligns IT costs with business strategy.Gangopadhyay says he believes organizations should implement chargeback mechanisms that assign storage costs to individual business units, making cloud expenses more transparent.Developing an enterprise chargeback strategy ensures that cloud spending is directly tied to business objectives, he says.By making business units accountable for their storage usage, companies can drive more responsible cloud consumption.The Future of Cloud Cost ManagementAs cloud storage pricing evolves, IT leaders must stay ahead of emerging trends to keep costs under control.Gangopadhyay says he expects increased competition among cloud providers, which could lead to more dynamic pricing models. We can expect to see more providers adopting real-time usage-based pricing and offering incentives for eco-friendly storage options, he says.Companies that embrace flexible budgeting practices and sustainable cloud solutions will be better positioned to navigate shifting cost structures.Milewski predicts that AI and automation will play a bigger role in optimizing cloud spending.The cloud storage landscape is evolving toward more dynamic, consumption-based pricing models, he says. Businesses will need to embrace FinOps practices, leveraging advanced analytics and automated tools, to adapt to these trends.FinOps, or cloud financial management, is becoming increasingly critical for organizations aiming to turn unpredictable expenses into predictable, manageable investments.Gangopadhyay stresses the key to reducing waste is aligning cloud costs with business goals.Reducing cloud expenses comes down to aligning business goals with business costs, he says. Organizations can better identify and eliminate unnecessary or redundant data by implementing automated policies, conducting regular audits, and establishing clear retention guidelines.Milewski underscores the importance of staying ahead of pricing trends and investing in cost optimization strategies.By leveraging automation, real-time monitoring, and AI-driven insights, companies can ensure that their cloud investments remain both strategic and cost-efficient.Businesses that combine modern infrastructure with intelligent cost management can empower themselves to navigate future challenges effectively, he says.About the AuthorNathan EddyFreelance WriterNathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin.See more from Nathan EddyReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorMarch 24, 20255 Min ReadTetra Images, LLC via Alamy Stock PhotoThe cloud has come a long way over the past five years. The technology has undergone a succession of radical upgrades and transformations that have surprised even many of the technology's strongest advocates.As cloud service providers and adopters move into the next half-decade, here's a look at five important ways that the cloud has advanced since 2020.1. Zero-trust architecture emergesAs organizations move more workloads to the cloud, often in response to the existential demands of a high-velocity digital economy, traditional perimeter-based security models have failed to keep pace with the dynamic, distributed nature of traditional digital architectures, says Nigel Gibbons, a director and senior advisor at cybersecurity services firm NCC Group, in an email interview. "Amid these challenges, the concept of zero trust emerged alongside the secure by design cornerstone principle, fundamentally reappraising identity, access and trust within cloud environments."Previously, security strategies relied on guarding a static network perimeter. Once inside the corporate network, users, devices, and services were often trusted by default. Zero trust, by contrast, assumes no inherent trust and evaluates each request as if it comes from an untrusted network. "In cloud settings, where applications, data, and users reside across numerous remote endpoints, zero trust ensures that each interaction is strictly verified, regardless of location or prior access," states Gibbons.Related:Gibbons observes that zero trust has also accelerated improvements in identity and access management solutions, such as multifactor authentication, single sign-on, and just-in-time access, with adaptive access policies built on continuous adaptive risk and trust assessment principles becoming standard practice.2. FinOps standardizes cloud spendingThe FinOps organization and the implementation of FinOps standards across cloud providers has been the most impactful development over the last five years, states Allen Brokken, head of customer engineering at Google, in an online interview. This has fundamentally transformed how organizations understand the business value of their cloud deployments, he states. "Standardization has enabled better comparisons between cloud providers and created a common language for technical teams, business unit owners, and CFOs to discuss cloud operations."The FinOps framework helps organizations understand exactly what they're spending, how they're spending it, and where they're spending it. "This enables better demand shaping, whether through moving workloads to spot instances or improving