FEATURE : 2025 CIOS ’ PRIORITY
transformation is accelerating , and providing business stakeholders with a simplified onramp to reach their digital outcomes will enable better agility in navigating the changes . Establishing strong data governance will help ensure compliance and ethical data usage . In line with increasing sustainability goals , CIOs should adopt energyefficient technologies and prioritize green IT initiatives , including tracking and reducing carbon footprints and responsibly managing e-waste . While it may seem negligible , every little bit helps .
Empowering and embracing hybrid work requires a secure and flexible digital workspace strategy prioritizing productivity and employee experience . CIOs should invest in cloud optimization ( public and private ), embracing cloud-native architectures while adopting multi-cloud and hybrid strategies to maintain flexibility . Implementing FinOps practices will be critical to managing costs and maximizing cloud investments . Addressing talent gaps is another pressing issue . CIOs should focus on modernizing internal applications and infrastructure while upskilling in areas like AI , cybersecurity , platform engineering , and automation . Encouraging remote and hybrid work environments and fostering a collaborative , adaptive culture will further enhance their ability to execute and adapt to business and customer needs .
CIOs should consider creating composable and modular IT architectures as part of their modernization initiatives , allowing for rapid adaptation to changing business threats and requirements . This approach includes leveraging service-level abstractions , APIfirst strategies , and low-code platforms to build and reassemble digital services efficiently . Lastly , preparing for the advent of quantum computing is essential . CIOs should explore quantum-safe cryptography and pilot projects to stay ahead of potential disruptions .
Charles Crouchman , Chief Product Officer , Redwood Software
Treating AI as a Solution in Search of a Problem :
Many IT teams will continue to view AI as a standalone solution that can operate independently , without embedding it directly into business processes . They may overlook critical questions like , “ What business problems do I have ?” Instead of leveraging AI as a “ co-pilot ” to assist , IT teams might isolate it , focusing on its novelty rather than its practical applications for business goals . This oversight can lead to wasted resources on initiatives that don ’ t align with organizational needs and discourage the adoption and efficiency of process automation .
Fostering Islands of Automation : As organizations advance in their modernization and digitization journeys , they often find their existing automation platforms inadequate for modern applications like SaaS and cloud-native solutions , leading them to purchase new automation solutions without retiring the old ones . Over time , this results in a patchwork of disparate systems , driving up labor costs as employees require training on multiple tools and increasing error rates due to the lack of seamless connections among shared business processes . Ultimately , this prevents organizations from adopting a comprehensive platform capable of building automation fabrics and managing legacy , current and emerging systems .”
Brad Jones , CISO and VP of Information Security , Snowflake .
Generative AI takes centre stage as businesses ’ personal security experts .
While there is a lot of talk about the potential security risks introduced through generative AI , and for good reason , there are real and beneficial applications already happening today that people neglect to mention . As AI tools become more versatile and more accurate , security assistants will become a significant part of the SOC , easing the perennial manpower shortage . The benefit of AI will be to summarise incidents at a higher level – rather than an alert that requires analysts to go through all the logs to connect the dots , they ’ ll get a high-level summary that makes sense to a human , and is actionable .
Of course , we must keep in mind that these opportunities are within a very tight context and scope . We must ensure that these AI tools are trained on an organisation ’ s policies , standards , and certifications . When done so appropriately , they can be highly effective in helping security teams with routine tasks . If organisations haven ’ t taken note of this already , they ’ ll be hearing it from their security teams soon enough as they look to alleviate workloads for understaffed departments .
AI models themselves are the next focus of AI-centred attacks .
Last year , there was a lot of talk about cybersecurity attacks at the container layer – the less-secured developer playgrounds . Now , attackers are moving up a layer to the machine learning infrastructure . I predict that we ’ ll start seeing patterns like attackers injecting themselves into different parts of the pipeline so that AI models provide incorrect answers , or even worse , reveal the information and data from which it was trained . There are real concerns in cybersecurity around threat actors poisoning large language models with vulnerabilities that can later be exploited .
Although AI will bring new attack vectors and defensive techniques , the cybersecurity field will rise to the occasion , as it always does . Organisations must establish a rigorous , formal approach to how advanced AI is operationalised . The tech may be new , but the basic concerns – data loss , reputational risk and legal liability – are well understood and the risks will be addressed .
Concerns about data exposure through AI are overblown .
People putting proprietary data into large language models to answer questions or help compose an email pose no greater risk than someone using Google or filling out a support form . From a data loss perspective , harnessing AI isn ’ t necessarily a new and differentiated threat . At the end of the day , it ’ s a risk created by human users where they take data not meant for public consumption and put it into public tools .
This doesn ’ t mean that organisations shouldn ’ t be concerned . It ’ s increasingly a shadow IT issue , and organisations will need to ratchet up monitoring for unapproved use of generative AI technology to protect against leakage . p
38 INTELLIGENTCIO LATAM www . intelligentcio . com