committed use management," Brokken says.Related:3. Public cloud adoption democratizes accessWidespread adoption of public cloud architecture has been one of the most important developments of the past five years, says Lloyd Adams, president of enterprise application software firm SAP North America.The public cloud has democratized access to technology and increased accessibility for organizations across industries that have faced intense volatility and change in the past five years, Adams observes via email. "This innovation has facilitated a new level of co-innovation and enabled new business models that allow companies to realize future opportunities with ease."Public cloud platforms offer adopters immense benefits, Adams says. "With the public cloud, businesses can scale IT infrastructure on-demand without significant upfront investment." This flexibility comes with a reduced total cost of ownership, since public cloud solutions often lead to lower costs for hardware, software and maintenance.Public cloud adopters also reap the benefit of immediate access to cutting-edge technologies, such as artificial intelligence, machine learning, and analytics. "The cloud's flexibility and speed have enhanced agility and innovation, enabling companies to experiment with new ideas and bring products to market faster," Adams says.Related:4. Security as code arrivesSecurity as code, in the form of DevSecOps, leverages a collection of cloud native technologies and methods. "This has not only shifted security into the delivery team, it allowed security to scale as an embedded consideration, rather than an external force that development and infrastructure teams feel like they need to resist or operate around/within," says Travis Runty, CTO of public cloud at Rackspace Technology, in an online interview.Security as code is an example of hyper-converging skillsets and teams, further enabling natural awareness and ownership, Runty states. "It's a great example of a technology creating velocity, changing the way teams are structured, and ultimately reducing overall business risk".Having the ability to incorporate security into core and real-time infrastructure deployments has allowed teams to leverage security as a strength, and enforce it without fail, Runty says. "This enforcement can include general security best practices, compliance considerations, protecting credentials, or other sensitive information -- even managing internal design and architectural standards."5. Serverless computing arrivesServerless computing has emerged as a key cloud innovation, helping organizations become more agile while accelerating time-to-market, minimizing infrastructure overhead, and optimizing cloud costs, says Farid Roshan, global head of AI at data and digital engineering solutions firm Altimetrik.In response to specific events, serverless platforms work to execute small, stateless code segments known as functions. "These functions simplify scaling and reduce the complexity of computing resources, which are allocated only for the functions execution duration, eliminating the need for pre-provisioned infrastructure," Roshan says in an email interview.With serverless computing, engineering teams are freed from managing servers, operating environments, and scaling mechanisms. "This allows engineers to focus on innovation, building scalable, cost-efficient applications by shifting operational overhead to cloud providers," Roshan concludes.About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

TechTarget and Informa Techs Digital Business Combine.TechTarget and InformaTechTarget and Informa Techs Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Are CIO Plans for AI and the Cloud Permanently Joined Together?Are CIO Plans for AI and the Cloud Permanently Joined Together?Will the development of these resources proceed in tandem at enterprises, or must CIOs evolve these technologies with separate strategies?Joao-Pierre S. Ruth, Senior EditorMarch 24, 2025As substantial plans to invest in AI and the cloud take shape, do CIOs at enterprises want to develop both resources together to maximize the potential they offer? Is it necessary for them to operate on dual or shared paths of evolution for these technologies to deliver? Should they favor one technologys use and deployment over the other?Leadership at enterprises may have hard choices to make on the resources they put toward their technology implementations. What if a CIO is caught in a circumstance where they only have the means -- whether it is a constraint on personnel, time, or money -- to truly invest in cloud or AI, but not both? Where should they put in their energies?Luiz Domingos, CTO for Mitel; Jon Kuhn, senior vice president of product for Delinea; Anshu Jain, co-founder and CTO with Outmarket AI; and Steve Williams, CISO, NTT DATA, tackled that and other questions in this episode of DOS Wont Hunt.Where does the conversation start in the C-suite on how to balance the development and investment into the cloud and AI? What is at stake if CIOs cannot steer the IT strategy to support cloud and AI? How far behind could a company fall if they dont pursue both technologies vigorously?Listen to the full episode here.About the AuthorJoao-Pierre S. RuthSenior EditorJoao-Pierre S. Ruth covers tech policy, including ethics, privacy, legislation, and risk; fintech; code strategy; and cloud & edge computing for InformationWeek. He has been a journalist for more than 25 years, reporting on business and technology first in New Jersey, then covering the New York tech startup community, and later as a freelancer for such outlets as TheStreet, Investopedia, and Street Fight.See more from Joao-Pierre S. RuthReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Kathryn Murphy, Senior Vice President of Product, TwilioMarch 21, 20254 Min Readhirun laowisit via Alamy StockTrust is the foundation of any relationship, whether between individuals or between businesses and their customers. Philosopher Friedrich Nietzsche once said, Im not upset that you lied to me, Im upset that from now on, I cant believe you.While his words may evoke thoughts of interpersonal relationships, they resonate equally in the business world, where trust in technology plays an increasingly vital role.The rise of conversational AI -- spanning chatbots and LLM-powered virtual agents -- is reimagining how people interact with businesses. This isnt just a fleeting trend; its a transformative shift. The market, valued at $5.8 billion in 2023, is projected to soar to $31.9 billion by 2028, according to IDC. That growth underscores the pivotal role this technology will play in redefining customer engagement for every business.But heres the catch: Trust is everything. One poor interaction can unravel months of goodwill, sowing seeds of doubt and eroding confidence. As Nietzsche cautioned, a single misstep can resonate deeply, and businesses can ill afford to lose the faith of their customers.The secondary challenge -- and what many businesses learned over the course of last year -- is that scaling a flashy conversational AI demo to meet the needs of a live customer environment is far from easy.Related:Below are some actionable tips for businesses to effectively build trust with their conversational AI customer engagement.Establish Clear, Customer-Centric GoalsWhen deploying conversational AI, even small missteps can lead to significant consequences, tarnishing a brands reputation and eroding customer trust. A strong foundation when implementing any AI solution begins with clear goal setting. Before rolling out their initiatives, businesses must prioritize the customer and recognize that AI is just a tool for enhancing their experience, rather than a solution in itself.Identify Potential Pain PointsOne of the most frequent sources of customer frustration lies in poor human-to-AI handoffs in conversational AI situations. When escalations lead to a loss of context or require customers to repeat information, their experience can quickly sour. To avoid this, businesses should establish clear protocols for transitioning conversations to live agents, ensuring all relevant information is seamlessly carried over. Without this, frustrations may escalate into doubts about the reliability of the service, jeopardizing trust altogether.Continuously Monitor to Improve ExperiencesRelated:Equally important is the practice of ongoing monitoring and optimization. By consistently collecting feedback, organizations can refine their conversational AI implementation, improving results and growing customer satisfaction. These efforts signal a commitment to continuous improvement, a cornerstone of building and maintaining trust.Feedback loops play a vital role in enhancing large language model (LLM) performance over time. Actively building and testing these loops, alongside robust escalation workflows, ensures customer concerns are addressed. A common misstep that organizations make is deploying AI systems that lack empathetic conversation management. Integrating AI-driven sentiment analysis can bridge this gap, allowing models to guide interactions with greater sensitivity.Minimize Bias Through PersonalizationTo provide a positive customer experience -- one that increases engagement and brand affinity -- businesses also need to ensure conversational AI solutions deliver consistent, unbiased and personalized support. With increasing levels of scrutiny paid to large language models and how information is culled, bias can be minimized by leveraging a customer data platform with unified profiles for a personalized experience.Related:For example, bias may surface if an AI agent provides differing responses based on perceived gender or cultural background, such as assuming certain tasks or preferences are linked to one gender. Regular audits are essential to identify and mitigate such issues, especially when this technology is still in its early stages. Adopting a test and learn approach can further refine these systems and create more authentic and human-like interactions.Lead With TransparencyTransparency is another cornerstone of building trust. Customers should always know when they are engaging with an AI agent. Clearly labeling these interactions not only prevents confusion but also aligns with ethical best practices, reinforcing the integrity of the customer experience.Should an organization fall victim to a scenario where AI systems fail to meet customer expectations, honesty is the best policy. Be truthful about the limitations or errors of AI and provide quick resolutions through escalation to live agents. Nobody wants to dramatically scream REPRESENTATIVE!!! to themselves and into the ether when looking for a solution to their concerns.Closing ThoughtsTrust, once broken, is challenging to regain. As Nietzsche reminds us, the erosion of trust leaves behind doubt, making it harder to rebuild relationships. For conversational AI, this means every interaction is an opportunity to strengthen -- or weaken -- customer confidence. By avoiding common pitfalls, prioritizing transparency, and continuously optimizing AI systems, businesses can build lasting trust and foster meaningful customer relationships.The call to action is clear: Businesses should begin by auditing their current conversational AI solutions, identifying gaps in trust-building measures, and implementing best practices that foster confidence and engagement from the very first interaction.About the AuthorKathryn MurphySenior Vice President of Product, TwilioKathryn Murphy has over 20 years of experience in product management, design and engineering with a deep domain in retail, commerce, payments, customer data platforms and multi-channel marketing. Kathryns focus has always been on using technology to improve the customer experience. As the SVP of Product and Design at Twilio, she leads the team focused on accelerating Twilios communications and data capabilities.See more from Kathryn MurphyReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

The boom in AI has virtually eclipsed technologies like augmented reality (AR) and virtual reality (VR). Nevertheless, there are still good reasons to keep AR and VR on the IT strategic roadmap.AR is so named because it can embellish the physical world with digital artifacts. VR goes one step further by immersing participants in an alternate world of virtual experience.There are a number of AR/VR use cases that are working in business.The retail and real estate industries use AR and VR technologies to give customers a preview of how a household item would look in their home. It also can give would-be buyers a virtual walkthrough of a vacation home that they are considering purchasing that is thousands of miles away.Building engineers and inspectors use AR with the help of special glasses that display blueprints of electrical wiring that they can superimpose upon a finished wall in a structure; the military uses VR to simulate battlefield scenes for trainees; and baseball players use AR/VR to improve the mechanics of their swings.The CIOs Position on AR/VR TodayFor CIOs, AR/VR is taking a backseat to artificial intelligence, which Statista sees as exceeding $1.8 trillion in business investment by 2030. Consequently, there is little left in most IT budgets for anything else.Related:CIOs also know that most AR/VR investments cant be done on the cheap. AR/ VR implementations often require significant customization to achieve the right fit for specific business cases, and they can require expensive investments in headgear, workstations and other hardware.Finally, its not always easy to justify an AR/VR investment. While an AR/VR investment might be close to mandatory when the military is training personnel to disarm bombs on a battlefield, its not that easy to justify AR/VR simulations for more mundane use cases.Collectively, these circumstances have put AR/VR on the IT back burner, but it doesnt mean that they dont deserve a spot on IT's strategic roadmap.Where AR and VR Could Play in a BusinessAdecco, a corporate recruiter, reported in 2023 that 92% of executives think that American workers aren't as skilled as they need to be. And the World Economic Forum expects that 39% of skills will be outdated by 2030. At the same time, younger employees entering the workforce are less likely to learn by reading manuals, and more likely to further their learning through AR, VR and other visual technologies.This makes workforce education a prime area for AR/VR utilization. In addition, many of the skills that must be learned by employees across a wide swath of industries are somewhat generic (for example, the basics of lending for a financial institution, or the fundamentals of waste management and collection for sanitation workers). So, it is possible that more generic and cost-effective AR/VR offerings can be used without much need for company-specific customization.Related:Schools are already integrating AR/VRinto their curricula, and there is no reason that companies cant do the same to help address their employee skills shortages.Another AR/VR use case that has been used successfully is in retail sales where AR/VR can simulate product experiences in a virtual environment. With AR/VR, a prospect can experience what a trip to Belize would be like or do a visual walkthrough of a beach home in Miami. A customer can try on a sweater virtually, or they can see how a new dining room table looks like in their home.All these examples are already in play and generating revenue in e-commerce markets, where it is important for customers to experience what it would be like to own or experience something that they cant physically see or touch. The value proposition for using AR/VR in retail is further sweetened because companies dont have to invest in special hardware. Instead, customers can use the AR/VR on regular home computers and mobile devices.Related:New product development is one more area where companies are adopting AR/VR. Constructing physical prototypes of new products that may not work is expensive and time-consuming. If new product designs and simulations can be generated with 3D modeling and AR/VR, the technology investment may be worth it.AR/VR TrendsLooking forward, it is reasonable to expect that AR/VR use will expand in the areas where it is already gaining a footing: education/training, retail sales and product development.Also, there are three AR/VR trends that CIOs should note:Cloud-based AR/VR. A user can put on a wireless headset and use AR/VR from the cloud if the computing requirements for the app arent overly intensive. Education and training AR/VR in most cases would work in this scenario, although there might be a need to invest in more bandwidth.Better ergonomic experiences for users. AR/VR headgear is clunky and uncomfortable. Vendors know this and are at work at creating more wearable and tetherless headsets that deliver a better ergonomic experience to users. That lighter, more agile hardware could also lead to lower costs.A focus on security and governance. AR/VR vendors havent paid much attention to security and governance in the past, but they will in the future because enterprise customers will demand it, and the enterprise market is too big to ignore.Wrap-UpWhile AR/VR technology isnt front-and-center in technology discussions today, it could emerge in the future as a way for companies to streamline education and training, improve new product development and times to market, grow retail revenues, and even simulate scenarios. For example, it could be used for a disaster recovery operational failover in a simulated scenario.AR/VR are not todays hot technologies, but they should nonetheless be listed in IT strategic plans, because they are logical extensions of more corporate virtualization. Plus, they can address several of the persistent pain points that companies continue to grapple with.

John Edwards, Technology Journalist & AuthorMarch 21, 20256 Min Readtanit boonruen via Alamy Stock PhotoJust about everybody agrees that AI is an essential business tool. This means that it's now time to give the technology the status it deserves by creating a business unit that's completely dedicated to deploying innovative AI applications across the enterprise.An AI innovation unit serves as an organizational hub for designing and deploying AI solutions, as a catalyst for adopting and integrating of AI, and as a focal point for AI business exploration and experimentation, says Paul McDonagh-Smith, a senior lecturer in information technology and executive education at the MIT Sloan School of Management. "By spinning-up an AI innovation unit, your company can accelerate its digital transformation, sustain competitiveness, and create a culture of innovation," he explains in an online interview.McDonagh-Smith believes that an AI innovation unit can help convert the AI's potential into enhanced product offerings and customer experiences, unlocking new revenue streams and creating a competitive advantage. "Your AI innovation unit will also provide a space and a place to combine AI research and responsible application of AI to help you minimize risks while maximizing benefits."Mission GoalsAn AI innovation unit's mission should be to coordinate, plan, and prioritize efforts across the enterprise, says Steven Hall, chief AI officer at technology research and advisory firm ISG. "This can include ensuring the right data assets are used to train models and that proper guardrails are established to manage risks," he recommends in an email interview. Hall adds that unit leaders should also work toward keeping relevant individuals in the loop while prioritizing use cases and experiments.Related:An AI innovation unit should always support sustainable and strategic organizational growth through the ethical and impactful application and integration of AI, McDonagh-Smith says. "Achieving this mission involves identifying and deploying AI technologies to solve complex and simple business problems, improving efficiency, cultivating innovation, and creating measurable new organizational value."A successful unit, McDonagh-Smith states, prioritizes aligning AI initiatives with the enterprise's long-term vision, ensuring transparency, fairness, and accountability in its AI applications. "An effective AI innovation unit also increases the flow of AI-enhanced policies, processes, and products through existing and emerging organizational networks."Carolyn Nash, chief operations officer for open-source software products provider Red Hat, says her firm recently established an AI innovation unit when enterprise leaders recognized that AI had become a top IT strategy priority. "This newly-formed team is now focusing on putting the appropriate infrastructure foundations in place for AI to be developed at scale, and in a cost-efficient manner," she explains in an online interview. Part of that work, Nash notes, includes identifying and creating productivity use cases.Related:Leadership RequirementsAn AI innovation unit leader is foremost a business leader and visionary, responsible for helping the enterprise embrace and effectively use AI in an ethical and responsible manner, Hall says. "The leader needs to understand the risk and concerns, but also AI governance and frameworks." He adds that the leader should also be realistic and inspiring, with an understanding of the hype curve and the technology's potential.The unit should be led by a chief AI officer (CAIO), or an equivalent senior executive with expertise in both AI technology and strategic business management, McDonagh-Smith advises. "While this leader possesses a strong understanding of data science, machine learning, and innovation strategy. alongside finely-tuned leadership skills, this individual also needs to be adept at bridging technical and non-technical teams to ensure AI that initiatives are practical, scalable, and personalized to business goals."Related:Team BuildingMcDonagh-Smith recommends staffing the AI unit with a multidisciplinary team that combines the capabilities of data scientists, machine learning engineers, and software engineers, as well as AI ethicists, HR experts, UX /UI designers, and change management specialists. "This will provide the diversity of perspective and expertise necessary to fuel and drive your AI innovation unit forward."Nash observes that there will also be times when it becomes necessary to seek advice and support from other enterprise stakeholders, particularly when collaborating on projects with elements that lie beyond the main team's skills and knowledge. She adds that the unit should focus on addressing existing business issues, not seeking new problems to solve. "Proactively capturing requirements from strategic leaders across the business -- HR, marketing, finance, products, legal, sales -- is critical to ensuring the AI unit is correctly focused."ReportingMcDonagh-Smith recommends that the AI innovation unit's leader should report directly to the enterprise C-suite, ideally to the CEO or chief digital officer (CDO). "This reporting structure ensures that AI initiatives remain a visible strategic priority and are seamlessly integrated with broader business goals," he says. "It also allows for clear communication between the unit and top-level leadership, helping to secure the necessary support for scaling successful AI-forward projects across the organization."A Collaborative CultureAn AI innovation unit requires a collaborative culture that bridges silos within the organization and commits to continuous reflection and learning, McDonagh-Smith says. "The unit needs to establish practical partnerships with academic institutions, tech startups, and AI thought leadership groups to create flows of innovation, intelligence, and business insights."McDonagh-Smith believes that the unit should be complemented by a strong governance framework that will allow it to manage AI risks, uphold ethical standards, and ensure AI deployments that align with enterprise values and societal responsibilities. "By introducing regular impact assessments and transparent reporting on AI initiatives, you'll build trust both internally and externally ... and establish your team as a leader in evolving business practices."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

SECON & eGISEC 2025 is underway, showcasing a large and diverse array of both physical and cybersecurity innovations and products. While there is a comprehensive display of advancements in traditional physical security measures and cybersecurity products, its the integration in the converged security realm thats arguably gaining the most attention, particularly in critical sectors. By all accounts, the depth of information in the latest security developments at the exhibition is complemented by the width of diversity in products and innovations.In particular, we plan to focus on AI-driven privacy protection, enhancing security in cloud environments, and the latest trends in pseudonymization and anonymization technologies. Additionally, understanding how privacy protection solutions are applied across various industries is a key objective, as real-world case studies provide valuable practical insights, said Lee Hyejun, Associate at EASYCERTI, a provider of AI, big data, and cloud-based privacy protection and privacy data solutions and an exhibitor at the event.Beyond its booth at the exhibition, EASYCERTIs Senior Researcher, Seunghoon Yeom will be delivering presentations at the conference within. The first, on March 20th is on the topic of latest trends and countermeasures in privacy protection. The second presentation is on the following day and covers standards pertaining to securing personal information and verification processes.Related:There are over 400 exhibitors taking part in the exhibition and the displays are enticing and informative. The variety of security issues addressed by this years new product offerings cover the gamut of known vulnerabilities with no previously known countermeasures.There are no known solutions to prevent paper document leaks around the world. Through exhibitions like this, we hope to show people that such a solution exists and the increasing number of companies and organizations are using our solution: docuBLOCK, said Myungshin Lee, CEO of ANYSELL Co., Ltd. and an exhibitor at the event.The event spreads over 28,000 m of space and is expecting more than 30,000 visitors from around the world. The products and innovations on display cover the gamut of security sectors including edge devices with on-device AI, converged security, cloud and IoT security, smart city security, automotive security, and maritime security, among others.One of the key solutions we will be presenting at SECON & eGISEC 2025 is real-time log and file encryption. This technology encrypts data the moment it is generated making it essential for industries such as finance, public sector and medical fields where both security and real-time processing are critical, said Haeun JI at iNeb Inc, a provider of encryption and data security and an exhibitor.Related:A comprehensive conference and seminar program is happening inside of SECON & eGISEC 2025. The program was developed in collaboration with prominent institutions and industry leaders. It features over 100 sessions across 30+ tracks. Attendees can join discussions on critical topics such as industrial security, advanced CCTV management, aviation protection, counterterrorism tactics, personal data privacy, and other pressing security concerns.This years key security issues featured at the exhibition include:Edge devices with on-device AI (local AI)Convergence of cybersecurity and physical securityEvolving zero-trust security modelIntensifying software supply chain security threatsCyber fraud as a service (Qshing)Cybercrime targeting youth and social media restrictionsConcerns on whether cloud security platforms and cloud service platforms can continue to coexist independentlyHidden risks in old "new" technologiesRelated:Event organizers cited as examples of hidden risks: Cloud services have suffered from human errors, leading to unintended data leaks. Similarly, ChatGPT has raised serious concerns, as users often unintentionally expose sensitive information through interactions with the AI. These risks have prompted ChatGPT bans in several countries.However, risks are growing in other areas, too, even across entire industries. For example, the financial industry is intensely attractive to thieves and fraudsters.YH Database Co., Ltd. has introduced newly released products to buyers every year since 2013, mainly introducing financial security and informatization solutions.This year, the company is showcasing AI-specialized products, including y-SmartChat, y-SmartData, and y-MobileMonitorSDK3.0, said Kim JungWon, senior executive director of YH Database.For example, y-SmartData can be used not only as an abnormal transaction detection system, FDS, that can prevent financial accidents through voice phishing and fake bank accounts, but also as an internal audit control system, ADS, that can detect and prevent illegal money laundering, and AML, a money laundering prevention system, that can detect and prevent illegal money laundering, Kim added.Attendees appear universally eager to check out possible solutions for these and the other top security issues of the day. Exhibitors are just as eager to demonstrate their technological breakthroughs and checkout the competition.Aircode expects many customers to look for an alternative solution in response to the relaxation of network separation regulations, said Yunsang Kim, presales vice president at Aircode, and also an exhibitor at the event.AirCode will be launching a browser-based virtualized web isolation product (AirRBI) that we believe is competitive in terms of functionality and efficiency compared to other solutions. And also, Aircode want to check and learn what web isolation solutions are available on the market and what features they have, added Yunsang. Aircode is also presenting a talk on Secure Web Browsing inNetwork-Separated Environments at the conference program within the exhibition.It can be difficult to choose which exhibits to visit and which presentations and keynotes to attend. Thats because there is such diversity in security topics and products.At SECON & eGISEC 2025, AhnLAb will showcase its latest security solutions built upon 30 years of comprehensive security expertise. Additionally, we are hosting booths for our subsidiaries -- NAONWORKS, Jason, and AhnLab CloudMate -- where participants can explore each companys specialized technologies in OT/ICS (industrial control system), AI, and MSP (managed service provider), as well as their synergy with AhnLab, said Junghyun Kim, Marketing Director at AhnLab, Inc. and an exhibitor at the event.The exhibition runs from March 19 to 21 and is held at Hall 3-5 in Kintex, Korea.

Attribution can be a tricky process. In the case of a DDoS attack, threat actors often employ botnets to direct a high volume of traffic to a target, overwhelming that network and disrupting its service.After outages at Xcaused allegedly by a DDoS attack, plenty of people asked who was responsible. Elon Musk cast blame on Ukraine, Politico reports. Cybersecurity experts pushed back against that assertion. Meanwhile, Dark Storm, a pro-Palestinian group, claimed responsibility, further muddling attempts at attribution.A botnet is generally a network of compromised computers. In essence, they [a victim] are being hit from different IP addresses, different systems. So, you really can't actually pinpoint that it came from this specific location, which makes it difficult to identify root cause, explains Vishal Grover, CIO at apexanalytix, a supplier onboarding, risk management, and recovery solutions company.How should CIOs and CISOs be thinking about attribution and their own approach when they are faced with navigating the aftermath of a cyberattack?Vishal GroverVishal GroverThe Importance of AttributionAttribution is important. But it isnt necessarily the first priority during incident response.The concern that I probably would have as a CISO is addressing the vulnerability that allowed them in the door in the first place, says Randolph Barr, CISO atCequence Security, an API and bot management company.Related:Once an incident response team addresses the vulnerability and ensures threat actors arent lingering in any systems, they can dig into attribution. Who executed the attack? What was the motivation? Getting the answers to those questions can help security teams mitigate the risk of future attacks from the same group or other groups that leverage similar tactics.Of course the larger the company and the more widespread the disruption, the louder the calls for attribution tend to be. When you have a large organization like X, there's going to be a lot of people asking questions. When other folks get involved, then attribution becomes important, says Barr.For smaller organizations, attribution may be a lower priority as they leverage more limited resources to work through remediation first.How to Tackle AttributionIn some cases, attribution may be quite simple. For example, a ransomware gang is likely to be forthright about their identity and their financial motivations.But threat actors that step into the limelight arent always the true culprits. Sometimes people claim publicly that they did it, but you can't really necessarily confirm that they actually did it. They just may want the eyes on them, Barr points out.Related:Attribution tends to be a complicated process that takes a significant amount of time and resources: both technical tools and threat intelligence. Whether done internally or with the help of outside experts, the attribution process typically culminates in a report that details the attack and names the responsible party, with varying degrees of confidence.Sometimes you might not get a definitive answer. There are times when you won't be able to determine the root cause, says Grover.Attribution and Information SharingAttribution can help an individual enterprise shore up its security posture and incident response plan, but it also has value to the wider security community.That's one of the primary reasons that you go and attend a security conference or security meeting. You definitely want to share your experiences, learn from their experiences, and understand everybody's perspective, says Grover.Threat intelligence and security teams can collaborate with one another and share information about the groups that target their organizations. Threat intel teams might also pick up information about planned attacks on the dark web. Sharing that information with potential targets is valuable.Related:We build those relationships so that we know that we can trust each other to say, Hey, if our name comes up, please let us know, says Barr.Not all companies have a culture that facilities that kind of information sharing. Cyberattacks come with a lot of baggage. Theres liability to worry about. Brand damage. Lost revenue. And just plain embarrassment. Any one of those factors, or a combination thereof, could push enterprises to err on the side of silence.We're still trying to figure out, as security professionals, what is it that would allow for us to have that conversation with other security professionals and not worry about exposing the business, says Barr.